Skip to content

crypto/elliptic: IsOnCurve returns true for invalid field elements [1.16 backport] #50977

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
gopherbot opened this issue Feb 2, 2022 · 3 comments
Closed

crypto/elliptic: IsOnCurve returns true for invalid field elements [1.16 backport] #50977

gopherbot opened this issue Feb 2, 2022 · 3 comments
Labels
CherryPickApproved Used during the release process for point releases FrozenDueToAge Security
Milestone
Go1.16.14

Comments

@gopherbot
Copy link
Contributor

@FiloSottile requested issue #50974 to be considered for backport to the next 1.16 minor release.

@gopherbot please open backport issues for this security fix. /cc @golang/security
@gopherbot gopherbot added the CherryPickCandidate Used during the release process for point releases label Feb 2, 2022
@gopherbot gopherbot mentioned this issue Feb 2, 2022
Closed
@gopherbot gopherbot added this to the Go1.16.14 milestone Feb 2, 2022
@gopherbot
Copy link
Contributor Author

Change https://golang.org/cl/382457 mentions this issue: [release-branch.go1.16] crypto/elliptic: make IsOnCurve return false for invalid field elements

@gopherbot
Copy link
Contributor Author

Change https://golang.org/cl/382855 mentions this issue: [release-branch.go1.16] crypto/elliptic: make IsOnCurve return false for invalid field elements

@toothrot toothrot added the CherryPickApproved Used during the release process for point releases label Feb 3, 2022
@gopherbot gopherbot removed the CherryPickCandidate Used during the release process for point releases label Feb 3, 2022
@gopherbot
Copy link
Contributor Author

Closed by merging 6b3e741 to release-branch.go1.16.

gopherbot pushed a commit that referenced this issue Feb 7, 2022
@FiloSottile @cherrymui
[release-branch.go1.16] crypto/elliptic: make IsOnCurve return false …
6b3e741 
…for invalid field elements

Updates #50974
Fixes #50977
Fixes CVE-2022-23806

Change-Id: I0201c2c88f13dd82910985a495973f1683af9259
Reviewed-on: https://go-review.googlesource.com/c/go/+/382855
Trust: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
Trust: Katie Hockman <katie@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
danbudris pushed a commit to danbudris/go that referenced this issue Sep 14, 2022
@FiloSottile @danbudris
[release-branch.go1.16] crypto/elliptic: make IsOnCurve return false …
d90d600 
…for invalid field elements

Updates golang#50974
Fixes golang#50977
Fixes CVE-2022-23806

Change-Id: I0201c2c88f13dd82910985a495973f1683af9259
Reviewed-on: https://go-review.googlesource.com/c/go/+/382855
Trust: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
Trust: Katie Hockman <katie@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
rcrozean pushed a commit to rcrozean/go that referenced this issue Oct 5, 2022
@FiloSottile @rcrozean
crypto/elliptic: make IsOnCurve return false for invalid field elements
3325efe 
# AWS EKS
Backported To: go-1.15.15-eks
Backported On: Thu, 22 Sept 2022
Backported By: budris@amazon.com
Backported From: release-branch.go1.16
Upstream Source Commit: golang@6b3e741
EKS Patch Source Commit: danbudris@d90d600

# Original Information

Updates golang#50974
Fixes golang#50977
Fixes CVE-2022-23806

Change-Id: I0201c2c88f13dd82910985a495973f1683af9259
Reviewed-on: https://go-review.googlesource.com/c/go/+/382855
Trust: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
Trust: Katie Hockman <katie@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
rcrozean pushed a commit to rcrozean/go that referenced this issue Oct 12, 2022
@FiloSottile @rcrozean
crypto/elliptic: make IsOnCurve return false for invalid field elements
b96a076 
# AWS EKS
Backported To: go-1.15.15-eks
Backported On: Thu, 22 Sept 2022
Backported By: budris@amazon.com
Backported From: release-branch.go1.16
Upstream Source Commit: golang@6b3e741
EKS Patch Source Commit: danbudris@d90d600

# Original Information

Updates golang#50974
Fixes golang#50977
Fixes CVE-2022-23806

Change-Id: I0201c2c88f13dd82910985a495973f1683af9259
Reviewed-on: https://go-review.googlesource.com/c/go/+/382855
Trust: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
Trust: Katie Hockman <katie@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
@golang golang locked and limited conversation to collaborators Feb 7, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
CherryPickApproved Used during the release process for point releases FrozenDueToAge Security
Projects
None yet
Milestone
Go1.16.14
Development

No branches or pull requests
2 participants
@toothrot @gopherbot