diff options
-rw-r--r-- | VERSION | 2 | ||||
-rw-r--r-- | doc/devel/release.html | 7 | ||||
-rw-r--r-- | src/crypto/elliptic/elliptic.go | 3 |
3 files changed, 10 insertions, 2 deletions
@@ -1 +1 @@ -go1.10.7
\ No newline at end of file +go1.10.8
\ No newline at end of file diff --git a/doc/devel/release.html b/doc/devel/release.html index 9f4500ac79..89991f48c1 100644 --- a/doc/devel/release.html +++ b/doc/devel/release.html @@ -87,6 +87,13 @@ See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.10.7+labe Go 1.10.7 milestone</a> on our issue tracker for details. </p> +<p> +go1.10.8 (released 2019/01/23) includes a security fix to the +<code>crypto/elliptic</code> package. +See the <a href="https://github.com/golang/go/issues?q=milestone%3AGo1.10.8+label%3ACherryPickApproved">Go +1.10.8 milestone</a> on our issue tracker for details. +</p> + <h2 id="go1.9">go1.9 (released 2017/08/24)</h2> <p> diff --git a/src/crypto/elliptic/elliptic.go b/src/crypto/elliptic/elliptic.go index 35aacf24e5..76b78a790e 100644 --- a/src/crypto/elliptic/elliptic.go +++ b/src/crypto/elliptic/elliptic.go @@ -210,8 +210,9 @@ func (curve *CurveParams) doubleJacobian(x, y, z *big.Int) (*big.Int, *big.Int, x3 := new(big.Int).Mul(alpha, alpha) beta8 := new(big.Int).Lsh(beta, 3) + beta8.Mod(beta8, curve.P) x3.Sub(x3, beta8) - for x3.Sign() == -1 { + if x3.Sign() == -1 { x3.Add(x3, curve.P) } x3.Mod(x3, curve.P) |