Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
crypto/rsa: reject short signatures #21896
During dev.boringcrypto work, I discovered that x/crypto/openpgp tests depend on crypto/rsa accepting trimmed RSA signatures, in which leading zeros have been removed, while BoringSSL does not. @agl says that the Go library is in error and that such signatures are not valid. We should fix this (in master, not just dev.boringcrypto) for Go 1.10 and mark it in the release notes. Will need to fix openpgp first.