From 4832b734ad342de5776220e6aa384d7b63feae67 Mon Sep 17 00:00:00 2001
From: hanchao <hanchao47@huawei.com>
Date: Fri, 4 Mar 2022 16:45:52 +0800
Subject: [PATCH] fix CVE-2022-23772  CVE-2022-23806

Reference:https://go-review.googlesource.com/c/go/+/382835;https://go-review.googlesource.com/c/go/+/381336;https://go-review.googlesource.com/c/go/+/382854
Conflict:NA
Score:CVE-2022-23772:7.5 CVE-2022-23806:9.1
Reason:fix CVE-2022-23772  CVE-2022-23806
---
 ...o1.16-math-big-prevent-overflow-in-R.patch |  64 ++++++++
 ...o1.16-crypto-elliptic-make-IsOnCurve.patch | 149 ++++++++++++++++++
 golang.spec                                   |   9 +-
 3 files changed, 220 insertions(+), 2 deletions(-)
 create mode 100644 0057-release-branch.go1.16-math-big-prevent-overflow-in-R.patch
 create mode 100644 0058-release-branch.go1.16-crypto-elliptic-make-IsOnCurve.patch

diff --git a/0057-release-branch.go1.16-math-big-prevent-overflow-in-R.patch b/0057-release-branch.go1.16-math-big-prevent-overflow-in-R.patch
new file mode 100644
index 0000000..e2217de
--- /dev/null
+++ b/0057-release-branch.go1.16-math-big-prevent-overflow-in-R.patch
@@ -0,0 +1,64 @@
+From 3ebb1762fb1942b4ffe932000f873e16c194a2d7 Mon Sep 17 00:00:00 2001
+From: Katie Hockman <katie@golang.org>
+Date: Wed, 2 Mar 2022 10:52:56 +0800
+Subject: [Backport 1/3] [release-branch.go1.16] math/big: prevent overflow in
+ (*Rat).SetString
+
+Credit to rsc@ for the original patch.
+
+Thanks to the OSS-Fuzz project for discovering this
+issue and to Emmanuel Odeke (@odeke_et) for reporting it.
+
+Updates #50699
+Fixes #50700
+Fixes CVE-2022-23772
+
+Change-Id: I590395a3d55689625390cf1e58f5f40623b26ee5
+Reviewed-on: https://go-review.googlesource.com/c/go/+/379537
+Trust: Katie Hockman <katie@golang.org>
+Run-TryBot: Katie Hockman <katie@golang.org>
+TryBot-Result: Gopher Robot <gobot@golang.org>
+Reviewed-by: Emmanuel Odeke <emmanuel@orijtech.com>
+Reviewed-by: Roland Shoemaker <roland@golang.org>
+Reviewed-by: Julie Qiu <julie@golang.org>
+(cherry picked from commit ad345c265916bbf6c646865e4642eafce6d39e78)
+Reviewed-on: https://go-review.googlesource.com/c/go/+/381337
+
+Reference:https://go-review.googlesource.com/c/go/+/381337
+Conflict:NA
+---
+ src/math/big/ratconv.go      | 5 +++++
+ src/math/big/ratconv_test.go | 1 +
+ 2 files changed, 6 insertions(+)
+
+diff --git a/src/math/big/ratconv.go b/src/math/big/ratconv.go
+index ac3c8bd..90053a9 100644
+--- a/src/math/big/ratconv.go
++++ b/src/math/big/ratconv.go
+@@ -169,6 +169,11 @@ func (z *Rat) SetString(s string) (*Rat, bool) {
+ 		n := exp5
+ 		if n < 0 {
+ 			n = -n
++			if n < 0 {
++				// This can occur if -n overflows. -(-1 << 63) would become
++				// -1 << 63, which is still negative.
++				return nil, false
++			}
+ 		}
+ 		if n > 1e6 {
+ 			return nil, false // avoid excessively large exponents
+diff --git a/src/math/big/ratconv_test.go b/src/math/big/ratconv_test.go
+index 15d206c..e55e655 100644
+--- a/src/math/big/ratconv_test.go
++++ b/src/math/big/ratconv_test.go
+@@ -104,6 +104,7 @@ var setStringTests = []StringTest{
+ 	{in: "4/3/"},
+ 	{in: "4/3."},
+ 	{in: "4/"},
++	{in: "13e-9223372036854775808"}, // CVE-2022-23772
+ 
+ 	// valid
+ 	{"0", "0", true},
+-- 
+2.30.0
+
diff --git a/0058-release-branch.go1.16-crypto-elliptic-make-IsOnCurve.patch b/0058-release-branch.go1.16-crypto-elliptic-make-IsOnCurve.patch
new file mode 100644
index 0000000..6f23254
--- /dev/null
+++ b/0058-release-branch.go1.16-crypto-elliptic-make-IsOnCurve.patch
@@ -0,0 +1,149 @@
+From 126bdb9ae49d443850459b55cf7c0686eef2f476 Mon Sep 17 00:00:00 2001
+From: Filippo Valsorda <filippo@golang.org>
+Date: Wed, 2 Mar 2022 10:56:28 +0800
+Subject: [Backport 3/3] [release-branch.go1.16] crypto/elliptic: make
+ IsOnCurve return false for invalid field elements
+
+Updates #50974
+Fixes #50977
+Fixes CVE-2022-23806
+
+Change-Id: I0201c2c88f13dd82910985a495973f1683af9259
+Reviewed-on: https://go-review.googlesource.com/c/go/+/382855
+Trust: Filippo Valsorda <filippo@golang.org>
+Run-TryBot: Filippo Valsorda <filippo@golang.org>
+Reviewed-by: Katie Hockman <katie@golang.org>
+Trust: Katie Hockman <katie@golang.org>
+TryBot-Result: Gopher Robot <gobot@golang.org>
+
+Conflict:NA
