Go: crypto/ed25519: differences in edge case handling between s390x KDSA implementation and Go implementation

Created on 29 Jul 2020  路  3Comments  路  Source: golang/go

@hdevalence has indentified several examples of crafted signed messages that pass verification when using the software implementation of crypto/ed25519 but fail verification when using the s390x KDSA implementation. Regardless of which is correct, the s390x KDSA implementation is new to Go 1.15 so I propose we remove it before the final release is cut to avoid the situation where we see different behaviour when running on different platforms. Once we have more information we can consider whether we can re-add it, perhaps with other fixes or custom special case handling, in a future release.

NeedsFix arch-s390x release-blocker
Source
picture mundaym
👍1

Most helpful comment

@FiloSottile as the tree is still frozen, if the change lands in the master branch it will be merged into the 1.15 release branch before the next RC or final release.

picture andybons on 29 Jul 2020
👍5

All 3 comments

Change https://golang.org/cl/245497 mentions this issue: crypto/ed25519: remove s390x KDSA implementation

gopherbot picture gopherbot on 29 Jul 2020

/cc @golang/osp-team, this will need cherry-picking, how are you tracking cherry-picks?

FiloSottile picture FiloSottile on 29 Jul 2020

@FiloSottile as the tree is still frozen, if the change lands in the master branch it will be merged into the 1.15 release branch before the next RC or final release.

andybons picture andybons on 29 Jul 2020
👍5
Was this page helpful?
0 / 5 - 0 ratings

Related issues

rsc picture rsc  路  3Comments
jayhuang75 picture jayhuang75  路  3Comments
natefinch picture natefinch  路  3Comments
longzhizhi picture longzhizhi  路  3Comments
bradfitz picture bradfitz  路  3Comments