diff options
Diffstat (limited to 'meta/recipes-devtools/go/go-1.14/CVE-2023-29409.patch')
-rw-r--r-- | meta/recipes-devtools/go/go-1.14/CVE-2023-29409.patch | 175 |
1 files changed, 175 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2023-29409.patch b/meta/recipes-devtools/go/go-1.14/CVE-2023-29409.patch new file mode 100644 index 0000000000..00685cc180 --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2023-29409.patch | |||
@@ -0,0 +1,175 @@ | |||
1 | From 2300f7ef07718f6be4d8aa8486c7de99836e233f Mon Sep 17 00:00:00 2001 | ||
2 | From: Roland Shoemaker <bracewell@google.com> | ||
3 | Date: Wed, 7 Jun 2023 15:27:13 -0700 | ||
4 | Subject: [PATCH] [release-branch.go1.19] crypto/tls: restrict RSA keys in | ||
5 | certificates to <= 8192 bits | ||
6 | |||
7 | Extremely large RSA keys in certificate chains can cause a client/server | ||
8 | to expend significant CPU time verifying signatures. Limit this by | ||
9 | restricting the size of RSA keys transmitted during handshakes to <= | ||
10 | 8192 bits. | ||
11 | |||
12 | Based on a survey of publicly trusted RSA keys, there are currently only | ||
13 | three certificates in circulation with keys larger than this, and all | ||
14 | three appear to be test certificates that are not actively deployed. It | ||
15 | is possible there are larger keys in use in private PKIs, but we target | ||
16 | the web PKI, so causing breakage here in the interests of increasing the | ||
17 | default safety of users of crypto/tls seems reasonable. | ||
18 | |||
19 | Thanks to Mateusz Poliwczak for reporting this issue. | ||
20 | |||
21 | Updates #61460 | ||
22 | Fixes #61579 | ||
23 | Fixes CVE-2023-29409 | ||
24 | |||
25 | Change-Id: Ie35038515a649199a36a12fc2c5df3af855dca6c | ||
26 | Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1912161 | ||
27 | Reviewed-by: Damien Neil <dneil@google.com> | ||
28 | Reviewed-by: Tatiana Bradley <tatianabradley@google.com> | ||
29 | Run-TryBot: Roland Shoemaker <bracewell@google.com> | ||
30 | (cherry picked from commit d865c715d92887361e4bd5596e19e513f27781b7) | ||
31 | Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1965487 | ||
32 | Reviewed-on: https://go-review.googlesource.com/c/go/+/514915 | ||
33 | Run-TryBot: David Chase <drchase@google.com> | ||
34 | Reviewed-by: Matthew Dempsky <mdempsky@google.com> | ||
35 | TryBot-Bypass: David Chase <drchase@google.com> | ||
36 | |||
37 | Upstream-Status: Backport [https://github.com/golang/go/commit/2300f7ef07718f6be4d8aa8486c7de99836e233f] | ||
38 | CVE: CVE-2023-29409 | ||
39 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
40 | --- | ||
41 | src/crypto/tls/handshake_client.go | 8 +++ | ||
