1 files changed, 142 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-23806.patch b/meta/recipes-devtools/go/go-1.14/CVE-2022-23806.patch
new file mode 100644
index 0000000000..772acdcbf6
--- /dev/null
+++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-23806.patch
@@ -0,0 +1,142 @@
+From 5b376a209d1c61e10847e062d78c4b1aa90dff0c Mon Sep 17 00:00:00 2001
+From: Filippo Valsorda <filippo@golang.org>
+Date: Sat, 26 Feb 2022 10:40:57 +0000
+Subject: [PATCH] crypto/elliptic: make IsOnCurve return false for invalid
+ field elements
+Updates #50974
+Fixes #50977
+Fixes CVE-2022-23806
+Signed-off-by: Minjae Kim <flowergom@gmail.com>
+---
+ src/crypto/elliptic/elliptic.go      |  6 +++
+ src/crypto/elliptic/elliptic_test.go | 81 ++++++++++++++++++++++++++++
+ src/crypto/elliptic/p224.go          |  6 +++
+ 3 files changed, 93 insertions(+)
+diff --git a/src/crypto/elliptic/elliptic.go b/src/crypto/elliptic/elliptic.go
+index e2f71cd..bd574a4 100644
+--- a/src/crypto/elliptic/elliptic.go
+++ b/src/crypto/elliptic/elliptic.go
+@@ -53,6 +53,12 @@ func (curve *CurveParams) Params() *CurveParams {
+ }
+ 
+ func (curve *CurveParams) IsOnCurve(x, y *big.Int) bool {
+
+       if x.Sign() < 0 || x.Cmp(curve.P) >= 0 ||
+               y.Sign() < 0 || y.Cmp(curve.P) >= 0 {
+               return false
+       }
+
+        // y² = x³ - 3x + b
+        y2 := new(big.Int).Mul(y, y)
+        y2.Mod(y2, curve.P)
+diff --git a/src/crypto/elliptic/elliptic_test.go b/src/crypto/elliptic/elliptic_test.go
+index 09c5483..b13a620 100644
+--- a/src/crypto/elliptic/elliptic_test.go
+++ b/src/crypto/elliptic/elliptic_test.go
+@@ -628,3 +628,84 @@ func TestUnmarshalToLargeCoordinates(t *testing.T) {
+                t.Errorf("Unmarshal accepts invalid Y coordinate")
+        }
+ }
+
+func testAllCurves(t *testing.T, f func(*testing.T, Curve)) {
+       tests := []struct {
+               name  string
+               curve Curve
+       }{
+               {"P256", P256()},
+               {"P256/Params", P256().Params()},
+               {"P224", P224()},
+               {"P224/Params", P224().Params()},
+               {"P384", P384()},
+               {"P384/Params", P384().Params()},
+               {"P521", P521()},
+               {"P521/Params", P521().Params()},
+       }
+       if testing.Short() {
+               tests = tests[:1]
+       }
+       for _, test := range tests {
+               curve := test.curve
+               t.Run(test.name, func(t *testing.T) {
+                       t.Parallel()
+                       f(t, curve)
+               })
+       }
+}
+
+// TestInvalidCoordinates tests big.Int values that are not valid field elements
+// (negative or bigger than P). They are expected to return false from
+// IsOnCurve, all other behavior is undefined.
+func TestInvalidCoordinates(t *testing.T) {
+       testAllCurves(t, testInvalidCoordinates)
+}
+
+func testInvalidCoordinates(t *testing.T, curve Curve) {
+       checkIsOnCurveFalse := func(name string, x, y *big.Int) {
+               if curve.IsOnCurve(x, y) {
+                       t.Errorf("IsOnCurve(%s) unexpectedly returned true", name)
+               }
+       }
+
+       p := curve.Params().P
+       _, x, y, _ := GenerateKey(curve, rand.Reader)
+       xx, yy := new(big.Int), new(big.Int)
+
+       // Check if the sign is getting dropped.
+       xx.Neg(x)
+       checkIsOnCurveFalse("-x, y", xx, y)
+       yy.Neg(y)
+       checkIsOnCurveFalse("x, -y", x, yy)
+
+       // Check if negative values are reduced modulo P.
+       xx.Sub(x, p)
+       checkIsOnCurveFalse("x-P, y", xx, y)
+       yy.Sub(y, p)
+       checkIsOnCurveFalse("x, y-P", x, yy)
+
+       // Check if positive values are reduced modulo P.
+       xx.Add(x, p)
+       checkIsOnCurveFalse("x+P, y", xx, y)
+       yy.Add(y, p)
+       checkIsOnCurveFalse("x, y+P", x, yy)
+
+       // Check if the overflow is dropped.
