Browse code
go : Fix CVE-2017-8932
Change-Id: I043dbcc0f879632fe32734a7c0d09f934c2e25ef
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/4090
Reviewed-by: Bo Gan <ganb@vmware.com>
Tested-by: gerrit-photon <photon-checkins@vmware.com>
xiaolin-vmware authored on 2017/10/20 08:25:21Showing 2 changed files
| 1 | 1 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,96 @@ |
| 0 |
+From 9294fa2749ffee7edbbb817a0ef9fe633136fa9c Mon Sep 17 00:00:00 2001 |
|
| 1 |
+From: Adam Langley <agl@golang.org> |
|
| 2 |
+Date: Wed, 19 Apr 2017 10:00:32 -0700 |
|
| 3 |
+Subject: [PATCH] crypto/elliptic: fix carry bug in x86-64 P-256 |
|
| 4 |
+ implementation. |
|
| 5 |
+ |
|
| 6 |
+Patch from Vlad Krasnov and confirmed to be under CLA. |
|
| 7 |
+ |
|
| 8 |
+Fixes #20040. |
|
| 9 |
+ |
|
| 10 |
+Change-Id: Ieb8436c4dcb6669a1620f1e0d257efd047b1b87c |
|
| 11 |
+Reviewed-on: https://go-review.googlesource.com/41070 |
|
| 12 |
+Run-TryBot: Adam Langley <agl@golang.org> |
|
| 13 |
+TryBot-Result: Gobot Gobot <gobot@golang.org> |
|
| 14 |
+Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> |
|
| 15 |
+--- |
|
| 16 |
+ src/crypto/elliptic/elliptic_test.go | 36 ++++++++++++++++++++++++++++++++++++ |
|
| 17 |
+ src/crypto/elliptic/p256_asm_amd64.s | 10 +++++----- |
|
| 18 |
+ 2 files changed, 41 insertions(+), 5 deletions(-) |
|
| 19 |
+ |
|
| 20 |
+diff --git a/src/crypto/elliptic/elliptic_test.go b/src/crypto/elliptic/elliptic_test.go |
|
| 21 |
+index 902c4143837..c3e4c17d250 100644 |
|
| 22 |
+--- a/src/crypto/elliptic/elliptic_test.go |
|
| 23 |
+@@ -300,6 +300,29 @@ var p224BaseMultTests = []baseMultTest{
|
|
| 24 |
+ }, |
|
| 25 |
+ } |
|
| 26 |
+ |
|
| 27 |
++type scalarMultTest struct {
|
|
| 28 |
++ k string |
|
| 29 |
++ xIn, yIn string |
|
| 30 |
++ xOut, yOut string |
|
| 31 |
++} |
|
| 32 |
++ |
|
| 33 |
++var p256MultTests = []scalarMultTest{
|
|
| 34 |
++ {
|
|
| 35 |
++ "2a265f8bcbdcaf94d58519141e578124cb40d64a501fba9c11847b28965bc737", |
|
| 36 |
++ "023819813ac969847059028ea88a1f30dfbcde03fc791d3a252c6b41211882ea", |
|
| 37 |
++ "f93e4ae433cc12cf2a43fc0ef26400c0e125508224cdb649380f25479148a4ad", |
|
| 38 |
++ "4d4de80f1534850d261075997e3049321a0864082d24a917863366c0724f5ae3", |
|
| 39 |
++ "a22d2b7f7818a3563e0f7a76c9bf0921ac55e06e2e4d11795b233824b1db8cc0", |
|
| 40 |
++ }, |
|
| 41 |
++ {
|
|
| 42 |
++ "313f72ff9fe811bf573176231b286a3bdb6f1b14e05c40146590727a71c3bccd", |
|
| 43 |
++ "cc11887b2d66cbae8f4d306627192522932146b42f01d3c6f92bd5c8ba739b06", |
|
| 44 |
++ "a2f08a029cd06b46183085bae9248b0ed15b70280c7ef13a457f5af382426031", |
|
| 45 |
++ "831c3f6b5f762d2f461901577af41354ac5f228c2591f84f8a6e51e2e3f17991", |
|
| 46 |
++ "93f90934cd0ef2c698cc471c60a93524e87ab31ca2412252337f364513e43684", |
|
| 47 |
++ }, |
|
| 48 |
++} |
|
| 49 |
++ |
|
| 50 |
+ func TestBaseMult(t *testing.T) {
|
|
| 51 |
+ p224 := P224() |
|
| 52 |
+ for i, e := range p224BaseMultTests {
|
|
| 53 |
+@@ -379,6 +402,19 @@ func TestP256Mult(t *testing.T) {
|