42 | src/crypto/tls/handshake_client_test.go | 78 +++++++++++++++++++++++++ | ||
43 | src/crypto/tls/handshake_server.go | 4 ++ | ||
44 | 3 files changed, 90 insertions(+) | ||
45 | |||
46 | diff --git a/src/crypto/tls/handshake_client.go b/src/crypto/tls/handshake_client.go | ||
47 | index 4fb528c..ba33ea1 100644 | ||
48 | --- a/src/crypto/tls/handshake_client.go | ||
49 | +++ b/src/crypto/tls/handshake_client.go | ||
50 | @@ -788,6 +788,10 @@ func (hs *clientHandshakeState) sendFinished(out []byte) error { | ||
51 | return nil | ||
52 | } | ||
53 | |||
54 | +// maxRSAKeySize is the maximum RSA key size in bits that we are willing | ||
55 | +// to verify the signatures of during a TLS handshake. | ||
56 | +const maxRSAKeySize = 8192 | ||
57 | + | ||
58 | // verifyServerCertificate parses and verifies the provided chain, setting | ||
59 | // c.verifiedChains and c.peerCertificates or sending the appropriate alert. | ||
60 | func (c *Conn) verifyServerCertificate(certificates [][]byte) error { | ||
61 | @@ -798,6 +802,10 @@ func (c *Conn) verifyServerCertificate(certificates [][]byte) error { | ||
62 | c.sendAlert(alertBadCertificate) | ||
63 | return errors.New("tls: failed to parse certificate from server: " + err.Error()) | ||
64 | } | ||
65 | + if cert.PublicKeyAlgorithm == x509.RSA && cert.PublicKey.(*rsa.PublicKey).N.BitLen() > maxRSAKeySize { | ||
66 | + c.sendAlert(alertBadCertificate) | ||
67 | + return fmt.Errorf("tls: server sent certificate containing RSA key larger than %d bits", maxRSAKeySize) | ||
68 | + } | ||
69 | certs[i] = cert | ||
70 | } | ||
71 | |||
72 | diff --git a/src/crypto/tls/handshake_client_test.go b/src/crypto/tls/handshake_client_test.go | ||
73 | index 6bd3c37..8d20b2b 100644 | ||
74 | --- a/src/crypto/tls/handshake_client_test.go | ||
75 | +++ b/src/crypto/tls/handshake_client_test.go | ||
76 | @@ -1984,3 +1984,81 @@ func TestCloseClientConnectionOnIdleServer(t *testing.T) { | ||
77 | t.Errorf("Error expected, but no error returned") | ||
78 | } | ||
79 | } | ||
80 | + | ||
81 | +// discardConn wraps a net.Conn but discards all writes, but reports that they happened. | ||
82 | +type discardConn struct { | ||
83 | + net.Conn | ||
84 | +} | ||
85 | + | ||
86 | +func (dc *discardConn) Write(data []byte) (int, error) { | ||
87 | + return len(data), nil | ||
88 | +} | ||
89 | + | ||
90 | +// largeRSAKeyCertPEM contains a 8193 bit RSA key | ||
91 | +const largeRSAKeyCertPEM = `-----BEGIN CERTIFICATE----- | ||
92 | +MIIInjCCBIWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDEwd0ZXN0 | ||
93 | +aW5nMB4XDTIzMDYwNzIxMjMzNloXDTIzMDYwNzIzMjMzNlowEjEQMA4GA1UEAxMH | ||
