Closed
Description
What version of Go are you using (go version)?
go version go1.20.5 linux/amd64
Does this issue reproduce with the latest release?
Yes, but only the 1.20 branch, not 1.19
What operating system and processor architecture are you using (go env)?
Linux x64
What did you do?
https://go.dev/play/p/CCW4-OX4nMQ
What did you expect to see?
No panic
What did you see instead?
panic: ecdsa: internal error: truncated hash is too long
goroutine 1 [running]:
crypto/ecdsa.hashToNat[...](0xc00010604a?, 0xc0000605a0?, {0xc000051ebe?, 0xc000060660?, 0x1b1c1c4138914079?})
/usr/local/go-faketime/src/crypto/ecdsa/ecdsa.go:397 +0x167
crypto/ecdsa.verifyNISTEC[...](0xc00001e180, 0xc000051f50, {0xc000051ebe, 0x42, 0x42}, {0xc000106000, 0x0?, 0x0?})
/usr/local/go-faketime/src/crypto/ecdsa/ecdsa.go:511 +0x389
crypto/ecdsa.VerifyASN1(0xc000051f50, {0xc000051ebe, 0x42, 0x42}, {0xc000106000, 0x8b, 0xa0})
/usr/local/go-faketime/src/crypto/ecdsa/ecdsa.go:482 +0x1aa
crypto/ecdsa.Verify(0x40b75e?, {0xc000051ebe, 0x42, 0x42}, 0x0?, 0xc000051f10)
/usr/local/go-faketime/src/crypto/ecdsa/ecdsa_legacy.go:126 +0x10b
main.main()
/tmp/sandbox2369747498/prog.go:26 +0x22b
Found on OSS-Fuzz