+       xx.Add(x, new(big.Int).Lsh(big.NewInt(1), 535))
+       checkIsOnCurveFalse("x+2⁵³⁵, y", xx, y)
+       yy.Add(y, new(big.Int).Lsh(big.NewInt(1), 535))
+       checkIsOnCurveFalse("x, y+2⁵³⁵", x, yy)
+
+       // Check if P is treated like zero (if possible).
+       // y^2 = x^3 - 3x + B
+       // y = mod_sqrt(x^3 - 3x + B)
+       // y = mod_sqrt(B) if x = 0
+       // If there is no modsqrt, there is no point with x = 0, can't test x = P.
+       if yy := new(big.Int).ModSqrt(curve.Params().B, p); yy != nil {
+               if !curve.IsOnCurve(big.NewInt(0), yy) {
+                       t.Fatal("(0, mod_sqrt(B)) is not on the curve?")
+               }
+               checkIsOnCurveFalse("P, y", p, yy)
+       }
+}
+diff --git a/src/crypto/elliptic/p224.go b/src/crypto/elliptic/p224.go
+index 8c76021..f1bfd7e 100644
+--- a/src/crypto/elliptic/p224.go
+++ b/src/crypto/elliptic/p224.go
+@@ -48,6 +48,12 @@ func (curve p224Curve) Params() *CurveParams {
+ }
+ 
+ func (curve p224Curve) IsOnCurve(bigX, bigY *big.Int) bool {
+
+       if bigX.Sign() < 0 || bigX.Cmp(curve.P) >= 0 ||
+               bigY.Sign() < 0 || bigY.Cmp(curve.P) >= 0 {
+               return false
+       }
+
+        var x, y p224FieldElement
+        p224FromBig(&x, bigX)
+        p224FromBig(&y, bigY)

diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-23806.patch b/meta/recipes-devtools/go/go-1.14/CVE-2022-23806.patch new file mode 100644 index 0000000000..772acdcbf6 --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-23806.patch
@@ -0,0 +1,142 @@
	1	From 5b376a209d1c61e10847e062d78c4b1aa90dff0c Mon Sep 17 00:00:00 2001
	2	From: Filippo Valsorda <filippo@golang.org>
	3	Date: Sat, 26 Feb 2022 10:40:57 +0000
	4	Subject: [PATCH] crypto/elliptic: make IsOnCurve return false for invalid
	5
	6	field elements
	7
	8	Updates #50974
	9	Fixes #50977
	10	Fixes CVE-2022-23806
	11
	12	Signed-off-by: Minjae Kim <flowergom@gmail.com>
	13
	14	---
	15	src/crypto/elliptic/elliptic.go \| 6 +++
	16	src/crypto/elliptic/elliptic_test.go \| 81 ++++++++++++++++++++++++++++
	17	src/crypto/elliptic/p224.go \| 6 +++
	18	3 files changed, 93 insertions(+)
	19
	20	diff --git a/src/crypto/elliptic/elliptic.go b/src/crypto/elliptic/elliptic.go
	21	index e2f71cd..bd574a4 100644
	22	--- a/src/crypto/elliptic/elliptic.go
	23	+++ b/src/crypto/elliptic/elliptic.go
	24	@@ -53,6 +53,12 @@ func (curve CurveParams) Params() CurveParams {
	25	}
	26
	27	func (curve CurveParams) IsOnCurve(x, y big.Int) bool {
	28	+
	29	+ if x.Sign() < 0 \|\| x.Cmp(curve.P) >= 0 \|\|
	30	+ y.Sign() < 0 \|\| y.Cmp(curve.P) >= 0 {
	31	+ return false
	32	+ }
	33	+
	34	// y² = x³ - 3x + b
	35	y2 := new(big.Int).Mul(y, y)
	36	y2.Mod(y2, curve.P)
	37	diff --git a/src/crypto/elliptic/elliptic_test.go b/src/crypto/elliptic/elliptic_test.go
	38	index 09c5483..b13a620 100644
	39	--- a/src/crypto/elliptic/elliptic_test.go
	40	+++ b/src/crypto/elliptic/elliptic_test.go
	41	@@ -628,3 +628,84 @@ func TestUnmarshalToLargeCoordinates(t *testing.T) {
	42	t.Errorf("Unmarshal accepts invalid Y coordinate")
	43	}
	44	}
	45	+
	46	+func testAllCurves(t testing.T, f func(testing.T, Curve)) {
	47	+ tests := []struct {
	48	+ name string
	49	+ curve Curve
	50	+ }{
	51	+ {"P256", P256()},
	52	+ {"P256/Params", P256().Params()},
	53	+ {"P224", P224()},
	54	+ {"P224/Params", P224().Params()},
	55	+ {"P384", P384()},
	56	+ {"P384/Params", P384().Params()},
	57	+ {"P521", P521()},
	58	+ {"P521/Params", P521().Params()},
	59	+ }
	60	+ if testing.Short() {
	61	+ tests = tests[:1]
	62	+ }
	63	+ for _, test := range tests {
	64	+ curve := test.curve
	65	+ t.Run(test.name, func(t *testing.T) {
	66	+ t.Parallel()
	67	+ f(t, curve)
	68	+ })
	69	+ }
	70	+}
	71	+
	72	+// TestInvalidCoordinates tests big.Int values that are not valid field elements
	73	+// (negative or bigger than P). They are expected to return false from
	74	+// IsOnCurve, all other behavior is undefined.
