Re: golang-go.crypto / CVE-2019-11841

[Ola Lundqvist <ola@inguza.com>]

Hi

To completely fix the second part of this CVE I think an API change is necessary.

The API need to return a list of unsigned and signed portions of the message so the application using it can make it visible what parts are signed and what parts are not.

However such a change is large and cannot be done in LTS.

Regarding the security purpose of the hash information I cannot really judge. I think it serves very little function but I could be wrong.

Cheers

// Ola

On Mon, 7 Sep 2020 at 01:08, Brian May <bam@debian.org> wrote:

Attached is my patch for Stretch, based on the upstream patch.

I am a bit uneasy about applying this and marking CVE-2019-11841 as
fixed, because contrary to what upstream say I don't think
CVE-2019-11841 is actually fixed. From the CVE description:

    [...] However, the Go clearsign package ignores the value of this
    header, which allows an attacker to spoof it. Consequently, an
    attacker can lead a victim to believe the signature was generated
    using a different message digest algorithm than what was actually
    used. [...]

The upstream patch has done nothing to address this.
--
Brian May <bam@debian.org>

--

 --- Inguza Technology AB --- MSc in Information Technology ----

|  ola@inguza.com                    opal@debian.org            |

|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |

 ---------------------------------------------------------------