security: fix CVE-2023-29409 [1.20 backport] #61580

gopherbot · 2023-07-25T19:43:43Z

@neild requested issue #61460 to be considered for backport to the next 1.20 minor release.

@gopherbot please open backport issues

gopherbot · 2023-08-01T18:37:57Z

Change https://go.dev/cl/514900 mentions this issue: [release-branch.go1.20] crypto/tls: restrict RSA keys in certificates to <= 8192 bits

… to <= 8192 bits Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. Limit this by restricting the size of RSA keys transmitted during handshakes to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable. Thanks to Mateusz Poliwczak for reporting this issue. Updates #61460 Fixes #61580 Fixes CVE-2023-29409 Change-Id: Ie35038515a649199a36a12fc2c5df3af855dca6c Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1912161 Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: Tatiana Bradley <tatianabradley@google.com> Run-TryBot: Roland Shoemaker <bracewell@google.com> (cherry picked from commit d865c715d92887361e4bd5596e19e513f27781b7) Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1965747 TryBot-Result: Security TryBots <security-trybots@go-security-trybots.iam.gserviceaccount.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/514900 Run-TryBot: David Chase <drchase@google.com> Reviewed-by: Matthew Dempsky <mdempsky@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>

gopherbot · 2023-08-01T19:09:22Z

Closed by merging 659f2a2 to release-branch.go1.20.

johanbrandhorst · 2023-08-01T21:52:28Z

This issue is not showing up under the 1.20.7 milestone linked from the release history page because it has the label CherryPickCandidate rather than CherryPickApproved. Does that need to be manually fixed?

dmitshur · 2023-08-02T18:15:22Z

Thanks for reporting that. This security backport was approved, but marking it as such was missed. I've raised it with the security team to improve the process for the future. Applying it manually retroactively.

gopherbot added CherryPickCandidate Used during the release process for point releases Security labels Jul 25, 2023

gopherbot mentioned this issue Jul 25, 2023

crypto/tls: verifying certificate chains containing large RSA keys is slow [CVE-2023-29409] #61460

Closed

gopherbot added this to the Go1.20.7 milestone Jul 25, 2023

neild added the release-blocker label Jul 25, 2023

gopherbot closed this as completed Aug 1, 2023

dmitshur added CherryPickApproved Used during the release process for point releases and removed CherryPickCandidate Used during the release process for point releases labels Aug 2, 2023

golang locked and limited conversation to collaborators Aug 1, 2024

gopherbot added the FrozenDueToAge label Aug 1, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

security: fix CVE-2023-29409 [1.20 backport] #61580

security: fix CVE-2023-29409 [1.20 backport] #61580

gopherbot commented Jul 25, 2023

gopherbot commented Aug 1, 2023

gopherbot commented Aug 1, 2023

johanbrandhorst commented Aug 1, 2023 •

edited

Loading

dmitshur commented Aug 2, 2023

security: fix CVE-2023-29409 [1.20 backport] #61580

security: fix CVE-2023-29409 [1.20 backport] #61580

Comments

gopherbot commented Jul 25, 2023

gopherbot commented Aug 1, 2023

gopherbot commented Aug 1, 2023

johanbrandhorst commented Aug 1, 2023 • edited Loading

dmitshur commented Aug 2, 2023

johanbrandhorst commented Aug 1, 2023 •

edited

Loading