Re: golang-go.crypto / CVE-2019-11841

To: Brian May <bam@debian.org>
Cc: Debian LTS <debian-lts@lists.debian.org>
Subject: Re: golang-go.crypto / CVE-2019-11841
From: Ola Lundqvist <ola@inguza.com>
Date: Fri, 11 Sep 2020 22:36:20 +0200
Message-id: <[🔎] CABY6=0=xDdOo1RH9iJiG=xS0T=GaQ48k+w-RSoLPSbTDcZxCUA@mail.gmail.com>
In-reply-to: <[🔎] 87k0x2edaf.fsf@canidae.wired.pri>
References: <87k0xes8kr.fsf@canidae.wired.pri> <[🔎] 87pn75t6vb.fsf@canidae.wired.pri> <[🔎] 87eenju6qa.fsf@canidae.wired.pri> <[🔎] 877dtatsa2.fsf@canidae.wired.pri> <[🔎] 87r1refqqe.fsf@canidae.wired.pri> <[🔎] CABY6=0nu1DP42xdGA-1whSZVY08fd0JSrarJijHAzAFMycfD7Q@mail.gmail.com> <[🔎] 874ko9p70k.fsf@canidae.wired.pri> <[🔎] CABY6=0nbk71vcgXX3yHeKmm1kYZi=+PduFCbiyNCDx8WXDwEQA@mail.gmail.com> <[🔎] 871rjbq50z.fsf@canidae.wired.pri> <[🔎] CABY6=0mSxsXpjhz-X+=p2wSSeXFuffVf=7X3AQ0GEyy1YRF9-A@mail.gmail.com> <[🔎] 87k0x2edaf.fsf@canidae.wired.pri>

Hi Brian

Looking at the code and your email I have some concerns.

Isn't the header part of the "signed" argument? If it is not, then there is no point of checking it since you can then just change the header anyway. If it is part of the signed message it is possible for the function to decode it and check it.

Do the calling application need to do the check, can't CheckDetachedSignature do it?

Or have I missed something?

// Ola

On Thu, 10 Sep 2020 at 01:33, Brian May <bam@debian.org> wrote:

Ola Lundqvist <ola@inguza.com> writes:

> Do we have an idea on how a good patch would look like?

OK, I think a patch may not be as simple as I hoped.

CheckDetachedSignature() is where we decode the packet and determine the
hash function used.

But this function is not supplied the headers so it cannot check the
headers. And this function doesn't return the hashFunc used either, so
the calling function cannot check the headers.

Plus the hashFunc is an integer it needs to be decoded into a string -
there is a private function - nameOfHash - that does this.

So some sort of API change is required I think.

I am a bit disappointed actually that the CheckDetachedSignature()
doesn't return the hash used. It means that the calling application only
has access to the insecure value that cannot be trusted.
--
Brian May <bam@debian.org>

--- Inguza Technology AB --- MSc in Information Technology ----

| ola@inguza.com opal@debian.org |

| http://inguza.com/ Mobile: +46 (0)70-332 1551 |

---------------------------------------------------------------

Reply to:

Follow-Ups:
- Re: golang-go.crypto / CVE-2019-11841
  - From: Brian May <bam@debian.org>

References:
- Re: golang-go.crypto / CVE-2019-11841
  - From: Brian May <bam@debian.org>
- Re: golang-go.crypto / CVE-2019-11841
  - From: Brian May <bam@debian.org>
- Re: golang-go.crypto / CVE-2019-11841
  - From: Brian May <bam@debian.org>
- Re: golang-go.crypto / CVE-2019-11841
  - From: Brian May <bam@debian.org>
- Re: golang-go.crypto / CVE-2019-11841
  - From: Ola Lundqvist <ola@inguza.com>
- Re: golang-go.crypto / CVE-2019-11841
  - From: Brian May <bam@debian.org>
- Re: golang-go.crypto / CVE-2019-11841
  - From: Ola Lundqvist <ola@inguza.com>
- Re: golang-go.crypto / CVE-2019-11841
  - From: Brian May <bam@debian.org>
- Re: golang-go.crypto / CVE-2019-11841
  - From: Ola Lundqvist <ola@inguza.com>
- Re: golang-go.crypto / CVE-2019-11841
  - From: Brian May <bam@debian.org>

Prev by Date: Re: Backports needed for Firefox/Thunderbird ESR 78 in Buster/Stretch
Next by Date: Re: golang-go.crypto / CVE-2019-11841
Previous by thread: Re: golang-go.crypto / CVE-2019-11841
Next by thread: Re: golang-go.crypto / CVE-2019-11841
Index(es):
- Date
- Thread