[go-nuts] openpgp seems to work but then panics saying missing hash function

On 26/07/2013, at 9:29, nhelke@gmail.com wrote:

Hi

Is this a bug or am I doing something wrong?

For testing purposed I wrote the following program based heavily on https://www.imperialviolet.org/2011/06/12/goopenpgp.html adapted for the API changes and using dynamically generated Entities (so that this is easier for you to copy paste and test on your machines, I have also tried locally with my real keyring):

package main

import (
"fmt"
"os"

"code.google.com/p/go.crypto/openpgp"
"code.google.com/p/go.crypto/openpgp/armor"
)

func main() {
Alice, _ := openpgp.NewEntity("Alice", "", "alice@example.com", nil)
Bob, _ := openpgp.NewEntity("Bob", "", "bob@example.com", nil)

out, _ := armor.Encode(os.Stdout, "PGP MESSAGE", nil)

cipher, _ := openpgp.Encrypt(out, []*openpgp.Entity{Bob}, Alice, nil, nil)

fmt.Fprintln(cipher, "Done")

cipher.Close()
}

When I run it I get the following. You can safely ignore the armored body, it is included to illustrate that it does seem to encrypt and sign at least some of the text before panicking.

$ go run sandbox.go
-----BEGIN PGP MESSAGE-----

wcBMA60b0anhq+stAQgAhP4tNjjEyXLg+BPNRJovJnS7IjeJTsVMcbRMn2YlFItU
c49pB0MSq2Lm0Zu7CHNpXDx+68CBAq+eIY2EJdPfwuiOna/7WWs6Eccrg9PBHdnJ
1IpK4KS+H02gjTFevTmEizN84gbKYzHMOTu6fLBIt9Ls3jj/IkeXST8GF+izgn8c
wucFtSPxgo2tUL8F/pKrB4e6/zQ/NB16UFEDNLu4hUNshnPUrGTv+hx76CjRbivd
svTRriWYbcCUDAVpISei4yVVMWdHB0ABiYa2qNxYbl+C6VQ1qmqQkLlzSUXVJLNq
zefvK7ne+oJl0DOnBJm8rrTTqjTl/OdHKBxrs61SttLgAeOgLAg6f3xn3OEtsOER
panic: crypto: requested hash function is unavailable

goroutine 1 [running]:
crypto.Hash.New(0x9, 0xc20004a550, 0x5d0800)
/usr/lib/go/src/pkg/crypto/crypto.go:62 +0xab
code.google.com/p/go.crypto/openpgp.Encrypt(0xc2000e7000, 0xc200130550, 0x7fab8e08df20, 0x1, 0x1, ...)
/home/nhelke/go/src/code.google.com/p/go.crypto/openpgp/write.go:284 +0xfb5
main.main()
/tmp/tmp.IxKWip9R0f/sandbox.go:17 +0x1e8
exit status 2

Any help would be much appreciated. I googled the error message and the only seemingly relevant result was the actual crypto lib source code.

Best,

Nicholas
--
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

On Thursday, July 25, 2013 7:29:40 PM UTC-4, Nicholas Helke wrote:

Hi

Is this a bug or am I doing something wrong?

On Monday, July 29, 2013 12:53:06 PM UTC-7, agl wrote:
Actually, I think this might be a real bug in openpgp. Could you try
catching the errors and patching this in?

https://codereview.appspot.com/12055043

That should, at least, return an error rather than crashing. In order to
get it to work after that I think you just need to compile in the right
hash function. Adding

_ "crypto/sha256"

to the import section will probably do it.


Cheers

AGL

On Fri, Aug 2, 2013 at 9:17 PM, Nicholas Helke wrote:
@AGL The patch fixes it, or rather gets openpgp to return a helpful error in
lieu of just panicking with that most unhelpful message.

Before your patch I worked out that it was trying to use RIPEMD160 by using
GDB and a breakpoint at http://godoc.org/crypto?file=crypto.go#Hash.New. The
documentation then helpfully indicates:

RIPEMD160 // import
code.google.com/p/go.crypto/ripemd160

I still wonder whether I should not submit a patch to the standard library
to give more details when panicking. Since the RIPEMD160 const is defined in
crypto, why not make the panic message more helpful by specifying what hash
is missing? I'm guessing it is declared there from when ripemd160 and
openpgp were still part of the standard library back before Go 1.