From: "Theo Gaige (Schneider Electric)" <[email protected]>
Backport patch from [1] [1] https://go.dev/cl/763767 Signed-off-by: Theo Gaige (Schneider Electric) <[email protected]> Reviewed-by: Bruno Vernay <[email protected]> --- meta/recipes-devtools/go/go-1.22.12.inc | 1 + .../go/go/CVE-2026-32283.patch | 177 ++++++++++++++++++ 2 files changed, 178 insertions(+) create mode 100644 meta/recipes-devtools/go/go/CVE-2026-32283.patch diff --git a/meta/recipes-devtools/go/go-1.22.12.inc b/meta/recipes-devtools/go/go-1.22.12.inc index 0d4dff6c21..99c2945a8c 100644 --- a/meta/recipes-devtools/go/go-1.22.12.inc +++ b/meta/recipes-devtools/go/go-1.22.12.inc @@ -43,6 +43,7 @@ SRC_URI += "\ file://CVE-2025-68121_p3.patch \ file://CVE-2026-27142.patch \ file://CVE-2026-32280.patch \ + file://CVE-2026-32283.patch \ " SRC_URI[main.sha256sum] = "012a7e1f37f362c0918c1dfa3334458ac2da1628c4b9cf4d9ca02db986e17d71" diff --git a/meta/recipes-devtools/go/go/CVE-2026-32283.patch b/meta/recipes-devtools/go/go/CVE-2026-32283.patch new file mode 100644 index 0000000000..87bcc5816f --- /dev/null +++ b/meta/recipes-devtools/go/go/CVE-2026-32283.patch @@ -0,0 +1,177 @@ +From f560f55d3f804dcc3002dfe963b37bfa3a67202c Mon Sep 17 00:00:00 2001 +From: Roland Shoemaker <[email protected]> +Date: Mon, 23 Mar 2026 11:54:41 -0700 +Subject: [PATCH] crypto/tls: prevent deadlock when client sends multiple key + update messages + +When we made setReadTrafficSecret send an alert when there are pending +handshake messages, we introduced a deadlock when the client sends +multiple key update messages that request a response, as handleKeyUpdate +will lock the mutex, and defer the unlocking until the end of the +function, but setReadTrafficSecret called sendAlert in the failure case, +which also tries to lock the mutex. + +Add an argument to setReadTrafficSecret which lets the caller indicate +if the mutex is already locked, and if so, call sendAlertLocked instead +of sendAlert. + +Thanks to Jakub Ciolek for reporting this issue. + +Fixes #78334 +Fixes CVE-2026-32283 + +Change-Id: Id8e56974233c910e0d66ba96eafbd2ea57832610 +Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3881 +Reviewed-by: Damien Neil <[email protected]> +Reviewed-by: Nicholas Husin <[email protected]> +Reviewed-on: https://go-review.googlesource.com/c/go/+/763767 +LUCI-TryBot-Result: Go LUCI <[email protected]> +Auto-Submit: David Chase <[email protected]> +Reviewed-by: Russ Cox <[email protected]> +Reviewed-by: Jakub Ciolek <[email protected]> + +CVE: CVE-2026-32283 +Upstream-Status: Backport [https://github.com/golang/go/commit/1ea7966042731bae941511fb2b261b9536ad268f] +Signed-off-by: Theo Gaige (Schneider Electric) <[email protected]> +--- + src/crypto/tls/conn.go | 10 +++-- + src/crypto/tls/handshake_client_tls13.go | 4 +- + src/crypto/tls/handshake_server_tls13.go | 4 +- + src/crypto/tls/handshake_test.go | 48 ++++++++++++++++++++++++ + 4 files changed, 59 insertions(+), 7 deletions(-) + +diff --git a/src/crypto/tls/conn.go b/src/crypto/tls/conn.go +index 08609ce..770d456 100644 +--- a/src/crypto/tls/conn.go ++++ b/src/crypto/tls/conn.go +@@ -1345,7 +1345,7 @@ func (c *Conn) handleKeyUpdate(keyUpdate *keyUpdateMsg) error { + } + + newSecret := cipherSuite.nextTrafficSecret(c.in.trafficSecret) +- if err := c.setReadTrafficSecret(cipherSuite, QUICEncryptionLevelInitial, newSecret); err != nil { ++ if err := c.setReadTrafficSecret(cipherSuite, QUICEncryptionLevelInitial, newSecret, keyUpdate.updateRequested); err != nil { + return err + } + +@@ -1675,12 +1675,16 @@ func (c *Conn) VerifyHostname(host string) error { + // setReadTrafficSecret sets the read traffic secret for the given encryption level. If + // being called at the same time as setWriteTrafficSecret, the caller must ensure the call + // to setWriteTrafficSecret happens first so any alerts are sent at the write level. +-func (c *Conn) setReadTrafficSecret(suite *cipherSuiteTLS13, level QUICEncryptionLevel, secret []byte) error { ++func (c *Conn) setReadTrafficSecret(suite *cipherSuiteTLS13, level QUICEncryptionLevel, secret []byte, locked bool) error { + // Ensure that there are no buffered handshake messages before changing the + // read keys, since that can cause messages to be parsed that were encrypted + // using old keys which are no longer appropriate. + if c.hand.Len() != 0 { +- c.sendAlert(alertUnexpectedMessage) ++ if locked { ++ c.sendAlertLocked(alertUnexpectedMessage) ++ } else { ++ c.sendAlert(alertUnexpectedMessage) ++ } + return errors.New("tls: