diff options
Diffstat (limited to 'meta/recipes-devtools/go/go-1.14/CVE-2022-28327.patch')
-rw-r--r-- | meta/recipes-devtools/go/go-1.14/CVE-2022-28327.patch | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14/CVE-2022-28327.patch b/meta/recipes-devtools/go/go-1.14/CVE-2022-28327.patch new file mode 100644 index 0000000000..6361deec7d --- /dev/null +++ b/meta/recipes-devtools/go/go-1.14/CVE-2022-28327.patch | |||
@@ -0,0 +1,36 @@ | |||
1 | From 34d9ab78568d63d8097911237897b188bdaba9c2 Mon Sep 17 00:00:00 2001 | ||
2 | From: Filippo Valsorda <filippo@golang.org> | ||
3 | Date: Thu, 31 Mar 2022 12:31:58 -0400 | ||
4 | Subject: [PATCH] crypto/elliptic: tolerate zero-padded scalars in generic | ||
5 | P-256 | ||
6 | |||
7 | Upstream-Status: Backport [https://github.com/golang/go/commit/7139e8b024604ab168b51b99c6e8168257a5bf58] | ||
8 | CVE: CVE-2022-28327 | ||
9 | Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org> | ||
10 | |||
11 | |||
12 | Updates #52075 | ||
13 | Fixes #52076 | ||
14 | Fixes CVE-2022-28327 | ||
15 | |||
16 | Change-Id: I595a7514c9a0aa1b9c76aedfc2307e1124271f27 | ||
17 | Reviewed-on: https://go-review.googlesource.com/c/go/+/397136 | ||
18 | Trust: Filippo Valsorda <filippo@golang.org> | ||
19 | Reviewed-by: Julie Qiu <julie@golang.org> | ||
20 | --- | ||
21 | src/crypto/elliptic/p256.go | 2 +- | ||
22 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
23 | |||
24 | diff --git a/src/crypto/elliptic/p256.go b/src/crypto/elliptic/p256.go | ||
25 | index c23e414..787e3e7 100644 | ||
26 | --- a/src/crypto/elliptic/p256.go | ||
27 | +++ b/src/crypto/elliptic/p256.go | ||
28 | @@ -51,7 +51,7 @@ func p256GetScalar(out *[32]byte, in []byte) { | ||
29 | n := new(big.Int).SetBytes(in) | ||
30 | var scalarBytes []byte | ||
31 | |||
32 | - if n.Cmp(p256Params.N) >= 0 { | ||
33 | + if n.Cmp(p256Params.N) >= 0 || len(in) > len(out) { | ||
34 | n.Mod(n, p256Params.N) | ||
35 | scalarBytes = n.Bytes() | ||
36 | } else { | ||