Skip to content

Commit

Permalink
fix(deps): update module golang.org/x/crypto to v0.17.0 [security] (#27)
Browse files Browse the repository at this point in the history
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| golang.org/x/crypto | `v0.16.0` -> `v0.17.0` |
[![age](https://developer.mend.io/api/mc/badges/age/go/golang.org%2fx%2fcrypto/v0.17.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/golang.org%2fx%2fcrypto/v0.17.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/golang.org%2fx%2fcrypto/v0.16.0/v0.17.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/golang.org%2fx%2fcrypto/v0.16.0/v0.17.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

####
[CVE-2023-48795](https://togithub.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8)

### Summary

Terrapin is a prefix truncation attack targeting the SSH protocol. More
precisely, Terrapin breaks the integrity of SSH's secure channel. By
carefully adjusting the sequence numbers during the handshake, an
attacker can remove an arbitrary amount of messages sent by the client
or server at the beginning of the secure channel without the client or
server noticing it.

### Mitigations

To mitigate this protocol vulnerability, OpenSSH suggested a so-called
"strict kex" which alters the SSH handshake to ensure a
Man-in-the-Middle attacker cannot introduce unauthenticated messages as
well as convey sequence number manipulation across handshakes.

**Warning: To take effect, both the client and server must support this
countermeasure.**

As a stop-gap measure, peers may also (temporarily) disable the affected
algorithms and use unaffected alternatives like AES-GCM instead until
patches are available.

### Details

The SSH specifications of ChaCha20-Poly1305
(chacha20-poly1305@​openssh.com) and Encrypt-then-MAC
(*[email protected] MACs) are vulnerable against an arbitrary prefix
truncation attack (a.k.a. Terrapin attack). This allows for an extension
negotiation downgrade by stripping the SSH_MSG_EXT_INFO sent after the
first message after SSH_MSG_NEWKEYS, downgrading security, and disabling
attack countermeasures in some versions of OpenSSH. When targeting
Encrypt-then-MAC, this attack requires the use of a CBC cipher to be
practically exploitable due to the internal workings of the cipher mode.
Additionally, this novel attack technique can be used to exploit
previously unexploitable implementation flaws in a Man-in-the-Middle
scenario.

The attack works by an attacker injecting an arbitrary number of
SSH_MSG_IGNORE messages during the initial key exchange and consequently
removing the same number of messages just after the initial key exchange
has concluded. This is possible due to missing authentication of the
excess SSH_MSG_IGNORE messages and the fact that the implicit sequence
numbers used within the SSH protocol are only checked after the initial
key exchange.

In the case of ChaCha20-Poly1305, the attack is guaranteed to work on
every connection as this cipher does not maintain an internal state
other than the message's sequence number. In the case of
Encrypt-Then-MAC, practical exploitation requires the use of a CBC
cipher; while theoretical integrity is broken for all ciphers when using
this mode, message processing will fail at the application layer for CTR
and stream ciphers.

For more details see
[https://terrapin-attack.com](https://terrapin-attack.com).

### Impact

This attack targets the specification of ChaCha20-Poly1305
(chacha20-poly1305@​openssh.com) and Encrypt-then-MAC
(*[email protected]), which are widely adopted by well-known SSH
implementations and can be considered de-facto standard. These
algorithms can be practically exploited; however, in the case of
Encrypt-Then-MAC, we additionally require the use of a CBC cipher. As a
consequence, this attack works against all well-behaving SSH
implementations supporting either of those algorithms and can be used to
downgrade (but not fully strip) connection security in case SSH
extension negotiation (RFC8308) is supported. The attack may also enable
attackers to exploit certain implementation flaws in a man-in-the-middle
(MitM) scenario.

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/matter-labs/vault-auth-tee).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy45My4xIiwidXBkYXRlZEluVmVyIjoiMzcuMTAzLjEiLCJ0YXJnZXRCcmFuY2giOiJtYWluIn0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
  • Loading branch information
renovate[bot] authored Dec 21, 2023
1 parent 744fe75 commit 6ac992c
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 1 deletion.
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ require (
github.com/hashicorp/vault/api v1.9.2
github.com/hashicorp/vault/sdk v0.9.2-0.20230704151349-7522ca248f90
github.com/stretchr/testify v1.8.4
golang.org/x/crypto v0.16.0
golang.org/x/crypto v0.17.0
)

require (
Expand Down
2 changes: 2 additions & 0 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -1213,6 +1213,8 @@ golang.org/x/crypto v0.15.0 h1:frVn1TEaCEaZcn3Tmd7Y2b5KKPaZ+I32Q2OA3kYp5TA=
golang.org/x/crypto v0.15.0/go.mod h1:4ChreQoLWfG3xLDer1WdlH5NdlQ3+mwnQq1YTKY+72g=
golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY=
golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
Expand Down

0 comments on commit 6ac992c

Please sign in to comment.