Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/tls: TLSv1.3 connection fails with invalid PSK binder [1.20 backport] #59540

Closed
gopherbot opened this issue Apr 11, 2023 · 2 comments
Closed

crypto/tls: TLSv1.3 connection fails with invalid PSK binder [1.20 backport] #59540

gopherbot opened this issue Apr 11, 2023 · 2 comments
Labels
CherryPickApproved Used during the release process for point releases FrozenDueToAge
Milestone
Go1.20.4

Comments

@gopherbot
Copy link

@rolandshoemaker requested issue #59424 to be considered for backport to the next 1.20 minor release.

Sorry, I was out on vacation. Thanks for catching this!

@gopherbot please open backport issues for this, it's a regression from a security fix.
@gopherbot gopherbot added the CherryPickCandidate Used during the release process for point releases label Apr 11, 2023
@gopherbot gopherbot mentioned this issue Apr 11, 2023
Closed
@gopherbot gopherbot added this to the Go1.20.4 milestone Apr 11, 2023
@dr2chase dr2chase added the CherryPickApproved Used during the release process for point releases label Apr 12, 2023
@gopherbot gopherbot removed the CherryPickCandidate Used during the release process for point releases label Apr 12, 2023
@gopherbot
Copy link
Author

Change https://go.dev/cl/488055 mentions this issue: [release-branch.go1.20] crypto/tls: fix PSK binder calculation

gopherbot pushed a commit that referenced this issue Apr 24, 2023
@tsaarni @gopherbot
[release-branch.go1.20] crypto/tls: fix PSK binder calculation
813a811 
When server and client have mismatch in curve preference, the server will
send HelloRetryRequest during TLSv1.3 PSK resumption. There was a bug
introduced by Go1.19.6 or later and Go1.20.1 or later, that makes the client
calculate the PSK binder hash incorrectly. Server will reject the TLS
handshake by sending alert: invalid PSK binder.

For #59424.
Fixes #59540.

Change-Id: I2ca8948474275740a36d991c057b62a13392dbb9
GitHub-Last-Rev: 1aad9bc
GitHub-Pull-Request: #59425
Reviewed-on: https://go-review.googlesource.com/c/go/+/481955
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Run-TryBot: Roland Shoemaker <roland@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Roland Shoemaker <roland@golang.org>
(cherry picked from commit 2c70690)
Reviewed-on: https://go-review.googlesource.com/c/go/+/488055
Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org>
@gopherbot
Copy link
Author

Closed by merging 813a811 to release-branch.go1.20.

bradfitz pushed a commit to tailscale/go that referenced this issue May 25, 2023
@tsaarni @bradfitz
[release-branch.go1.20] crypto/tls: fix PSK binder calculation
9ec64bb 
When server and client have mismatch in curve preference, the server will
send HelloRetryRequest during TLSv1.3 PSK resumption. There was a bug
introduced by Go1.19.6 or later and Go1.20.1 or later, that makes the client
calculate the PSK binder hash incorrectly. Server will reject the TLS
handshake by sending alert: invalid PSK binder.

For golang#59424.
Fixes golang#59540.

Change-Id: I2ca8948474275740a36d991c057b62a13392dbb9
GitHub-Last-Rev: 1aad9bc
GitHub-Pull-Request: golang#59425
Reviewed-on: https://go-review.googlesource.com/c/go/+/481955
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Run-TryBot: Roland Shoemaker <roland@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Roland Shoemaker <roland@golang.org>
(cherry picked from commit 2c70690)
Reviewed-on: https://go-review.googlesource.com/c/go/+/488055
Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org>
bradfitz pushed a commit to tailscale/go that referenced this issue May 25, 2023
@tsaarni @bradfitz
[release-branch.go1.20] crypto/tls: fix PSK binder calculation
20c86c1 
When server and client have mismatch in curve preference, the server will
send HelloRetryRequest during TLSv1.3 PSK resumption. There was a bug
introduced by Go1.19.6 or later and Go1.20.1 or later, that makes the client
calculate the PSK binder hash incorrectly. Server will reject the TLS
handshake by sending alert: invalid PSK binder.

For golang#59424.
Fixes golang#59540.

Change-Id: I2ca8948474275740a36d991c057b62a13392dbb9
GitHub-Last-Rev: 1aad9bc
GitHub-Pull-Request: golang#59425
Reviewed-on: https://go-review.googlesource.com/c/go/+/481955
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Run-TryBot: Roland Shoemaker <roland@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Roland Shoemaker <roland@golang.org>
(cherry picked from commit 2c70690)
Reviewed-on: https://go-review.googlesource.com/c/go/+/488055
Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org>
@golang golang locked and limited conversation to collaborators Apr 23, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
CherryPickApproved Used during the release process for point releases FrozenDueToAge
Projects
None yet
Milestone
Go1.20.4
Development

No branches or pull requests
2 participants
@dr2chase @gopherbot