Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/crypto/ripemd160: incorrect output on checksumming "\x00" #33380

Closed
guidovranken opened this issue Jul 31, 2019 · 4 comments
Closed

x/crypto/ripemd160: incorrect output on checksumming "\x00" #33380

guidovranken opened this issue Jul 31, 2019 · 4 comments
Labels
FrozenDueToAge
Milestone
Unreleased

Comments

@guidovranken
Copy link

What version of Go are you using (go version)?

go version devel +39d4178 Wed Jul 31 05:45:43 2019 +0000 linux/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/jhg/.cache/go-build"
GOENV="/home/jhg/.config/go/env"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/home/jhg/cfmbed/cryptofuzz/modules/golang/test/go/packages"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/home/jhg/cfmbed/cryptofuzz/modules/golang/test/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/home/jhg/cfmbed/cryptofuzz/modules/golang/test/go/pkg/tool/linux_amd64"
GCCGO="gccgo"
AR="ar"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
GOMOD=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build882554262=/tmp/go-build -gno-record-gcc-switches"

What did you do?

https://play.golang.org/p/PiX7cpLO5er

What did you expect to see?

c81b94933420221a7ac004a90242d8b1d3e5070d

What did you see instead?

009c1185a5c5e9fc54612808977ee8f548b2258d31

Comments

Compare:

echo -en "\x00" | openssl ripemd160

Found with Cryptofuzz https://github.com/guidovranken/cryptofuzz
@odeke-em odeke-em changed the title golang.org/x/crypto/ripemd160 incorrect output x/crypto/ripemd160: incorrect output on checksumming "\x00" Jul 31, 2019
@gopherbot gopherbot added this to the Unreleased milestone Jul 31, 2019
@odeke-em
Copy link
Member

Thank you for this report @guidovranken!

I shall ping some cryptography experts @FiloSottile @agl @veorq to take a look.

@tmthrgd
Copy link
Contributor

tmthrgd commented Jul 31, 2019

You’re holding it wrong. Take a look at the hash.Hash docs and this playground link: https://play.golang.org/p/5JWW7P4L7lJ.

@guidovranken
Copy link
Author

Ahh. Sorry for the false positive.

@odeke-em
Copy link
Member

Thank you @tmthrgd!

@guidovranken in deed, you need to firstly write

h.Write([]byte("\x00"))

and then for the final checksum

h.Sum(nil)

otherwise by passing in []byte{0x00} to h.Sum you are asking it to append those bytes to the current hash and return the resulting slice

        // Sum appends the current hash to b and returns the resulting slice.
        // It does not change the underlying hash state.
        Sum(b []byte) []byte

as @tmthrgd linked.

@golang golang locked and limited conversation to collaborators Jul 30, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
4 participants
@tmthrgd @odeke-em @guidovranken @gopherbot