+Reference:https://go-review.googlesource.com/c/go/+/382855
+---
+ src/crypto/elliptic/elliptic.go      |  4 ++
+ src/crypto/elliptic/elliptic_test.go | 81 ++++++++++++++++++++++++++++
+ src/crypto/elliptic/p224.go          |  5 ++
+ 3 files changed, 90 insertions(+)
+
+diff --git a/src/crypto/elliptic/elliptic.go b/src/crypto/elliptic/elliptic.go
+index f93dc16..321f926 100644
+--- a/src/crypto/elliptic/elliptic.go
++++ b/src/crypto/elliptic/elliptic.go
+@@ -71,6 +71,10 @@ func (curve *CurveParams) polynomial(x *big.Int) *big.Int {
+ }
+ 
+ func (curve *CurveParams) IsOnCurve(x, y *big.Int) bool {
++	if x.Sign() < 0 || x.Cmp(curve.P) >= 0 ||
++		y.Sign() < 0 || y.Cmp(curve.P) >= 0 {
++		return false
++	}
+ 	// y² = x³ - 3x + b
+ 	y2 := new(big.Int).Mul(y, y)
+ 	y2.Mod(y2, curve.P)
+diff --git a/src/crypto/elliptic/elliptic_test.go b/src/crypto/elliptic/elliptic_test.go
+index e80e773..bb16b0d 100644
+--- a/src/crypto/elliptic/elliptic_test.go
++++ b/src/crypto/elliptic/elliptic_test.go
+@@ -721,3 +721,84 @@ func testMarshalCompressed(t *testing.T, curve Curve, x, y *big.Int, want []byte
+ 		t.Errorf("point did not round-trip correctly: got (%v, %v), want (%v, %v)", X, Y, x, y)
+ 	}
+ }
++
++func testAllCurves(t *testing.T, f func(*testing.T, Curve)) {
++	tests := []struct {
++		name  string
++		curve Curve
++	}{
++		{"P256", P256()},
++		{"P256/Params", P256().Params()},
++		{"P224", P224()},
++		{"P224/Params", P224().Params()},
++		{"P384", P384()},
++		{"P384/Params", P384().Params()},
++		{"P521", P521()},
++		{"P521/Params", P521().Params()},
++	}
++	if testing.Short() {
++		tests = tests[:1]
++	}
++	for _, test := range tests {
++		curve := test.curve
++		t.Run(test.name, func(t *testing.T) {
++			t.Parallel()
++			f(t, curve)
++		})
++	}
++}
++
++// TestInvalidCoordinates tests big.Int values that are not valid field elements
++// (negative or bigger than P). They are expected to return false from
++// IsOnCurve, all other behavior is undefined.
++func TestInvalidCoordinates(t *testing.T) {
++	testAllCurves(t, testInvalidCoordinates)
++}
++
++func testInvalidCoordinates(t *testing.T, curve Curve) {
++	checkIsOnCurveFalse := func(name string, x, y *big.Int) {
++		if curve.IsOnCurve(x, y) {
++			t.Errorf("IsOnCurve(%s) unexpectedly returned true", name)
++		}
++	}
++
++	p := curve.Params().P
++	_, x, y, _ := GenerateKey(curve, rand.Reader)
++	xx, yy := new(big.Int), new(big.Int)
++
++	// Check if the sign is getting dropped.
++	xx.Neg(x)
++	checkIsOnCurveFalse("-x, y", xx, y)
++	yy.Neg(y)
++	checkIsOnCurveFalse("x, -y", x, yy)
++
++	// Check if negative values are reduced modulo P.
++	xx.Sub(x, p)
++	checkIsOnCurveFalse("x-P, y", xx, y)
++	yy.Sub(y, p)
++	checkIsOnCurveFalse("x, y-P", x, yy)
++
++	// Check if positive values are reduced modulo P.
++	xx.Add(x, p)
++	checkIsOnCurveFalse("x+P, y", xx, y)
++	yy.Add(y, p)
++	checkIsOnCurveFalse("x, y+P", x, yy)
++
++	// Check if the overflow is dropped.
++	xx.Add(x, new(big.Int).Lsh(big.NewInt(1), 535))
++	checkIsOnCurveFalse("x+2⁵³⁵, y", xx, y)
++	yy.Add(y, new(big.Int).Lsh(big.NewInt(1), 535))
++	checkIsOnCurveFalse("x, y+2⁵³⁵", x, yy)
++
++	// Check if P is treated like zero (if possible).
++	// y^2 = x^3 - 3x + B
++	// y = mod_sqrt(x^3 - 3x + B)
++	// y = mod_sqrt(B) if x = 0
++	// If there is no modsqrt, there is no point with x = 0, can't test x = P.
++	if yy := new(big.Int).ModSqrt(curve.Params().B, p); yy != nil {
++		if !curve.IsOnCurve(big.NewInt(0), yy) {
++			t.Fatal("(0, mod_sqrt(B)) is not on the curve?")
++		}
++		checkIsOnCurveFalse("P, y", p, yy)
++	}
++}
+diff --git a/src/crypto/elliptic/p224.go b/src/crypto/elliptic/p224.go
+index 8c76021..ff5c834 100644
+--- a/src/crypto/elliptic/p224.go
++++ b/src/crypto/elliptic/p224.go
+@@ -48,6 +48,11 @@ func (curve p224Curve) Params() *CurveParams {
+ }
+ 
+ func (curve p224Curve) IsOnCurve(bigX, bigY *big.Int) bool {
++	if bigX.Sign() < 0 || bigX.Cmp(curve.P) >= 0 ||
++		bigY.Sign() < 0 || bigY.Cmp(curve.P) >= 0 {
++		return false
++	}
++
+ 	var x, y p224FieldElement
+ 	p224FromBig(&x, bigX)
+ 	p224FromBig(&y, bigY)
+-- 
+2.30.0
+
diff --git a/golang.spec b/golang.spec
index 4a76ef7..3104150 100644
--- a/golang.spec
+++ b/golang.spec
@@ -62,7 +62,7 @@
 
