[release-branch.go1.16] crypto/elliptic: make IsOnCurve return false for invalid field elements

Updates #50974 Fixes #50977 Fixes CVE-2022-23806 Change-Id: I0201c2c88f13dd82910985a495973f1683af9259 Reviewed-on: https://go-review.googlesource.com/c/go/+/382855 Trust: Filippo Valsorda <filippo@golang.org> Run-TryBot: Filippo Valsorda <filippo@golang.org> Reviewed-by: Katie Hockman <katie@golang.org> Trust: Katie Hockman <katie@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org>
author: Filippo Valsorda <filippo@golang.org> 2022-02-02 09:15:44 -0800
committer: Cherry Mui <cherryyz@google.com> 2022-02-07 19:24:54 +0000
commit: 6b3e741a834c34b8a844a33b3aa060dd4ed37231 (patch)
tree: 7babd8fe4425b5e609765d1fe41dc57856625d2e /src/crypto/elliptic/p224.go
parent: de76489a1b1cfce6b1258040c15b18ed97847758 (diff)
download: go-6b3e741a834c34b8a844a33b3aa060dd4ed37231.tar.gz
go-6b3e741a834c34b8a844a33b3aa060dd4ed37231.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/src/crypto/elliptic/p224.go b/src/crypto/elliptic/p224.go
index 8c76021464..ff5c834452 100644
--- a/src/crypto/elliptic/p224.go
+++ b/src/crypto/elliptic/p224.go
@@ -48,6 +48,11 @@ func (curve p224Curve) Params() *CurveParams {
 }
 
 func (curve p224Curve) IsOnCurve(bigX, bigY *big.Int) bool {
+	if bigX.Sign() < 0 || bigX.Cmp(curve.P) >= 0 ||
+		bigY.Sign() < 0 || bigY.Cmp(curve.P) >= 0 {
+		return false
+	}
+
 	var x, y p224FieldElement
 	p224FromBig(&x, bigX)
 	p224FromBig(&y, bigY)
author	Filippo Valsorda <filippo@golang.org>	2022-02-02 09:15:44 -0800
committer	Cherry Mui <cherryyz@google.com>	2022-02-07 19:24:54 +0000
commit	6b3e741a834c34b8a844a33b3aa060dd4ed37231 (patch)
tree	7babd8fe4425b5e609765d1fe41dc57856625d2e /src/crypto/elliptic/p224.go
parent	de76489a1b1cfce6b1258040c15b18ed97847758 (diff)
download	go-6b3e741a834c34b8a844a33b3aa060dd4ed37231.tar.gz go-6b3e741a834c34b8a844a33b3aa060dd4ed37231.zip