handshake buffer not empty before setting read traffic secret") + } + c.in.setTrafficSecret(suite, level, secret) +diff --git a/src/crypto/tls/handshake_client_tls13.go b/src/crypto/tls/handshake_client_tls13.go +index 68ff92b..2d58b21 100644 +--- a/src/crypto/tls/handshake_client_tls13.go ++++ b/src/crypto/tls/handshake_client_tls13.go +@@ -396,7 +396,7 @@ func (hs *clientHandshakeStateTLS13) establishHandshakeKeys() error { + c.setWriteTrafficSecret(hs.suite, QUICEncryptionLevelHandshake, clientSecret) + serverSecret := hs.suite.deriveSecret(handshakeSecret, + serverHandshakeTrafficLabel, hs.transcript) +- if err := c.setReadTrafficSecret(hs.suite, QUICEncryptionLevelHandshake, serverSecret); err != nil { ++ if err := c.setReadTrafficSecret(hs.suite, QUICEncryptionLevelHandshake, serverSecret, false); err != nil { + return err + } + +@@ -607,7 +607,7 @@ func (hs *clientHandshakeStateTLS13) readServerFinished() error { + clientApplicationTrafficLabel, hs.transcript) + serverSecret := hs.suite.deriveSecret(hs.masterSecret, + serverApplicationTrafficLabel, hs.transcript) +- if err := c.setReadTrafficSecret(hs.suite, QUICEncryptionLevelApplication, serverSecret); err != nil { ++ if err := c.setReadTrafficSecret(hs.suite, QUICEncryptionLevelApplication, serverSecret, false); err != nil { + return err + } + +diff --git a/src/crypto/tls/handshake_server_tls13.go b/src/crypto/tls/handshake_server_tls13.go +index 1ecee3a..f73b536 100644 +--- a/src/crypto/tls/handshake_server_tls13.go ++++ b/src/crypto/tls/handshake_server_tls13.go +@@ -636,7 +636,7 @@ func (hs *serverHandshakeStateTLS13) sendServerParameters() error { + c.setWriteTrafficSecret(hs.suite, QUICEncryptionLevelHandshake, serverSecret) + clientSecret := hs.suite.deriveSecret(hs.handshakeSecret, + clientHandshakeTrafficLabel, hs.transcript) +- if err := c.setReadTrafficSecret(hs.suite, QUICEncryptionLevelHandshake, clientSecret); err != nil { ++ if err := c.setReadTrafficSecret(hs.suite, QUICEncryptionLevelHandshake, clientSecret, false); err != nil { + return err + } + +@@ -1005,7 +1005,7 @@ func (hs *serverHandshakeStateTLS13) readClientFinished() error { + return errors.New("tls: invalid client finished hash") + } + +- if err := c.setReadTrafficSecret(hs.suite, QUICEncryptionLevelApplication, hs.trafficSecret); err != nil { ++ if err := c.setReadTrafficSecret(hs.suite, QUICEncryptionLevelApplication, hs.trafficSecret, false); err != nil { + return err + } + +diff --git a/src/crypto/tls/handshake_test.go b/src/crypto/tls/handshake_test.go +index 4991a0e..a95d751 100644 +--- a/src/crypto/tls/handshake_test.go ++++ b/src/crypto/tls/handshake_test.go +@@ -673,3 +673,51 @@ func concatHandshakeMessages(msgs ...handshakeMessage) ([]byte, error) { + outBuf = append(outBuf, marshalled...) + return outBuf, nil + } ++ ++func TestMultipleKeyUpdate(t *testing.T) { ++ for _, requestUpdate := range []bool{true, false} { ++ t.Run(fmt.Sprintf("requestUpdate=%t", requestUpdate), func(t *testing.T) { ++ ++ c, s := localPipe(t) ++ cfg := testConfig.Clone() ++ cfg.MinVersion = VersionTLS13 ++ cfg.MaxVersion = VersionTLS13 ++ client := Client(c, testConfig) ++ server := Server(s, testConfig) ++ ++ clientHandshakeDone := make(chan struct{}) ++ go func() { ++ if err := client.Handshake(); err != nil { ++ } ++ close(clientHandshakeDone) ++ io.Copy(io.Discard, server) ++ }() ++ ++ if err := server.Handshake(); err != nil { ++ t.Fatalf("server handshake failed: %v\n", err) ++ } ++ <-clientHandshakeDone ++ ++ c.SetReadDeadline(time.Now().Add(1 * time.Second)) ++ s.SetReadDeadline(time.Now().Add(1 * time.Second)) ++ ++ kuMsg, err := (&keyUpdateMsg{updateRequested: requestUpdate}).marshal() ++ if err != nil { ++ t.Fatalf("failed to marshal key update message: %v", err) ++ } ++ ++ client.out.Lock() ++ if _, err := client.writeRecordLocked(recordTypeHandshake, append(kuMsg, kuMsg...)); err != nil { ++ t.Fatalf("failed to write key update messages: %v", err) ++ } ++ client.out.Unlock() ++ ++ _, err = io.Copy(io.Discard, client) ++ if err == nil { ++ t.Fatal("expected multiple key update messages to cause an error, got nil") ++ } else if !strings.HasSuffix(err.Error(), "tls: unexpected message") { ++ t.Fatalf("unexpected error: %v", err) ++ } ++ }) ++ } ++} +-- +2.43.0 + -- 2.43.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#237485): https://lists.openembedded.org/g/openembedded-core/message/237485 Mute This Topic: https://lists.openembedded.org/mt/119422287/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
