Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
crypto/elliptic: possible bug with deriving a secret for ApplePay token #28723
What version of Go are you using (
Hi @vadimyer. That’s a common bug in Go applications due to the fact that the standard library returns a *big.Int, a type that has no fixed size. When it gets serialized to bytes, it will miss any expected leading zeroes, as it has no way of knowing how many.
Specifically, the bug is here
but I would recommend fixing it by returning a padded byte from ecdheSharedSecret().