golang/0001-release-branch.go1.17-crypto-elliptic-tolerate-zero-.patch

From ad33fdc8f4bce612842d922ca701c3062fe4d4c6 Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@golang.org>
Date: Thu, 31 Mar 2022 12:31:58 -0400
Subject: [Backport 1/2] [release-branch.go1.17] crypto/elliptic: tolerate
 zero-padded scalars in generic P-256

Updates #52075
Fixes #52076
Fixes CVE-2022-28327

Change-Id: I595a7514c9a0aa1b9c76aedfc2307e1124271f27
Reviewed-on: https://go-review.googlesource.com/c/go/+/397136
Trust: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Julie Qiu <julie@golang.org>

Conflict:NA
Reference:https://go-review.googlesource.com/c/go/+/399816,https://go-review.googlesource.com/c/go/+/397136
---
 src/crypto/elliptic/p256.go      |  2 +-
 src/crypto/elliptic/p256_test.go | 14 ++++++++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/src/crypto/elliptic/p256.go b/src/crypto/elliptic/p256.go
index b2b12c8f13..da5283735c 100644
--- a/src/crypto/elliptic/p256.go
+++ b/src/crypto/elliptic/p256.go
@@ -52,7 +52,7 @@ func p256GetScalar(out *[32]byte, in []byte) {
 	n := new(big.Int).SetBytes(in)
 	var scalarBytes []byte
 
-	if n.Cmp(p256Params.N) >= 0 {
+	if n.Cmp(p256Params.N) >= 0 || len(in) > len(out) {
 		n.Mod(n, p256Params.N)
 		scalarBytes = n.Bytes()
 	} else {
diff --git a/src/crypto/elliptic/p256_test.go b/src/crypto/elliptic/p256_test.go
index 1435f5e1a5..694186df81 100644
--- a/src/crypto/elliptic/p256_test.go
+++ b/src/crypto/elliptic/p256_test.go
@@ -153,3 +153,17 @@ func TestP256CombinedMult(t *testing.T) {
 		t.Errorf("1×G + (-1)×G = (%d, %d), should be ∞", x, y)
 	}
 }
+
+func TestIssue52075(t *testing.T) {
+	Gx, Gy := P256().Params().Gx, P256().Params().Gy
+	scalar := make([]byte, 33)
+	scalar[32] = 1
+	x, y := P256().ScalarBaseMult(scalar)
+	if x.Cmp(Gx) != 0 || y.Cmp(Gy) != 0 {
+		t.Errorf("unexpected output (%v,%v)", x, y)
+	}
+	x, y = P256().ScalarMult(Gx, Gy, scalar)
+	if x.Cmp(Gx) != 0 || y.Cmp(Gy) != 0 {
+		t.Errorf("unexpected output (%v,%v)", x, y)
+	}
+}
-- 
2.30.0