	75	+func TestInvalidCoordinates(t *testing.T) {
	76	+ testAllCurves(t, testInvalidCoordinates)
	77	+}
	78	+
	79	+func testInvalidCoordinates(t *testing.T, curve Curve) {
	80	+ checkIsOnCurveFalse := func(name string, x, y *big.Int) {
	81	+ if curve.IsOnCurve(x, y) {
	82	+ t.Errorf("IsOnCurve(%s) unexpectedly returned true", name)
	83	+ }
	84	+ }
	85	+
	86	+ p := curve.Params().P
	87	+ _, x, y, _ := GenerateKey(curve, rand.Reader)
	88	+ xx, yy := new(big.Int), new(big.Int)
	89	+
	90	+ // Check if the sign is getting dropped.
	91	+ xx.Neg(x)
	92	+ checkIsOnCurveFalse("-x, y", xx, y)
	93	+ yy.Neg(y)
	94	+ checkIsOnCurveFalse("x, -y", x, yy)
	95	+
	96	+ // Check if negative values are reduced modulo P.
	97	+ xx.Sub(x, p)
	98	+ checkIsOnCurveFalse("x-P, y", xx, y)
	99	+ yy.Sub(y, p)
	100	+ checkIsOnCurveFalse("x, y-P", x, yy)
	101	+
	102	+ // Check if positive values are reduced modulo P.
	103	+ xx.Add(x, p)
	104	+ checkIsOnCurveFalse("x+P, y", xx, y)
	105	+ yy.Add(y, p)
	106	+ checkIsOnCurveFalse("x, y+P", x, yy)
	107	+
	108	+ // Check if the overflow is dropped.
	109	+ xx.Add(x, new(big.Int).Lsh(big.NewInt(1), 535))
	110	+ checkIsOnCurveFalse("x+2⁵³⁵, y", xx, y)
	111	+ yy.Add(y, new(big.Int).Lsh(big.NewInt(1), 535))
	112	+ checkIsOnCurveFalse("x, y+2⁵³⁵", x, yy)
	113	+
	114	+ // Check if P is treated like zero (if possible).
	115	+ // y^2 = x^3 - 3x + B
	116	+ // y = mod_sqrt(x^3 - 3x + B)
	117	+ // y = mod_sqrt(B) if x = 0
	118	+ // If there is no modsqrt, there is no point with x = 0, can't test x = P.
	119	+ if yy := new(big.Int).ModSqrt(curve.Params().B, p); yy != nil {
	120	+ if !curve.IsOnCurve(big.NewInt(0), yy) {
	121	+ t.Fatal("(0, mod_sqrt(B)) is not on the curve?")
	122	+ }
	123	+ checkIsOnCurveFalse("P, y", p, yy)
	124	+ }
	125	+}
	126	diff --git a/src/crypto/elliptic/p224.go b/src/crypto/elliptic/p224.go
	127	index 8c76021..f1bfd7e 100644
	128	--- a/src/crypto/elliptic/p224.go
	129	+++ b/src/crypto/elliptic/p224.go
	130	@@ -48,6 +48,12 @@ func (curve p224Curve) Params() *CurveParams {
	131	}
	132
	133	func (curve p224Curve) IsOnCurve(bigX, bigY *big.Int) bool {
	134	+
	135	+ if bigX.Sign() < 0 \|\| bigX.Cmp(curve.P) >= 0 \|\|
	136	+ bigY.Sign() < 0 \|\| bigY.Cmp(curve.P) >= 0 {
	137	+ return false
	138	+ }
	139	+
	140	var x, y p224FieldElement
	141	p224FromBig(&x, bigX)
	142	p224FromBig(&y, bigY)