94 | +dGVzdGluZzCCBCIwDQYJKoZIhvcNAQEBBQADggQPADCCBAoCggQBAWdHsf6Rh2Ca | ||
95 | +n2SQwn4t4OQrOjbLLdGE1pM6TBKKrHUFy62uEL8atNjlcfXIsa4aEu3xNGiqxqur | ||
96 | +ZectlkZbm0FkaaQ1Wr9oikDY3KfjuaXdPdO/XC/h8AKNxlDOylyXwUSK/CuYb+1j | ||
97 | +gy8yF5QFvVfwW/xwTlHmhUeSkVSQPosfQ6yXNNsmMzkd+ZPWLrfq4R+wiNtwYGu0 | ||
98 | +WSBcI/M9o8/vrNLnIppoiBJJ13j9CR1ToEAzOFh9wwRWLY10oZhoh1ONN1KQURx4 | ||
99 | +qedzvvP2DSjZbUccdvl2rBGvZpzfOiFdm1FCnxB0c72Cqx+GTHXBFf8bsa7KHky9 | ||
100 | +sNO1GUanbq17WoDNgwbY6H51bfShqv0CErxatwWox3we4EcAmFHPVTCYL1oWVMGo | ||
101 | +a3Eth91NZj+b/nGhF9lhHKGzXSv9brmLLkfvM1jA6XhNhA7BQ5Vz67lj2j3XfXdh | ||
102 | +t/BU5pBXbL4Ut4mIhT1YnKXAjX2/LF5RHQTE8Vwkx5JAEKZyUEGOReD/B+7GOrLp | ||
103 | +HduMT9vZAc5aR2k9I8qq1zBAzsL69lyQNAPaDYd1BIAjUety9gAYaSQffCgAgpRO | ||
104 | +Gt+DYvxS+7AT/yEd5h74MU2AH7KrAkbXOtlwupiGwhMVTstncDJWXMJqbBhyHPF8 | ||
105 | +3UmZH0hbL4PYmzSj9LDWQQXI2tv6vrCpfts3Cqhqxz9vRpgY7t1Wu6l/r+KxYYz3 | ||
106 | +1pcGpPvRmPh0DJm7cPTiXqPnZcPt+ulSaSdlxmd19OnvG5awp0fXhxryZVwuiT8G | ||
107 | +VDkhyARrxYrdjlINsZJZbQjO0t8ketXAELJOnbFXXzeCOosyOHkLwsqOO96AVJA8 | ||
108 | +45ZVL5m95ClGy0RSrjVIkXsxTAMVG6SPAqKwk6vmTdRGuSPS4rhgckPVDHmccmuq | ||
109 | +dfnT2YkX+wB2/M3oCgU+s30fAHGkbGZ0pCdNbFYFZLiH0iiMbTDl/0L/z7IdK0nH | ||
110 | +GLHVE7apPraKC6xl6rPWsD2iSfrmtIPQa0+rqbIVvKP5JdfJ8J4alI+OxFw/znQe | ||
111 | +V0/Rez0j22Fe119LZFFSXhRv+ZSvcq20xDwh00mzcumPWpYuCVPozA18yIhC9tNn | ||
112 | +ALHndz0tDseIdy9vC71jQWy9iwri3ueN0DekMMF8JGzI1Z6BAFzgyAx3DkHtwHg7 | ||
113 | +B7qD0jPG5hJ5+yt323fYgJsuEAYoZ8/jzZ01pkX8bt+UsVN0DGnSGsI2ktnIIk3J | ||
114 | +l+8krjmUy6EaW79nITwoOqaeHOIp8m3UkjEcoKOYrzHRKqRy+A09rY+m/cAQaafW | ||
115 | +4xp0Zv7qZPLwnu0jsqB4jD8Ll9yPB02ndsoV6U5PeHzTkVhPml19jKUAwFfs7TJg | ||
116 | +kXy+/xFhYVUCAwEAATANBgkqhkiG9w0BAQsFAAOCBAIAAQnZY77pMNeypfpba2WK | ||
117 | +aDasT7dk2JqP0eukJCVPTN24Zca+xJNPdzuBATm/8SdZK9lddIbjSnWRsKvTnO2r | ||
118 | +/rYdlPf3jM5uuJtb8+Uwwe1s+gszelGS9G/lzzq+ehWicRIq2PFcs8o3iQMfENiv | ||
119 | +qILJ+xjcrvms5ZPDNahWkfRx3KCg8Q+/at2n5p7XYjMPYiLKHnDC+RE2b1qT20IZ | ||
120 | +FhuK/fTWLmKbfYFNNga6GC4qcaZJ7x0pbm4SDTYp0tkhzcHzwKhidfNB5J2vNz6l | ||
121 | +Ur6wiYwamFTLqcOwWo7rdvI+sSn05WQBv0QZlzFX+OAu0l7WQ7yU+noOxBhjvHds | ||
122 | +14+r9qcQZg2q9kG+evopYZqYXRUNNlZKo9MRBXhfrISulFAc5lRFQIXMXnglvAu+ | ||
123 | +Ipz2gomEAOcOPNNVldhKAU94GAMJd/KfN0ZP7gX3YvPzuYU6XDhag5RTohXLm18w | ||
124 | +5AF+ES3DOQ6ixu3DTf0D+6qrDuK+prdX8ivcdTQVNOQ+MIZeGSc6NWWOTaMGJ3lg | ||
125 | +aZIxJUGdo6E7GBGiC1YTjgFKFbHzek1LRTh/LX3vbSudxwaG0HQxwsU9T4DWiMqa | ||
126 | +Fkf2KteLEUA6HrR+0XlAZrhwoqAmrJ+8lCFX3V0gE9lpENfVHlFXDGyx10DpTB28 | ||
127 | +DdjnY3F7EPWNzwf9P3oNT69CKW3Bk6VVr3ROOJtDxVu1ioWo3TaXltQ0VOnap2Pu | ||
128 | +sa5wfrpfwBDuAS9JCDg4ttNp2nW3F7tgXC6xPqw5pvGwUppEw9XNrqV8TZrxduuv | ||
