diff options
Diffstat (limited to 'meta/recipes-devtools/go/go-1.14/CVE-2022-23806.patch')
-rw-r--r-- | meta/recipes-devtools/go/go-1.14/CVE-2022-23806.patch | 142 |
1 files changed, 142 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-23806.patch b/meta/recipes-devtools/go/go-1.14/CVE-2022-23806.patch new file mode 100644 index 0000000000..772acdcbf6 --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-23806.patch | |||
@@ -0,0 +1,142 @@ | |||
1 | From 5b376a209d1c61e10847e062d78c4b1aa90dff0c Mon Sep 17 00:00:00 2001 | ||
2 | From: Filippo Valsorda <filippo@golang.org> | ||
3 | Date: Sat, 26 Feb 2022 10:40:57 +0000 | ||
4 | Subject: [PATCH] crypto/elliptic: make IsOnCurve return false for invalid | ||
5 | |||
6 | field elements | ||
7 | |||
8 | Updates #50974 | ||
9 | Fixes #50977 | ||
10 | Fixes CVE-2022-23806 | ||
11 | |||
12 | Signed-off-by: Minjae Kim <flowergom@gmail.com> | ||
13 | |||
14 | --- | ||
15 | src/crypto/elliptic/elliptic.go | 6 +++ | ||
16 | src/crypto/elliptic/elliptic_test.go | 81 ++++++++++++++++++++++++++++ | ||
17 | src/crypto/elliptic/p224.go | 6 +++ | ||
18 | 3 files changed, 93 insertions(+) | ||
19 | |||
20 | diff --git a/src/crypto/elliptic/elliptic.go b/src/crypto/elliptic/elliptic.go | ||
21 | index e2f71cd..bd574a4 100644 | ||
22 | --- a/src/crypto/elliptic/elliptic.go | ||
23 | +++ b/src/crypto/elliptic/elliptic.go | ||
24 | @@ -53,6 +53,12 @@ func (curve *CurveParams) Params() *CurveParams { | ||
25 | } | ||
26 | |||
27 | func (curve *CurveParams) IsOnCurve(x, y *big.Int) bool { | ||
28 | + | ||
29 | + if x.Sign() < 0 || x.Cmp(curve.P) >= 0 || | ||
30 | + y.Sign() < 0 || y.Cmp(curve.P) >= 0 { | ||
31 | + return false | ||
32 | + } | ||
33 | + | ||
34 | // y² = x³ - 3x + b | ||
35 | y2 := new(big.Int).Mul(y, y) | ||
36 | y2.Mod(y2, curve.P) | ||
37 | diff --git a/src/crypto/elliptic/elliptic_test.go b/src/crypto/elliptic/elliptic_test.go | ||
38 | index 09c5483..b13a620 100644 | ||
39 | --- a/src/crypto/elliptic/elliptic_test.go | ||
40 | +++ b/src/crypto/elliptic/elliptic_test.go | ||
41 | @@ -628,3 +628,84 @@ func TestUnmarshalToLargeCoordinates(t *testing.T) { | ||
42 | t.Errorf("Unmarshal accepts invalid Y coordinate") | ||
43 | } | ||
44 | } | ||
45 | + | ||
46 | +func testAllCurves(t *testing.T, f func(*testing.T, Curve)) { | ||
47 | + tests := []struct { | ||
48 | + name string | ||
49 | + curve Curve | ||
50 | + }{ | ||
51 | + {"P256", P256()}, | ||
52 | + {"P256/Params", P256().Params()}, | ||
53 | + {"P224", P224()}, | ||
54 | + {"P224/Params", P224().Params()}, | ||
55 | + {"P384", P384()}, | ||
56 | + {"P384/Params", P384().Params()}, | ||
57 | + {"P521", P521()}, | ||
58 | + {"P521/Params", P521().Params()}, | ||
59 | + } | ||
60 | + if testing.Short() { | ||
61 | + tests = tests[:1] | ||
62 | + } | ||
63 | + for _, test := range tests { | ||
64 | + curve := test.curve | ||
65 | + t.Run(test.name, func(t *testing.T) { | ||
66 | + t.Parallel() | ||
67 | + f(t, curve) | ||
68 | + }) | ||
69 | + } | ||