|
| 54 |
+ break |
|
| 55 |
+ } |
|
| 56 |
+ } |
|
| 57 |
++ |
|
| 58 |
++ for i, e := range p256MultTests {
|
|
| 59 |
++ x, _ := new(big.Int).SetString(e.xIn, 16) |
|
| 60 |
++ y, _ := new(big.Int).SetString(e.yIn, 16) |
|
| 61 |
++ k, _ := new(big.Int).SetString(e.k, 16) |
|
| 62 |
++ expectedX, _ := new(big.Int).SetString(e.xOut, 16) |
|
| 63 |
++ expectedY, _ := new(big.Int).SetString(e.yOut, 16) |
|
| 64 |
++ |
|
| 65 |
++ xx, yy := p256.ScalarMult(x, y, k.Bytes()) |
|
| 66 |
++ if xx.Cmp(expectedX) != 0 || yy.Cmp(expectedY) != 0 {
|
|
| 67 |
++ t.Errorf("#%d: got (%x, %x), want (%x, %x)", i, xx, yy, expectedX, expectedY)
|
|
| 68 |
++ } |
|
| 69 |
++ } |
|
| 70 |
+ } |
|
| 71 |
+ |
|
| 72 |
+ func TestInfinity(t *testing.T) {
|
|
| 73 |
+diff --git a/src/crypto/elliptic/p256_asm_amd64.s b/src/crypto/elliptic/p256_asm_amd64.s |
|
| 74 |
+index 6c7bde16e5e..ea4a6fab9a6 100644 |
|
| 75 |
+--- a/src/crypto/elliptic/p256_asm_amd64.s |
|
| 76 |
+@@ -1314,12 +1314,12 @@ TEXT p256SubInternal(SB),NOSPLIT,$0 |
|
| 77 |
+ ADCQ p256const0<>(SB), acc5 |
|
| 78 |
+ ADCQ $0, acc6 |
|
| 79 |
+ ADCQ p256const1<>(SB), acc7 |
|
| 80 |
+- ADCQ $0, mul0 |
|
| 81 |
++ ANDQ $1, mul0 |
|
| 82 |
+ |
|
| 83 |
+- CMOVQNE acc0, acc4 |
|
| 84 |
+- CMOVQNE acc1, acc5 |
|
| 85 |
+- CMOVQNE acc2, acc6 |
|
| 86 |
+- CMOVQNE acc3, acc7 |
|
| 87 |
++ CMOVQEQ acc0, acc4 |
|
| 88 |
++ CMOVQEQ acc1, acc5 |
|
| 89 |
++ CMOVQEQ acc2, acc6 |
|
| 90 |
++ CMOVQEQ acc3, acc7 |
|
| 91 |
+ |
|
| 92 |
+ RET |
|
| 93 |
+ /* ---------------------------------------*/ |
| ... | ... |
@@ -10,7 +10,7 @@ |
| 10 | 10 |
Summary: Go |
| 11 | 11 |
Name: go |
| 12 | 12 |
Version: 1.8.1 |
| 13 |
-Release: 1%{?dist}
|
|
| 13 |
+Release: 2%{?dist}
|
|
| 14 | 14 |
License: BSD |
| 15 | 15 |
URL: https://golang.org |
| 16 | 16 |
Group: System Environment/Security |
| ... | ... |
@@ -19,6 +19,7 @@ Distribution: Photon |
| 19 | 19 |
Source0: https://storage.googleapis.com/golang/%{name}%{version}.src.tar.gz
|
| 20 | 20 |
%define sha1 go=0c4b7116bd6b7cdc19bdcf8336c75eae4620907b |
| 21 | 21 |
Patch0: go_imports_fix.patch |
| 22 |
+Patch1: go-CVE-2017-8932.patch |
|
| 22 | 23 |
BuildRequires: mercurial |
| 23 | 24 |
Requires: mercurial |
| 24 | 25 |
Requires: glibc |
| ... | ... |
@@ -29,6 +30,7 @@ Go is an open source programming language that makes it easy to build simple, re |
| 29 | 29 |
%prep |
| 30 | 30 |
%setup -qn %{name}
|
| 31 | 31 |
%patch0 -p1 |
| 32 |
+%patch1 -p1 |
|
| 32 | 33 |
|
| 33 | 34 |
%build |
| 34 | 35 |
export GOHOSTOS=linux |
| ... | ... |
@@ -115,6 +117,8 @@ rm -rf %{buildroot}/*
|
| 115 | 115 |
%{_bindir}/*
|
| 116 | 116 |
|
| 117 | 117 |
%changelog |
| 118 |
+* Thu Oct 19 2017 Xiaolin Li <xiaolinl@vmware.com> 1.8.1-2 |
|
| 119 |
+- Fix CVE-2017-8932 |
|
| 118 | 120 |
* Tue Apr 11 2017 Danut Moraru <dmoraru@vmware.com> 1.8.1-1 |
| 119 | 121 |
- Update Golang to version 1.8.1, updated patch0 |
| 120 | 122 |
* Wed Dec 28 2016 Xiaolin Li <xiaolinl@vmware.com> 1.7.4-1 |