Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/x509: panics on invalid curve instead of returning error #54288

Closed
FnuGk opened this issue Aug 5, 2022 · 7 comments
Closed

crypto/x509: panics on invalid curve instead of returning error #54288

FnuGk opened this issue Aug 5, 2022 · 7 comments
Assignees
@FiloSottile
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done.
Milestone
Go1.20

Comments

@FnuGk
Copy link

FnuGk commented Aug 5, 2022

What version of Go are you using (go version)?

$ go version 1.19

What did you do?

In go 1.19 crypto/elliptic will now panic when operating on invalid curve points. This is great as it avoids undefined behavior, but crypto/x509 will now panic in marshalPublicKey in the case *ecdsa.PublicKey: where it previosly would return errors.New("x509: unsupported elliptic curve") as it calls elliptic.Marshal(pub.Curve, pub.X, pub.Y) before it checks oidFromNamedCurve(pub.Curve).

So simply switching those two calls around should fix the issue.

Meanwhile clients have to manually check if their key satisfies IsOnCurve before calling something like x509.MarshalPKIXPublicKey where in previous versions of go you could rely on an error being returned instead of a panic.
FnuGk added a commit to FnuGk/go that referenced this issue Aug 5, 2022
@FnuGk
crypto/x509: err instead of panic on invalid curve
1a7ef18 
in marshalPublicKey case *ecdsa.PublicKey:
because elliptic.Marshal() was called before oidFromNamedCurve we would panic
if the curve was invalid.
By calling oidFromNamedCurve first we can return early with a meaningfull error

Fixes golang#54288
@FnuGk FnuGk mentioned this issue Aug 5, 2022
Closed
cuiweixie added a commit to cuiweixie/go that referenced this issue Aug 5, 2022
@cuiweixie
crypto/x509: return error instead of panic
73b7a1a 
Fixes golang#54288
@gopherbot
Copy link

Change https://go.dev/cl/421617 mentions this issue: crypto/x509: err instead of panic on invalid curve

@cuiweixie cuiweixie mentioned this issue Aug 5, 2022
Closed
@FiloSottile
Copy link
Contributor

Ah, yeah, functions with an error return value should definitely return an error, not panic. I'll do a pass of all the marshal-side paths, and see if there are other issues like this.

@gopherbot please open a backport issue to Go 1.19. I don't think this is a security issue because the attacker can't control the curve of a certificate being marshaled, but panic'ing where we were returning an error is a regression and we should quash it.

@gopherbot gopherbot mentioned this issue Aug 5, 2022
Closed
@gopherbot
Copy link

Backport issue(s) opened: #54295 (for 1.19).

Remember to create the cherry-pick CL(s) as soon as the patch is submitted to master, according to https://go.dev/wiki/MinorReleases.

@seankhliao seankhliao added the NeedsFix The path to resolution is known, but the work has not been done. label Aug 5, 2022
@FiloSottile FiloSottile self-assigned this Aug 9, 2022
@gopherbot
Copy link

Change https://go.dev/cl/422298 mentions this issue: crypto/x509: don't panic marshaling invalid ECDSA keys

@FnuGk
Copy link
Author

FnuGk commented Aug 10, 2022

Ok. I had already opened #54290 along with this issue, anything else i should do on my end?

@FiloSottile
Copy link
Contributor

@FnuGk no, we've got it, thank you for the report! https://go.dev/cl/422298 is a slightly broader fix that is now under review.

@seankhliao seankhliao added this to the Go1.20 milestone Aug 20, 2022
@gopherbot
Copy link

Change https://go.dev/cl/425634 mentions this issue: [release-branch.go1.19] crypto/x509: don't panic marshaling invalid ECDSA keys

gopherbot pushed a commit that referenced this issue Aug 29, 2022
@FiloSottile @heschi
[release-branch.go1.19] crypto/x509: don't panic marshaling invalid E…
2553a09 
…CDSA keys

MarshalPKIXPublicKey, CreateCertificate, CreateCertificateRequest,
MarshalECPrivateKey, and MarshalPKCS8PrivateKey started raising a panic
when encoding an invalid ECDSA key in Go 1.19. Since they have an error
return value, they should return an error instead.

Updates #54288
Fixes #54295

Change-Id: Iba132cd2f890ece36bb7d0396eb9a9a77bdb81df
Reviewed-on: https://go-review.googlesource.com/c/go/+/422298
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: David Chase <drchase@google.com>
(cherry picked from commit f64f12f)
Reviewed-on: https://go-review.googlesource.com/c/go/+/425634
rajbarik pushed a commit to rajbarik/go that referenced this issue Sep 1, 2022
@FiloSottile
crypto/x509: don't panic marshaling invalid ECDSA keys
2b1bc9c 
MarshalPKIXPublicKey, CreateCertificate, CreateCertificateRequest,
MarshalECPrivateKey, and MarshalPKCS8PrivateKey started raising a panic
when encoding an invalid ECDSA key in Go 1.19. Since they have an error
return value, they should return an error instead.

Fixes golang#54288

Change-Id: Iba132cd2f890ece36bb7d0396eb9a9a77bdb81df
Reviewed-on: https://go-review.googlesource.com/c/go/+/422298
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: David Chase <drchase@google.com>
bradfitz pushed a commit to tailscale/go that referenced this issue Sep 8, 2022
@FiloSottile @bradfitz
[release-branch.go1.19] crypto/x509: don't panic marshaling invalid E…
505e77f 
…CDSA keys

MarshalPKIXPublicKey, CreateCertificate, CreateCertificateRequest,
MarshalECPrivateKey, and MarshalPKCS8PrivateKey started raising a panic
when encoding an invalid ECDSA key in Go 1.19. Since they have an error
return value, they should return an error instead.

Updates golang#54288
Fixes golang#54295

Change-Id: Iba132cd2f890ece36bb7d0396eb9a9a77bdb81df
Reviewed-on: https://go-review.googlesource.com/c/go/+/422298
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: David Chase <drchase@google.com>
(cherry picked from commit f64f12f)
Reviewed-on: https://go-review.googlesource.com/c/go/+/425634
@golang golang locked and limited conversation to collaborators Aug 25, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@FiloSottile FiloSottile

Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done.
Projects
None yet
Milestone
Go1.20
4 participants
@FnuGk @FiloSottile @gopherbot @seankhliao