70 | +} | ||
71 | + | ||
72 | +// TestInvalidCoordinates tests big.Int values that are not valid field elements | ||
73 | +// (negative or bigger than P). They are expected to return false from | ||
74 | +// IsOnCurve, all other behavior is undefined. | ||
75 | +func TestInvalidCoordinates(t *testing.T) { | ||
76 | + testAllCurves(t, testInvalidCoordinates) | ||
77 | +} | ||
78 | + | ||
79 | +func testInvalidCoordinates(t *testing.T, curve Curve) { | ||
80 | + checkIsOnCurveFalse := func(name string, x, y *big.Int) { | ||
81 | + if curve.IsOnCurve(x, y) { | ||
82 | + t.Errorf("IsOnCurve(%s) unexpectedly returned true", name) | ||
83 | + } | ||
84 | + } | ||
85 | + | ||
86 | + p := curve.Params().P | ||
87 | + _, x, y, _ := GenerateKey(curve, rand.Reader) | ||
88 | + xx, yy := new(big.Int), new(big.Int) | ||
89 | + | ||
90 | + // Check if the sign is getting dropped. | ||
91 | + xx.Neg(x) | ||
92 | + checkIsOnCurveFalse("-x, y", xx, y) | ||
93 | + yy.Neg(y) | ||
94 | + checkIsOnCurveFalse("x, -y", x, yy) | ||
95 | + | ||
96 | + // Check if negative values are reduced modulo P. | ||
97 | + xx.Sub(x, p) | ||
98 | + checkIsOnCurveFalse("x-P, y", xx, y) | ||
99 | + yy.Sub(y, p) | ||
100 | + checkIsOnCurveFalse("x, y-P", x, yy) | ||
101 | + | ||
102 | + // Check if positive values are reduced modulo P. | ||
103 | + xx.Add(x, p) | ||
104 | + checkIsOnCurveFalse("x+P, y", xx, y) | ||
105 | + yy.Add(y, p) | ||
106 | + checkIsOnCurveFalse("x, y+P", x, yy) | ||
107 | + | ||
108 | + // Check if the overflow is dropped. | ||
109 | + xx.Add(x, new(big.Int).Lsh(big.NewInt(1), 535)) | ||
110 | + checkIsOnCurveFalse("x+2⁵³⁵, y", xx, y) | ||
111 | + yy.Add(y, new(big.Int).Lsh(big.NewInt(1), 535)) | ||
112 | + checkIsOnCurveFalse("x, y+2⁵³⁵", x, yy) | ||
113 | + | ||
114 | + // Check if P is treated like zero (if possible). | ||
115 | + // y^2 = x^3 - 3x + B | ||
116 | + // y = mod_sqrt(x^3 - 3x + B) | ||
117 | + // y = mod_sqrt(B) if x = 0 | ||
118 | + // If there is no modsqrt, there is no point with x = 0, can't test x = P. | ||
119 | + if yy := new(big.Int).ModSqrt(curve.Params().B, p); yy != nil { | ||
120 | + if !curve.IsOnCurve(big.NewInt(0), yy) { | ||
121 | + t.Fatal("(0, mod_sqrt(B)) is not on the curve?") | ||
122 | + } | ||
123 | + checkIsOnCurveFalse("P, y", p, yy) | ||
124 | + } | ||
125 | +} | ||
126 | diff --git a/src/crypto/elliptic/p224.go b/src/crypto/elliptic/p224.go | ||
127 | index 8c76021..f1bfd7e 100644 | ||
128 | --- a/src/crypto/elliptic/p224.go | ||
129 | +++ b/src/crypto/elliptic/p224.go | ||
130 | @@ -48,6 +48,12 @@ func (curve p224Curve) Params() *CurveParams { | ||
131 | } | ||
132 | |||
133 | func (curve p224Curve) IsOnCurve(bigX, bigY *big.Int) bool { | ||
134 | + | ||
135 | + if bigX.Sign() < 0 || bigX.Cmp(curve.P) >= 0 || | ||
136 | + bigY.Sign() < 0 || bigY.Cmp(curve.P) >= 0 { | ||
137 | + return false | ||
138 | + } | ||
139 | + | ||
140 | var x, y p224FieldElement | ||
141 | p224FromBig(&x, bigX) | ||
142 | p224FromBig(&y, bigY) | ||