--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/golang-17/patches/0024-release-branch.go1.7-crypto-aes-cipher-fix-panic-in-.patch Tue Dec 20 11:59:29 2016 -0800
@@ -0,0 +1,113 @@
+From f0377a2851f13eda1993fd92d3f55d23884bdb83 Mon Sep 17 00:00:00 2001
+From: Michael Munday <[email protected]>
+Date: Thu, 13 Oct 2016 17:08:54 -0400
+Subject: [PATCH 24/38] [release-branch.go1.7] crypto/{aes,cipher}: fix panic
+ in CBC on s390x when src length is 0
+
+Adds a test to check that block cipher modes accept a zero-length
+input.
+
+Fixes #17435.
+
+Change-Id: Ie093c4cdff756b5c2dcb79342e167b3de5622389
+Reviewed-on: https://go-review.googlesource.com/31070
+Run-TryBot: Michael Munday <[email protected]>
+TryBot-Result: Gobot Gobot <[email protected]>
+Reviewed-by: Brad Fitzpatrick <[email protected]>
+Reviewed-on: https://go-review.googlesource.com/31291
+Reviewed-by: Michael Munday <[email protected]>
+Run-TryBot: Chris Broadfoot <[email protected]>
+---
+ src/crypto/aes/cbc_s390x.go | 4 ++-
+ src/crypto/cipher/cipher_test.go | 54 ++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 57 insertions(+), 1 deletion(-)
+
+diff --git a/src/crypto/aes/cbc_s390x.go b/src/crypto/aes/cbc_s390x.go
+index 427b30b..739e1fe 100644
+--- a/src/crypto/aes/cbc_s390x.go
++++ b/src/crypto/aes/cbc_s390x.go
+@@ -48,7 +48,9 @@ func (x *cbc) CryptBlocks(dst, src []byte) {
+ if len(dst) < len(src) {
+ panic("crypto/cipher: output smaller than input")
+ }
+- cryptBlocksChain(x.c, &x.iv[0], &x.b.key[0], &dst[0], &src[0], len(src))
++ if len(src) > 0 {
++ cryptBlocksChain(x.c, &x.iv[0], &x.b.key[0], &dst[0], &src[0], len(src))
++ }
+ }
+
+ func (x *cbc) SetIV(iv []byte) {
+diff --git a/src/crypto/cipher/cipher_test.go b/src/crypto/cipher/cipher_test.go
+index 1faa7b8..4d7cd6b 100644
+--- a/src/crypto/cipher/cipher_test.go
++++ b/src/crypto/cipher/cipher_test.go
+@@ -5,8 +5,10 @@
+ package cipher_test
+
+ import (
++ "bytes"
+ "crypto/aes"
+ "crypto/cipher"
++ "crypto/des"
+ "testing"
+ )
+
+@@ -34,3 +36,55 @@ func mustPanic(t *testing.T, msg string, f func()) {
+ }()
+ f()
+ }
++
++func TestEmptyPlaintext(t *testing.T) {
++ var key [16]byte
++ a, err := aes.NewCipher(key[:16])
++ if err != nil {
++ t.Fatal(err)
++ }
++ d, err := des.NewCipher(key[:8])
++ if err != nil {
++ t.Fatal(err)
++ }
++
++ s := 16
++ pt := make([]byte, s)
++ ct := make([]byte, s)
++ for i := 0; i < 16; i++ {
++ pt[i], ct[i] = byte(i), byte(i)
++ }
++
++ assertEqual := func(name string, got, want []byte) {
++ if !bytes.Equal(got, want) {
++ t.Fatalf("%s: got %v, want %v", name, got, want)
++ }
++ }
++
++ for _, b := range []cipher.Block{a, d} {
++ iv := make([]byte, b.BlockSize())
++ cbce := cipher.NewCBCEncrypter(b, iv)
++ cbce.CryptBlocks(ct, pt[:0])
++ assertEqual("CBC encrypt", ct, pt)
++
++ cbcd := cipher.NewCBCDecrypter(b, iv)
++ cbcd.CryptBlocks(ct, pt[:0])
++ assertEqual("CBC decrypt", ct, pt)
++
++ cfbe := cipher.NewCFBEncrypter(b, iv)
++ cfbe.XORKeyStream(ct, pt[:0])
++ assertEqual("CFB encrypt", ct, pt)
++
++ cfbd := cipher.NewCFBDecrypter(b, iv)
++ cfbd.XORKeyStream(ct, pt[:0])
++ assertEqual("CFB decrypt", ct, pt)
++
++ ctr := cipher.NewCTR(b, iv)
++ ctr.XORKeyStream(ct, pt[:0])
++ assertEqual("CTR", ct, pt)
++
++ ofb := cipher.NewOFB(b, iv)
++ ofb.XORKeyStream(ct, pt[:0])
++ assertEqual("OFB", ct, pt)
++ }
++}
+--
+2.7.4
+