From: Go Compiler Team <pkg-golang-devel@lists.alioth.debian.org>
Date: Mon, 28 Jan 2019 21:24:55 +0000 (+0000)
Subject: cve-2019-6486
X-Git-Tag: archive/raspbian/1.7.4-2+rpi1+deb9u1^2~2
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=067e18d2b7896a73425b5d63a8fb97bb0b7c655d;p=golang-1.7.git

cve-2019-6486


Gbp-Pq: Name cve-2019-6486.patch
---

diff --git a/src/crypto/elliptic/elliptic.go b/src/crypto/elliptic/elliptic.go
index c02df45..337adff 100644
--- a/src/crypto/elliptic/elliptic.go
+++ b/src/crypto/elliptic/elliptic.go
@@ -210,8 +210,9 @@ func (curve *CurveParams) doubleJacobian(x, y, z *big.Int) (*big.Int, *big.Int,
 
 	x3 := new(big.Int).Mul(alpha, alpha)
 	beta8 := new(big.Int).Lsh(beta, 3)
+	beta8.Mod(beta8, curve.P)
 	x3.Sub(x3, beta8)
-	for x3.Sign() == -1 {
+	if x3.Sign() == -1 {
 		x3.Add(x3, curve.P)
 	}
 	x3.Mod(x3, curve.P)