crypto/x509: truncate signed hash before DSA signature verification
According to spec, the hash must be truncated, but crypto/dsa does not do it. We can't fix it in crypto/dsa, because it would break verification of previously generated signatures. In crypto/x509 however, go can't generate DSA certs, only verify them, so the fix here should be safe. Fixes #22017 Change-Id: Iee7e20a5d76f45da8901a7ca686063639092949f GitHub-Last-Rev: 8041cde8d25d3a336b81d86bd52bff5039568246 GitHub-Pull-Request: golang/go#34630 Reviewed-on: https://go-review.googlesource.com/c/go/+/198138 Reviewed-by:Filippo Valsorda <filippo@golang.org>
Loading
Please sign in to comment