[release-branch.go1.17] crypto/elliptic: tolerate zero-padded scalars in generic P-256

Updates #52075 Fixes #52076 Fixes CVE-2022-28327 Change-Id: I595a7514c9a0aa1b9c76aedfc2307e1124271f27 Reviewed-on: https://go-review.googlesource.com/c/go/+/397136 Trust: Filippo Valsorda <filippo@golang.org> Reviewed-by: Julie Qiu <julie@golang.org>
author: Filippo Valsorda <filippo@golang.org> 2022-03-31 12:31:58 -0400
committer: Cherry Mui <cherryyz@google.com> 2022-04-06 16:36:21 +0000
commit: 7139e8b024604ab168b51b99c6e8168257a5bf58 (patch)
tree: e0cf09617bacb64b0a1ae2e014a29fe8f4d3c1bb /src/crypto/elliptic/p256.go
parent: eb75219438e3c3d8947373c1f27c3ac4abf7ee8b (diff)
download: go-7139e8b024604ab168b51b99c6e8168257a5bf58.tar.gz
go-7139e8b024604ab168b51b99c6e8168257a5bf58.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/src/crypto/elliptic/p256.go b/src/crypto/elliptic/p256.go
index b2b12c8f13..da5283735c 100644
--- a/src/crypto/elliptic/p256.go
+++ b/src/crypto/elliptic/p256.go
@@ -52,7 +52,7 @@ func p256GetScalar(out *[32]byte, in []byte) {
 	n := new(big.Int).SetBytes(in)
 	var scalarBytes []byte
 
-	if n.Cmp(p256Params.N) >= 0 {
+	if n.Cmp(p256Params.N) >= 0 || len(in) > len(out) {
 		n.Mod(n, p256Params.N)
 		scalarBytes = n.Bytes()
 	} else {
author	Filippo Valsorda <filippo@golang.org>	2022-03-31 12:31:58 -0400
committer	Cherry Mui <cherryyz@google.com>	2022-04-06 16:36:21 +0000
commit	7139e8b024604ab168b51b99c6e8168257a5bf58 (patch)
tree	e0cf09617bacb64b0a1ae2e014a29fe8f4d3c1bb /src/crypto/elliptic/p256.go
parent	eb75219438e3c3d8947373c1f27c3ac4abf7ee8b (diff)
download	go-7139e8b024604ab168b51b99c6e8168257a5bf58.tar.gz go-7139e8b024604ab168b51b99c6e8168257a5bf58.zip