wycheproof
wycheproof copied to clipboard
C2SP
Updated test vector coverage on the front page
Whycheproof test vectors are amazing. But to be of any use, people must know of their existence.
When I first checked out Whycheproof, this list didn't include EdDSA, which my crypto library implements. This mislead me into believing Whycheproof didn't have EdDSA test vectors. This oversight allowed a critical, trivially exploitable, vulnerability to slip through.
Had the front page been up to date, I would have used the EdDSA test vectors, and would have noticed the vulnerability before I commit it to production.
Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).
:memo: Please visit https://cla.developers.google.com/ to sign.
Once you've signed (or fixed any issues), please reply here with @googlebot I signed it! and we'll verify it.
What to do if you already signed the CLA
Individual signers
- It's possible we don't have your GitHub username or you're using a different email address on your commit. Check your existing CLA data and verify that your email is set on your git commits.
Corporate signers
- Your company has a Point of Contact who decides which employees are authorized to participate. Ask your POC to be added to the group of authorized contributors. If you don't know who your Point of Contact is, direct the Google project maintainer to go/cla#troubleshoot (Public version).
- The email used to register you as an authorized contributor must be the email used for the Git commit. Check your existing CLA data and verify that your email is set on your git commits.
- The email used to register you as an authorized contributor must also be attached to your GitHub account.
ℹ️ Googlers: Go here for more info.
@dsernst, I think this project is no longer maintained.
- The last commit is it from 2019
- My trivial (yet I believe useful) 5-lines patch has yet to be either rejected or accepted, in almost 2 years now.
- Among 18 opened issues, 12 are over 2 years old.
This change is reflected in dbe819bb94a5dc6081f440eeb4a6809c7ff66511. The attribution was lost due to a tooling configuration issue. Thank you for the contribution.
At last, thanks for looking into this.
I do hope the tooling issue is resolved though, miss-attribution is often a bigger deal than maintainers realize (though in this case I reckon this contribution is hardly worth any street cred).