New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/rsa: correct the RIPEMD160 hash prefix per RFC 4880 #35168
Conversation
This PR (HEAD: acd10d4) has been imported to Gerrit for code review. Please visit https://go-review.googlesource.com/c/go/+/203480 to see it. Tip: You can toggle comments from me using the |
Message from Filippo Valsorda: Patch Set 1: Run-TryBot+1 Interesting, given how our signature verification works (by just comparing the prefix), has this never worked, and no one noticed? How did you notice? We'll definitely need a test for this, with details about how it was generated, and ideally a better reference than an OpenPGP RFC. Please don’t reply on this GitHub thread. Visit golang.org/cl/203480. |
Message from Gobot Gobot: Patch Set 1: TryBots beginning. Status page: https://farmer.golang.org/try?commit=8f5e1dcb Please don’t reply on this GitHub thread. Visit golang.org/cl/203480. |
Message from Gobot Gobot: Patch Set 1: TryBot-Result+1 TryBots are happy. Please don’t reply on this GitHub thread. Visit golang.org/cl/203480. |
Yeah, this is difficult... I'm not finding a good source. My assumption is that it's always been incorrect. And the "corrected" version is more widespread: I realize this is hardly enough to advocate for changing :) |
Message from Emmanuel Odeke: Patch Set 1: (1 comment) Thank you for this catch Scott, much appreciated! Here is a regression test to seed a test, please // Issue 35495: ensure that the hash prefixes from
} and currently it'll print: Please don’t reply on this GitHub thread. Visit golang.org/cl/203480. |
This PR is being closed because golang.org/cl/203480 has been abandoned. See #35495 |
https://tools.ietf.org/html/rfc4880#section-5.2.2
I validated the fix using 3rd party software (openssl) to ensure interoperability; I was unable to find an algorithm validation test