 Name:           golang
 Version:        1.15.7
-Release:        8
+Release:        9
 Summary:        The Go Programming Language
 License:        BSD and Public Domain
 URL:            https://golang.org/
@@ -202,6 +202,8 @@ Patch6053:       0053-net-http-httputil-close-incoming-ReverseProxy-reques.patch
 Patch6054:       0054-release-branch.go1.16-debug-macho-fail-on-invalid-dy.patch
 Patch6055:       0055-release-branch.go1.16-net-http-update-bundled-golang.patch
 Patch6056:       0056-release-branch.go1.16-archive-zip-prevent-preallocat.patch
+Patch6057:       0057-release-branch.go1.16-math-big-prevent-overflow-in-R.patch
+Patch6058:       0058-release-branch.go1.16-crypto-elliptic-make-IsOnCurve.patch
 
 Patch9001:       0001-drop-hard-code-cert.patch
 
@@ -435,8 +437,11 @@ fi
 %files devel -f go-tests.list -f go-misc.list -f go-src.list
 
 %changelog
+* Fri Mar 4 2022 hanchao<hanchao47@huawei.com> - 1.15.7-9
+- fix CVE-2022-23772  CVE-2022-23806
+
 * Tue Feb 8 2022 hanchao<hanchao47@huawei.com> - 1.15.7-8
-- fix CVE-2021-44716
+- fix CVE-2021-39293
 
 * Wed Jan 19 2022 hanchao<hanchao47@huawei.com> - 1.15.7-7
 - fix CVE-2021-44716
-- 
Gitee