From 2664205e243d0096ace5c652ea4e8bca6acf6b5d Mon Sep 17 00:00:00 2001 From: Filippo Valsorda Date: Thu, 31 Mar 2022 12:31:58 -0400 Subject: [PATCH] [go-1.15.15-eks] crypto/elliptic: tolerate zero-padded scalars in generic P-256 # AWS EKS Backported To: go-1.15.15-eks Backported On: Thu, 22 Sept 2022 Backported By: budris@amazon.com Backported From: release-branch.go1.17 EKS Patch Source Commit: https://github.com/danbudris/go/commit/2664205e243d0096ace5c652ea4e8bca6acf6b5d Upstream Source Commit: https://github.com/golang/go/commit/7139e8b024604ab168b51b99c6e8168257a5bf58 # Original Information Updates #52075 Fixes #52076 Fixes CVE-2022-28327 Change-Id: I595a7514c9a0aa1b9c76aedfc2307e1124271f27 Reviewed-on: https://go-review.googlesource.com/c/go/+/397136 Trust: Filippo Valsorda Reviewed-by: Julie Qiu --- src/crypto/elliptic/p256.go | 2 +- src/crypto/elliptic/p256_test.go | 23 +++++++++++++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 src/crypto/elliptic/p256_test.go diff --git a/src/crypto/elliptic/p256.go b/src/crypto/elliptic/p256.go index c23e414156..787e3e7444 100644 --- a/src/crypto/elliptic/p256.go +++ b/src/crypto/elliptic/p256.go @@ -51,7 +51,7 @@ func p256GetScalar(out *[32]byte, in []byte) { n := new(big.Int).SetBytes(in) var scalarBytes []byte - if n.Cmp(p256Params.N) >= 0 { + if n.Cmp(p256Params.N) >= 0 || len(in) > len(out) { n.Mod(n, p256Params.N) scalarBytes = n.Bytes() } else { diff --git a/src/crypto/elliptic/p256_test.go b/src/crypto/elliptic/p256_test.go new file mode 100644 index 0000000000..1ced90e524 --- /dev/null +++ b/src/crypto/elliptic/p256_test.go @@ -0,0 +1,23 @@ +// Copyright 2021 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package elliptic + +import ( + "testing" +) + +func TestIssue52075(t *testing.T) { + Gx, Gy := P256().Params().Gx, P256().Params().Gy + scalar := make([]byte, 33) + scalar[32] = 1 + x, y := P256().ScalarBaseMult(scalar) + if x.Cmp(Gx) != 0 || y.Cmp(Gy) != 0 { + t.Errorf("unexpected output (%v,%v)", x, y) + } + x, y = P256().ScalarMult(Gx, Gy, scalar) + if x.Cmp(Gx) != 0 || y.Cmp(Gy) != 0 { + t.Errorf("unexpected output (%v,%v)", x, y) + } +} -- 2.30.1 (Apple Git-130)