Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/elliptic: generic P-256 panic when scalar has too many leading zeroes #52075

Closed
FiloSottile opened this issue Mar 31, 2022 · 7 comments
Closed
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done. release-blocker Security
Milestone

Comments

@FiloSottile
Copy link
Contributor

Wycheproof tests added in CL 396174 revealed a panic in the generic P-256 ScalarMult and ScalarBaseMult.

The attack requires a crafted scalar, which is not possible to supply via crypto/ecdsa or crypto/tls.

@FiloSottile FiloSottile added Security NeedsFix The path to resolution is known, but the work has not been done. release-blocker labels Mar 31, 2022
@FiloSottile FiloSottile added this to the Go1.19 milestone Mar 31, 2022
@FiloSottile FiloSottile self-assigned this Mar 31, 2022
@FiloSottile
Copy link
Contributor Author

@gopherbot please open backport issues for this security fix.

@gopherbot
Copy link

Backport issue(s) opened: #52076 (for 1.17), #52077 (for 1.18).

Remember to create the cherry-pick CL(s) as soon as the patch is submitted to master, according to https://go.dev/wiki/MinorReleases.

@FiloSottile
Copy link
Contributor Author

Note that this would have been avoided by the nistec changes slated for Go 1.19.

@gopherbot
Copy link

Change https://go.dev/cl/397135 mentions this issue: crypto/elliptic: tolerate zero-padded scalars in generic P-256

@gopherbot
Copy link

Change https://go.dev/cl/397137 mentions this issue: [release-branch.go1.18] crypto/elliptic: tolerate zero-padded scalars in generic P-256

@gopherbot
Copy link

Change https://go.dev/cl/397136 mentions this issue: [release-branch.go1.17] crypto/elliptic: tolerate zero-padded scalars in generic P-256

@FiloSottile
Copy link
Contributor Author

This is CVE-2022-28327.

gopherbot pushed a commit that referenced this issue Apr 6, 2022
… in generic P-256

Updates #52075
Fixes #52077
Fixes CVE-2022-28327

Change-Id: I595a7514c9a0aa1b9c76aedfc2307e1124271f27
Reviewed-on: https://go-review.googlesource.com/c/go/+/397137
Trust: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Julie Qiu <julie@golang.org>
gopherbot pushed a commit that referenced this issue Apr 6, 2022
… in generic P-256

Updates #52075
Fixes #52076
Fixes CVE-2022-28327

Change-Id: I595a7514c9a0aa1b9c76aedfc2307e1124271f27
Reviewed-on: https://go-review.googlesource.com/c/go/+/397136
Trust: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Julie Qiu <julie@golang.org>
frezbo added a commit to frezbo/tools that referenced this issue Apr 13, 2022
Bump go to 1.18.1

Fixes:

- [CVE-2022-24675](golang/go#51853)
- [CVE-2022-28327](golang/go#52075)
- [CVE-2022-27536](golang/go#51759)

Signed-off-by: Noel Georgi <git@frezbo.dev>
frezbo added a commit to frezbo/tools that referenced this issue Apr 13, 2022
Bump go to 1.17.9

Fixes:

- [CVE-2022-24675](golang/go#51853)
- [CVE-2022-28327](golang/go#52075)
- [CVE-2022-27536](golang/go#51759)

Signed-off-by: Noel Georgi <git@frezbo.dev>
frezbo added a commit to frezbo/tools that referenced this issue Apr 13, 2022
Bump go to 1.17.9

Fixes:

- [CVE-2022-24675](golang/go#51853)
- [CVE-2022-28327](golang/go#52075)
- [CVE-2022-27536](golang/go#51759)

Update zlib download url's to use proper ones

Signed-off-by: Noel Georgi <git@frezbo.dev>
frezbo added a commit to frezbo/tools that referenced this issue Apr 13, 2022
Bump go to 1.17.9

Fixes:

- [CVE-2022-24675](golang/go#51853)
- [CVE-2022-28327](golang/go#52075)
- [CVE-2022-27536](golang/go#51759)

Update zlib download url's to use proper ones

Signed-off-by: Noel Georgi <git@frezbo.dev>
frezbo added a commit to frezbo/tools that referenced this issue Apr 13, 2022
Bump go to 1.18.1

Fixes:

- [CVE-2022-24675](golang/go#51853)
- [CVE-2022-28327](golang/go#52075)
- [CVE-2022-27536](golang/go#51759)

Also update zlib download url's

Signed-off-by: Noel Georgi <git@frezbo.dev>
frezbo added a commit to frezbo/tools that referenced this issue Apr 13, 2022
Bump go to 1.18.1

Fixes:

- [CVE-2022-24675](golang/go#51853)
- [CVE-2022-28327](golang/go#52075)
- [CVE-2022-27536](golang/go#51759)

Also update zlib download url's

Signed-off-by: Noel Georgi <git@frezbo.dev>
jaxesn pushed a commit to danbudris/go that referenced this issue Sep 9, 2022
Fixes golang#52075

Change-Id: I595a7514c9a0aa1b9c76aedfc2307e1124271f27
Reviewed-on: https://go-review.googlesource.com/c/go/+/397135
Trust: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
danbudris pushed a commit to danbudris/go that referenced this issue Sep 14, 2022
Fixes golang#52075

Change-Id: I595a7514c9a0aa1b9c76aedfc2307e1124271f27
Reviewed-on: https://go-review.googlesource.com/c/go/+/397135
Trust: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
rcrozean pushed a commit to rcrozean/go that referenced this issue Oct 5, 2022
# AWS EKS
Backported To: go-1.15.15-eks
Backported On: Thu, 22 Sept 2022
Backported By: budris@amazon.com
Backported From: release-branch.go1.17
EKS Patch Source Commit: danbudris@2664205
Upstream Source Commit: golang@7139e8b

# Original Information

Updates golang#52075
Fixes golang#52076
Fixes CVE-2022-28327

Change-Id: I595a7514c9a0aa1b9c76aedfc2307e1124271f27
Reviewed-on: https://go-review.googlesource.com/c/go/+/397136
Trust: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Julie Qiu <julie@golang.org>
rcrozean pushed a commit to rcrozean/go that referenced this issue Oct 12, 2022
# AWS EKS
Backported To: go-1.15.15-eks
Backported On: Thu, 22 Sept 2022
Backported By: budris@amazon.com
Backported From: release-branch.go1.17
EKS Patch Source Commit: danbudris@2664205
Upstream Source Commit: golang@7139e8b

# Original Information

Updates golang#52075
Fixes golang#52076
Fixes CVE-2022-28327

Change-Id: I595a7514c9a0aa1b9c76aedfc2307e1124271f27
Reviewed-on: https://go-review.googlesource.com/c/go/+/397136
Trust: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Julie Qiu <julie@golang.org>
rcrozean pushed a commit to rcrozean/go that referenced this issue Oct 12, 2022
# AWS EKS
Backported To: go-1.16.15-eks
Backported On: Tue, 04 Oct 2022
Backported By: budris@amazon.com
Backported From: release-branch.go1.17
EKS Patch Source Commit: danbudris@9161430
Upstream Source Commit: golang@3706584

# Original Information

Fixes golang#52075

Change-Id: I595a7514c9a0aa1b9c76aedfc2307e1124271f27
Reviewed-on: https://go-review.googlesource.com/c/go/+/397135
Trust: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
@golang golang locked and limited conversation to collaborators Jun 22, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done. release-blocker Security
Projects
None yet
Development

No branches or pull requests

2 participants