diff options
author | Vijay Anusuri <vanusuri@mvista.com> | 2024-01-06 11:19:31 +0530 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2024-01-21 08:33:18 -1000 |
commit | 5c5aa47adb05bb966711e5ead98333a53c07ab1d (patch) | |
tree | 103c69bad311467feaa3fb768e33b52eac9391f5 /meta/recipes-devtools/go/go-1.14/CVE-2023-45287-pre3.patch | |
parent | b418ede9942f8b31d66ce172ede35f55b423b0a2 (diff) | |
download | poky-5c5aa47adb05bb966711e5ead98333a53c07ab1d.tar.gz |
go: Backport fix for CVE-2023-45287
Upstream-Status: Backport
[https://github.com/golang/go/commit/9baafabac9a84813a336f068862207d2bb06d255
&
https://github.com/golang/go/commit/c9d5f60eaa4450ccf1ce878d55b4c6a12843f2f3
&
https://github.com/golang/go/commit/8f676144ad7b7c91adb0c6e1ec89aaa6283c6807
&
https://github.com/golang/go/commit/8a81fdf165facdcefa06531de5af98a4db343035]
(From OE-Core rev: 20e1d10a3ebefc8c5237c065c25eba4182d22efd)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-devtools/go/go-1.14/CVE-2023-45287-pre3.patch')
-rw-r--r-- | meta/recipes-devtools/go/go-1.14/CVE-2023-45287-pre3.patch | 86 |
1 files changed, 86 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2023-45287-pre3.patch b/meta/recipes-devtools/go/go-1.14/CVE-2023-45287-pre3.patch new file mode 100644 index 0000000000..ae9fcc170c --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2023-45287-pre3.patch | |||
@@ -0,0 +1,86 @@ | |||
1 | From 8f676144ad7b7c91adb0c6e1ec89aaa6283c6807 Mon Sep 17 00:00:00 2001 | ||
2 | From: Himanshu Kishna Srivastava <28himanshu@gmail.com> | ||
3 | Date: Tue, 16 Mar 2021 22:37:46 +0530 | ||
4 | Subject: [PATCH] crypto/rsa: fix salt length calculation with | ||
5 | PSSSaltLengthAuto | ||
6 | |||
7 | When PSSSaltLength is set, the maximum salt length must equal: | ||
8 | |||
9 | (modulus_key_size - 1 + 7)/8 - hash_length - 2 | ||
10 | and for example, with a 4096 bit modulus key, and a SHA-1 hash, | ||
11 | it should be: | ||
12 | |||
13 | (4096 -1 + 7)/8 - 20 - 2 = 490 | ||
14 | Previously we'd encounter this error: | ||
15 | |||
16 | crypto/rsa: key size too small for PSS signature | ||
17 | |||
18 | Fixes #42741 | ||
19 | |||
20 | Change-Id: I18bb82c41c511d564b3f4c443f4b3a38ab010ac5 | ||
21 | Reviewed-on: https://go-review.googlesource.com/c/go/+/302230 | ||
22 | Reviewed-by: Emmanuel Odeke <emmanuel@orijtech.com> | ||
23 | Reviewed-by: Filippo Valsorda <filippo@golang.org> | ||
24 | Trust: Emmanuel Odeke <emmanuel@orijtech.com> | ||
25 | Run-TryBot: Emmanuel Odeke <emmanuel@orijtech.com> | ||
26 | TryBot-Result: Go Bot <gobot@golang.org> | ||
27 | |||
28 | Upstream-Status: Backport [https://github.com/golang/go/commit/8f676144ad7b7c91adb0c6e1ec89aaa6283c6807] | ||
29 | CVE: CVE-2023-45287 #Dependency Patch3 | ||
30 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
31 | --- | ||
32 | src/crypto/rsa/pss.go | 2 +- | ||
33 | src/crypto/rsa/pss_test.go | 20 +++++++++++++++++++- | ||
34 | 2 files changed, 20 insertions(+), 2 deletions(-) | ||
35 | |||
36 | diff --git a/src/crypto/rsa/pss.go b/src/crypto/rsa/pss.go | ||
37 | index b2adbedb28fa8..814522de8181f 100644 | ||
38 | --- a/src/crypto/rsa/pss.go | ||
39 | +++ b/src/crypto/rsa/pss.go | ||
40 | @@ -269,7 +269,7 @@ func SignPSS(rand io.Reader, priv *PrivateKey, hash crypto.Hash, digest []byte, | ||
41 | saltLength := opts.saltLength() | ||
42 | switch saltLength { | ||
43 | case PSSSaltLengthAuto: | ||
44 | - saltLength = priv.Size() - 2 - hash.Size() | ||
45 | + saltLength = (priv.N.BitLen()-1+7)/8 - 2 - hash.Size() | ||
46 | case PSSSaltLengthEqualsHash: | ||
47 | saltLength = hash.Size() | ||
48 | } | ||
49 | diff --git a/src/crypto/rsa/pss_test.go b/src/crypto/rsa/pss_test.go | ||
50 | index dfa8d8bb5ad02..c3a6d468497cd 100644 | ||
51 | --- a/src/crypto/rsa/pss_test.go | ||
52 | +++ b/src/crypto/rsa/pss_test.go | ||
53 | @@ -12,7 +12,7 @@ import ( | ||
54 | _ "crypto/md5" | ||
55 | "crypto/rand" | ||
56 | "crypto/sha1" | ||
57 | - _ "crypto/sha256" | ||
58 | + "crypto/sha256" | ||
59 | "encoding/hex" | ||
60 | "math/big" | ||
61 | "os" | ||
62 | @@ -233,6 +233,24 @@ func TestPSSSigning(t *testing.T) { | ||
63 | } | ||
64 | } | ||
65 | |||
66 | +func TestSignWithPSSSaltLengthAuto(t *testing.T) { | ||
67 | + key, err := GenerateKey(rand.Reader, 513) | ||
68 | + if err != nil { | ||
69 | + t.Fatal(err) | ||
70 | + } | ||
71 | + digest := sha256.Sum256([]byte("message")) | ||
72 | + signature, err := key.Sign(rand.Reader, digest[:], &PSSOptions{ | ||
73 | + SaltLength: PSSSaltLengthAuto, | ||
74 | + Hash: crypto.SHA256, | ||
75 | + }) | ||
76 | + if err != nil { | ||
77 | + t.Fatal(err) | ||
78 | + } | ||
79 | + if len(signature) == 0 { | ||
80 | + t.Fatal("empty signature returned") | ||
81 | + } | ||
82 | +} | ||
83 | + | ||
84 | func bigFromHex(hex string) *big.Int { | ||
85 | n, ok := new(big.Int).SetString(hex, 16) | ||
86 | if !ok { | ||