ssv icon indicating copy to clipboard operation
ssv copied to clipboard

Published 20 hours ago verified publisher icon ssvlabs

Deprecation warning from crypto/x509

Open amirylm opened this issue 3 years ago • 0 comments

golangci-lint shows warnings when running with Go >= 1.16:

https://github.com/bloxapp/ssv/blob/02931550e2c5285c4ddf0c874cc9363a80ef8c9f/utils/rsaencryption/rsa_encryption.go#L57

SA1019: x509.IsEncryptedPEMBlock has been deprecated since Go 1.16 because it shouldn't be used: Legacy PEM encryption as specified in RFC 1423 is insecure by design. Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. (staticcheck)

https://github.com/bloxapp/ssv/blob/02931550e2c5285c4ddf0c874cc9363a80ef8c9f/utils/rsaencryption/rsa_encryption.go#L61

SA1019: x509.DecryptPEMBlock has been deprecated since Go 1.16 because it shouldn't be used: Legacy PEM encryption as specified in RFC 1423 is insecure by design. Since it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. (staticcheck)

amirylm avatar Jul 19 '21 08:07 amirylm