129 | +rQ3NyZ7KSzIpmFlD3UwV/fGfz3UQmHS6Ng1evrUID9DjfYNfRqSGIGjDfxGtYD+j | ||
130 | +Z1gLJZuhjJpNtwBkKRtlNtrCWCJK2hidK/foxwD7kwAPo2I9FjpltxCRywZUs07X | ||
131 | +KwXTfBR9v6ij1LV6K58hFS+8ezZyZ05CeVBFkMQdclTOSfuPxlMkQOtjp8QWDj+F | ||
132 | +j/MYziT5KBkHvcbrjdRtUJIAi4N7zCsPZtjik918AK1WBNRVqPbrgq/XSEXMfuvs | ||
133 | +6JbfK0B76vdBDRtJFC1JsvnIrGbUztxXzyQwFLaR/AjVJqpVlysLWzPKWVX6/+SJ | ||
134 | +u1NQOl2E8P6ycyBsuGnO89p0S4F8cMRcI2X1XQsZ7/q0NBrOMaEp5T3SrWo9GiQ3 | ||
135 | +o2SBdbs3Y6MBPBtTu977Z/0RO63J3M5i2tjUiDfrFy7+VRLKr7qQ7JibohyB8QaR | ||
136 | +9tedgjn2f+of7PnP/PEl1cCphUZeHM7QKUMPT8dbqwmKtlYY43EHXcvNOT5IBk3X | ||
137 | +9lwJoZk/B2i+ZMRNSP34ztAwtxmasPt6RAWGQpWCn9qmttAHAnMfDqe7F7jVR6rS | ||
138 | +u58= | ||
139 | +-----END CERTIFICATE-----` | ||
140 | + | ||
141 | +func TestHandshakeRSATooBig(t *testing.T) { | ||
142 | + testCert, _ := pem.Decode([]byte(largeRSAKeyCertPEM)) | ||
143 | + | ||
144 | + c := &Conn{conn: &discardConn{}, config: testConfig.Clone()} | ||
145 | + | ||
146 | + expectedErr := "tls: server sent certificate containing RSA key larger than 8192 bits" | ||
147 | + err := c.verifyServerCertificate([][]byte{testCert.Bytes}) | ||
148 | + if err == nil || err.Error() != expectedErr { | ||
149 | + t.Errorf("Conn.verifyServerCertificate unexpected error: want %q, got %q", expectedErr, err) | ||
150 | + } | ||
151 | + | ||
152 | + expectedErr = "tls: client sent certificate containing RSA key larger than 8192 bits" | ||
153 | + err = c.processCertsFromClient(Certificate{Certificate: [][]byte{testCert.Bytes}}) | ||
154 | + if err == nil || err.Error() != expectedErr { | ||
155 | + t.Errorf("Conn.processCertsFromClient unexpected error: want %q, got %q", expectedErr, err) | ||
156 | + } | ||
157 | +} | ||
158 | diff --git a/src/crypto/tls/handshake_server.go b/src/crypto/tls/handshake_server.go | ||
159 | index b16415a..2e36840 100644 | ||
160 | --- a/src/crypto/tls/handshake_server.go | ||
161 | +++ b/src/crypto/tls/handshake_server.go | ||
162 | @@ -738,6 +738,10 @@ func (c *Conn) processCertsFromClient(certificate Certificate) error { | ||
163 | c.sendAlert(alertBadCertificate) | ||
164 | return errors.New("tls: failed to parse client certificate: " + err.Error()) | ||
165 | } | ||
166 | + if certs[i].PublicKeyAlgorithm == x509.RSA && certs[i].PublicKey.(*rsa.PublicKey).N.BitLen() > maxRSAKeySize { | ||
167 | + c.sendAlert(alertBadCertificate) | ||
168 | + return fmt.Errorf("tls: client sent certificate containing RSA key larger than %d bits", maxRSAKeySize) | ||
169 | + } | ||
170 | } | ||
171 | |||
172 | if len(certs) == 0 && requiresClientCert(c.config.ClientAuth) { | ||
173 | -- | ||
174 | 2.25.1 | ||
175 | |||