Go: x/crypto/ripemd160: incorrect output on checksumming "\x00"

Created on 31 Jul 2019  路  4Comments  路  Source: golang/go

What version of Go are you using (go version)?

go version devel +39d4178 Wed Jul 31 05:45:43 2019 +0000 linux/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/jhg/.cache/go-build"
GOENV="/home/jhg/.config/go/env"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/home/jhg/cfmbed/cryptofuzz/modules/golang/test/go/packages"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/home/jhg/cfmbed/cryptofuzz/modules/golang/test/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/home/jhg/cfmbed/cryptofuzz/modules/golang/test/go/pkg/tool/linux_amd64"
GCCGO="gccgo"
AR="ar"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
GOMOD=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build882554262=/tmp/go-build -gno-record-gcc-switches"

What did you do?

https://play.golang.org/p/PiX7cpLO5er

What did you expect to see?

What did you see instead?

Comments

Compare:

echo -en "\x00" | openssl ripemd160

Found with Cryptofuzz https://github.com/guidovranken/cryptofuzz

FrozenDueToAge
Source
picture guidovranken

Most helpful comment

Thank you @tmthrgd!

@guidovranken in deed, you need to firstly write

h.Write([]byte("\x00"))

and then for the final checksum

h.Sum(nil)

otherwise by passing in []byte{0x00} to h.Sum you are asking it to append those bytes to the current hash and return the resulting slice

        // Sum appends the current hash to b and returns the resulting slice.
        // It does not change the underlying hash state.
        Sum(b []byte) []byte

as @tmthrgd linked.

picture odeke-em on 31 Jul 2019
👍2

All 4 comments

Thank you for this report @guidovranken!

I shall ping some cryptography experts @FiloSottile @agl @veorq to take a look.

odeke-em picture odeke-em on 31 Jul 2019

You鈥檙e holding it wrong. Take a look at the hash.Hash docs and this playground link: https://play.golang.org/p/5JWW7P4L7lJ.

tmthrgd picture tmthrgd on 31 Jul 2019
👍1

Ahh. Sorry for the false positive.

guidovranken picture guidovranken on 31 Jul 2019
1

Thank you @tmthrgd!

@guidovranken in deed, you need to firstly write

h.Write([]byte("\x00"))

and then for the final checksum

h.Sum(nil)

otherwise by passing in []byte{0x00} to h.Sum you are asking it to append those bytes to the current hash and return the resulting slice

        // Sum appends the current hash to b and returns the resulting slice.
        // It does not change the underlying hash state.
        Sum(b []byte) []byte

as @tmthrgd linked.

odeke-em picture odeke-em on 31 Jul 2019
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

go101 picture go101  路  3Comments
stub42 picture stub42  路  3Comments
longzhizhi picture longzhizhi  路  3Comments
ajstarks picture ajstarks  路  3Comments
enoodle picture enoodle  路  3Comments