New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/tls: clients can panic when provided a certificate of the wrong type for the negotiated parameters (CVE-2021-34558) #47143
Comments
@gopherbot please file backport issues for this security fix. |
Backport issue(s) opened: #47144 (for 1.15), #47145 (for 1.16). Remember to create the cherry-pick CL(s) as soon as the patch is submitted to master, according to https://golang.org/wiki/MinorReleases. |
Change https://golang.org/cl/334030 mentions this issue: |
Change https://golang.org/cl/334029 mentions this issue: |
Change https://golang.org/cl/334031 mentions this issue: |
When casting the certificate public key in generateClientKeyExchange, check the type is appropriate. This prevents a panic when a server agrees to a RSA based key exchange, but then sends an ECDSA (or other) certificate. Updates #47143 Fixes #47144 Fixes CVE-2021-34558 Thanks to Imre Rad for reporting this issue. Change-Id: Iabccacca6052769a605cccefa1216a9f7b7f6aea Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1116723 Reviewed-by: Filippo Valsorda <valsorda@google.com> Reviewed-by: Katie Hockman <katiehockman@google.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/334030 Trust: Filippo Valsorda <filippo@golang.org> Run-TryBot: Filippo Valsorda <filippo@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
When casting the certificate public key in generateClientKeyExchange, check the type is appropriate. This prevents a panic when a server agrees to a RSA based key exchange, but then sends an ECDSA (or other) certificate. Updates #47143 Fixes #47145 Fixes CVE-2021-34558 Thanks to Imre Rad for reporting this issue. Change-Id: Iabccacca6052769a605cccefa1216a9f7b7f6aea Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1116723 Reviewed-by: Filippo Valsorda <valsorda@google.com> Reviewed-by: Katie Hockman <katiehockman@google.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/334029 Trust: Filippo Valsorda <filippo@golang.org> Run-TryBot: Filippo Valsorda <filippo@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> TryBot-Result: Go Bot <gobot@golang.org>
This addresses CVE-2021-34558. golang/go#47143 Signed-off-by: Christian Simon <simon@swine.de>
* Update go version in build image to 1.16.6 This addresses CVE-2021-34558. golang/go#47143 Signed-off-by: Christian Simon <simon@swine.de> * Update build image and golang version in CI Signed-off-by: Marco Pracucci <marco@pracucci.com> * Update LATEST_BUILD_IMAGE_TAG in makefile Signed-off-by: Christian Simon <simon@swine.de> Co-authored-by: Marco Pracucci <marco@pracucci.com>
* Update go version in build image to 1.16.6 This addresses CVE-2021-34558. golang/go#47143 Signed-off-by: Christian Simon <simon@swine.de> * Update build image and golang version in CI Signed-off-by: Marco Pracucci <marco@pracucci.com> * Update LATEST_BUILD_IMAGE_TAG in makefile Signed-off-by: Christian Simon <simon@swine.de> Co-authored-by: Marco Pracucci <marco@pracucci.com> Former-commit-id: e49102c
* Update go version in build image to 1.16.6 This addresses CVE-2021-34558. golang/go#47143 Signed-off-by: Christian Simon <simon@swine.de> * Update build image and golang version in CI Signed-off-by: Marco Pracucci <marco@pracucci.com> * Update LATEST_BUILD_IMAGE_TAG in makefile Signed-off-by: Christian Simon <simon@swine.de> Co-authored-by: Marco Pracucci <marco@pracucci.com> Signed-off-by: Alvin Lin <alvinlin@amazon.com>
crypto/tls
clients can panic when provided a certificate of the wrong type for the negotiated parameters.net/http
clients performing HTTPS requests are also affected. The panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured withConfig.InsecureSkipVerify
. Clients that disable allTLS_RSA
cipher suites (that is, TLS 1.0–1.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.Thanks to Imre Rad for reporting this issue.
This issue is CVE-2021-34558.
The text was updated successfully, but these errors were encountered: