Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/tls: clients can panic when provided a certificate of the wrong type for the negotiated parameters (CVE-2021-34558) #47143

Closed
FiloSottile opened this issue Jul 12, 2021 · 5 comments

Comments

@FiloSottile
Copy link
Contributor

@FiloSottile FiloSottile commented Jul 12, 2021

crypto/tls clients can panic when provided a certificate of the wrong type for the negotiated parameters. net/http clients performing HTTPS requests are also affected. The panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0–1.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.

Thanks to Imre Rad for reporting this issue.
This issue is CVE-2021-34558.

@FiloSottile
Copy link
Contributor Author

@FiloSottile FiloSottile commented Jul 12, 2021

@gopherbot please file backport issues for this security fix.

@gopherbot
Copy link

@gopherbot gopherbot commented Jul 12, 2021

Backport issue(s) opened: #47144 (for 1.15), #47145 (for 1.16).

Remember to create the cherry-pick CL(s) as soon as the patch is submitted to master, according to https://golang.org/wiki/MinorReleases.

@gopherbot
Copy link

@gopherbot gopherbot commented Jul 12, 2021

Change https://golang.org/cl/334030 mentions this issue: [release-branch.go1.15] crypto/tls: test key type when casting

@gopherbot
Copy link

@gopherbot gopherbot commented Jul 12, 2021

Change https://golang.org/cl/334029 mentions this issue: [release-branch.go1.16] crypto/tls: test key type when casting

@gopherbot
Copy link

@gopherbot gopherbot commented Jul 12, 2021

Change https://golang.org/cl/334031 mentions this issue: crypto/tls: test key type when casting

gopherbot pushed a commit that referenced this issue Jul 12, 2021
When casting the certificate public key in generateClientKeyExchange,
check the type is appropriate. This prevents a panic when a server
agrees to a RSA based key exchange, but then sends an ECDSA (or
other) certificate.

Updates #47143
Fixes #47144
Fixes CVE-2021-34558

Thanks to Imre Rad for reporting this issue.

Change-Id: Iabccacca6052769a605cccefa1216a9f7b7f6aea
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1116723
Reviewed-by: Filippo Valsorda <valsorda@google.com>
Reviewed-by: Katie Hockman <katiehockman@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/334030
Trust: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
gopherbot pushed a commit that referenced this issue Jul 12, 2021
When casting the certificate public key in generateClientKeyExchange,
check the type is appropriate. This prevents a panic when a server
agrees to a RSA based key exchange, but then sends an ECDSA (or
other) certificate.

Updates #47143
Fixes #47145
Fixes CVE-2021-34558

Thanks to Imre Rad for reporting this issue.

Change-Id: Iabccacca6052769a605cccefa1216a9f7b7f6aea
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1116723
Reviewed-by: Filippo Valsorda <valsorda@google.com>
Reviewed-by: Katie Hockman <katiehockman@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/334029
Trust: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
@gopherbot gopherbot closed this in a985897 Jul 12, 2021
@dmitshur dmitshur changed the title security: fix CVE-2021-34558 crypto/tls: clients can panic when provided a certificate of the wrong type for the negotiated parameters (CVE-2021-34558) Jul 12, 2021
simonswine added a commit to simonswine/cortex that referenced this issue Jul 13, 2021
simonswine added a commit to simonswine/cortex that referenced this issue Jul 13, 2021
simonswine added a commit to simonswine/cortex that referenced this issue Jul 13, 2021
simonswine added a commit to simonswine/cortex that referenced this issue Jul 13, 2021
simonswine added a commit to simonswine/cortex that referenced this issue Jul 13, 2021
This addresses CVE-2021-34558.

golang/go#47143

Signed-off-by: Christian Simon <simon@swine.de>
pracucci added a commit to cortexproject/cortex that referenced this issue Jul 13, 2021
* Update go version in build image to 1.16.6

This addresses CVE-2021-34558.

golang/go#47143

Signed-off-by: Christian Simon <simon@swine.de>

* Update build image and golang version in CI

Signed-off-by: Marco Pracucci <marco@pracucci.com>

* Update LATEST_BUILD_IMAGE_TAG in makefile

Signed-off-by: Christian Simon <simon@swine.de>

Co-authored-by: Marco Pracucci <marco@pracucci.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants