Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/tls: clients can panic when provided a certificate of the wrong type for the negotiated parameters (CVE-2021-34558) #47143

Closed
FiloSottile opened this issue Jul 12, 2021 · 5 comments
Closed

crypto/tls: clients can panic when provided a certificate of the wrong type for the negotiated parameters (CVE-2021-34558) #47143

FiloSottile opened this issue Jul 12, 2021 · 5 comments
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done. release-blocker Security
Milestone
Go1.17

Comments

@FiloSottile
Copy link
Contributor

FiloSottile commented Jul 12, 2021
edited by dmitshur
Loading

crypto/tls clients can panic when provided a certificate of the wrong type for the negotiated parameters. net/http clients performing HTTPS requests are also affected. The panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0–1.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.

Thanks to Imre Rad for reporting this issue.
This issue is CVE-2021-34558.
@FiloSottile FiloSottile added Security NeedsFix The path to resolution is known, but the work has not been done. release-blocker labels Jul 12, 2021
@FiloSottile FiloSottile added this to the Go1.17 milestone Jul 12, 2021
@FiloSottile
Copy link
Contributor Author

@gopherbot please file backport issues for this security fix.

@gopherbot gopherbot mentioned this issue Jul 12, 2021
Closed
@gopherbot
Copy link
Contributor

Backport issue(s) opened: #47144 (for 1.15), #47145 (for 1.16).

Remember to create the cherry-pick CL(s) as soon as the patch is submitted to master, according to https://golang.org/wiki/MinorReleases.

@gopherbot gopherbot mentioned this issue Jul 12, 2021
Closed
@gopherbot
Copy link
Contributor

Change https://golang.org/cl/334030 mentions this issue: [release-branch.go1.15] crypto/tls: test key type when casting

@gopherbot
Copy link
Contributor

Change https://golang.org/cl/334029 mentions this issue: [release-branch.go1.16] crypto/tls: test key type when casting

@gopherbot
Copy link
Contributor

Change https://golang.org/cl/334031 mentions this issue: crypto/tls: test key type when casting

gopherbot pushed a commit that referenced this issue Jul 12, 2021
@rolandshoemaker @dmitshur
[release-branch.go1.15] crypto/tls: test key type when casting
c77980b 
When casting the certificate public key in generateClientKeyExchange,
check the type is appropriate. This prevents a panic when a server
agrees to a RSA based key exchange, but then sends an ECDSA (or
other) certificate.

Updates #47143
Fixes #47144
Fixes CVE-2021-34558

Thanks to Imre Rad for reporting this issue.

Change-Id: Iabccacca6052769a605cccefa1216a9f7b7f6aea
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1116723
Reviewed-by: Filippo Valsorda <[email protected]>
Reviewed-by: Katie Hockman <[email protected]>
Reviewed-on: https://go-review.googlesource.com/c/go/+/334030
Trust: Filippo Valsorda <[email protected]>
Run-TryBot: Filippo Valsorda <[email protected]>
Reviewed-by: Dmitri Shuralyov <[email protected]>
gopherbot pushed a commit that referenced this issue Jul 12, 2021
@rolandshoemaker @dmitshur
[release-branch.go1.16] crypto/tls: test key type when casting
58bc454 
When casting the certificate public key in generateClientKeyExchange,
check the type is appropriate. This prevents a panic when a server
agrees to a RSA based key exchange, but then sends an ECDSA (or
other) certificate.

Updates #47143
Fixes #47145
Fixes CVE-2021-34558

Thanks to Imre Rad for reporting this issue.

Change-Id: Iabccacca6052769a605cccefa1216a9f7b7f6aea
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1116723
Reviewed-by: Filippo Valsorda <[email protected]>
Reviewed-by: Katie Hockman <[email protected]>
Reviewed-on: https://go-review.googlesource.com/c/go/+/334029
Trust: Filippo Valsorda <[email protected]>
Run-TryBot: Filippo Valsorda <[email protected]>
Reviewed-by: Dmitri Shuralyov <[email protected]>
TryBot-Result: Go Bot <[email protected]>
@dmitshur dmitshur changed the title security: fix CVE-2021-34558 crypto/tls: clients can panic when provided a certificate of the wrong type for the negotiated parameters (CVE-2021-34558) Jul 12, 2021
@simonswine simonswine mentioned this issue Jul 13, 2021
Merged
simonswine added a commit to simonswine/cortex that referenced this issue Jul 13, 2021
@simonswine
Update go version in build image to 1.16.6
178ab0c 
This addresses CVE-2021-34558.

golang/go#47143

Signed-off-by: Christian Simon <[email protected]>
pracucci added a commit to cortexproject/cortex that referenced this issue Jul 13, 2021
@simonswine @pracucci
Update go version in build image to 1.16.6 (#4362)
e49102c 
* Update go version in build image to 1.16.6

This addresses CVE-2021-34558.

golang/go#47143

Signed-off-by: Christian Simon <[email protected]>

* Update build image and golang version in CI

Signed-off-by: Marco Pracucci <[email protected]>

* Update LATEST_BUILD_IMAGE_TAG in makefile

Signed-off-by: Christian Simon <[email protected]>

Co-authored-by: Marco Pracucci <[email protected]>
tomwilkie pushed a commit to grafana/mimir that referenced this issue Jul 13, 2021
@simonswine @pracucci
Update go version in build image to 1.16.6 (#4362)
e2dbdb5 
* Update go version in build image to 1.16.6

This addresses CVE-2021-34558.

golang/go#47143

Signed-off-by: Christian Simon <[email protected]>

* Update build image and golang version in CI

Signed-off-by: Marco Pracucci <[email protected]>

* Update LATEST_BUILD_IMAGE_TAG in makefile

Signed-off-by: Christian Simon <[email protected]>

Co-authored-by: Marco Pracucci <[email protected]>
Former-commit-id: e49102c
alvinlin123 pushed a commit to ac1214/cortex that referenced this issue Jan 14, 2022
@simonswine @pracucci @alvinlin123
Update go version in build image to 1.16.6 (cortexproject#4362)
f1f3642 
* Update go version in build image to 1.16.6

This addresses CVE-2021-34558.

golang/go#47143

Signed-off-by: Christian Simon <[email protected]>

* Update build image and golang version in CI

Signed-off-by: Marco Pracucci <[email protected]>

* Update LATEST_BUILD_IMAGE_TAG in makefile

Signed-off-by: Christian Simon <[email protected]>

Co-authored-by: Marco Pracucci <[email protected]>
Signed-off-by: Alvin Lin <[email protected]>
@golang golang locked and limited conversation to collaborators Jul 12, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done. release-blocker Security
Projects
None yet
Milestone
Go1.17
Development

No branches or pull requests
2 participants
@FiloSottile @gopherbot