Skip to content

crypto/elliptic: incorrect operations on the P-224 curve #43786

New issue
New issue
Closed
Closed
crypto/elliptic: incorrect operations on the P-224 curve#43786
Labels
FrozenDueToAgeNeedsFixThe path to resolution is known, but the work has not been done.Securityrelease-blocker
Milestone
Go1.16
@rolandshoemaker

Description

@rolandshoemaker
rolandshoemaker
opened on Jan 19, 2021

The P224() Curve implementation can in rare circumstances generate incorrect outputs, including returning invalid points from ScalarMult.

The crypto/x509 and golang.org/x/crypto/ocsp (but not crypto/tls) packages support P-224 ECDSA keys, but they are not supported by publicly trusted certificate authorities. No other standard library or golang.org/x/crypto package supports or uses the P-224 curve.

The incorrect output was found by the elliptic-curve-differential-fuzzer project running on OSS-Fuzz and reported by Philippe Antoine (Catena cyber).

This issue is CVE-2021-3114.

Metadata

Metadata

Assignees

No one assigned

    Labels

    FrozenDueToAgeNeedsFixThe path to resolution is known, but the work has not been done.Securityrelease-blocker

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions