Skip to content

Commit

Permalink
crypto/elliptic: tolerate zero-padded scalars in generic P-256
Browse files Browse the repository at this point in the history
# AWS EKS
Backported To: go-1.15.15-eks
Backported On: Thu, 22 Sept 2022
Backported By: [email protected]
Backported From: release-branch.go1.17
EKS Patch Source Commit: danbudris@2664205
Upstream Source Commit: golang@7139e8b

# Original Information

Updates golang#52075
Fixes golang#52076
Fixes CVE-2022-28327

Change-Id: I595a7514c9a0aa1b9c76aedfc2307e1124271f27
Reviewed-on: https://go-review.googlesource.com/c/go/+/397136
Trust: Filippo Valsorda <[email protected]>
Reviewed-by: Julie Qiu <[email protected]>
  • Loading branch information
FiloSottile authored and rcrozean committed Oct 5, 2022
1 parent e282c4a commit 192f06f
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 1 deletion.
2 changes: 1 addition & 1 deletion src/crypto/elliptic/p256.go
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ func p256GetScalar(out *[32]byte, in []byte) {
n := new(big.Int).SetBytes(in)
var scalarBytes []byte

if n.Cmp(p256Params.N) >= 0 {
if n.Cmp(p256Params.N) >= 0 || len(in) > len(out) {
n.Mod(n, p256Params.N)
scalarBytes = n.Bytes()
} else {
Expand Down
23 changes: 23 additions & 0 deletions src/crypto/elliptic/p256_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
// Copyright 2021 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

package elliptic

import (
"testing"
)

func TestIssue52075(t *testing.T) {
Gx, Gy := P256().Params().Gx, P256().Params().Gy
scalar := make([]byte, 33)
scalar[32] = 1
x, y := P256().ScalarBaseMult(scalar)
if x.Cmp(Gx) != 0 || y.Cmp(Gy) != 0 {
t.Errorf("unexpected output (%v,%v)", x, y)
}
x, y = P256().ScalarMult(Gx, Gy, scalar)
if x.Cmp(Gx) != 0 || y.Cmp(Gy) != 0 {
t.Errorf("unexpected output (%v,%v)", x, y)
}
}

0 comments on commit 192f06f

Please sign in to comment.