Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
GitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
crypto/x509: Truncate DSA signed data's hash before verification #22017
What version of Go are you using (
(Man, I should never have supported DSA in that code.)
I'm not sure that it's valid to have the hash mismatch with the DSA key type, as you have here. DSA was originally specified only with SHA-1 and with 1024-bit keys. That's what you have in the certificate, but your signature algorithm is DSAWithSHA256. For that, you should have a 2048/256 key.
Unfortunately, it's not really my key - I just need to verify the signature is correct. The signature check in Android passes without a problem, so it's "valid" in that way at least.
I'm fine with having that extra checkWithTruncatedHash function in my code, I just saw that dsa docs say the hash should be truncated, but it isn't in x509 and thought it might be a bug.
According to spec, the hash must be truncated, but crypto/dsa does not do it. We can't fix it in crypto/dsa, because it would break verification of previously generated signatures. In crypto/x509 however, go can't generate DSA certs, only verify them, so the fix here should be safe. Fixes golang#22017