[MDEV-31379] Undefined behavior in the reference Ed25519 implementation - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 10.5
Fix Version/s: 10.5.25, 10.6.18, 10.11.8, 11.0.6, 11.1.5, 11.2.4, 11.4.2
Component/s: Plugins
Labels:
None

Description

This is from the MaxScale sources but the same undefined behavior that UBSAN reports should be in MariaDB as well:

/home/timofey_turenko_mariadb_com/MaxScale/server/modules/authenticator/Ed25519/ref10/fe_sq.c:121:76: runtime error: left shift of negative value -46510040

    #0 0x7f0921c31b8b in mxs_ed25519_ref10_fe_sq /home/timofey_turenko_mariadb_com/MaxScale/server/modules/authenticator/Ed25519/ref10/fe_sq.c:121

    #1 0x7f0921c0dc63 in mxs_ed25519_ref10_ge_frombytes_negate_vartime /home/timofey_turenko_mariadb_com/MaxScale/server/modules/authenticator/Ed25519/ref10/ge_frombytes.c:21

    #2 0x7f0921c0addd in crypto_sign_open /home/timofey_turenko_mariadb_com/MaxScale/server/modules/authenticator/Ed25519/ref10/open.c:24

It seems this problem has also been found by others:
https://github.com/hyperledger/iroha-ed25519/commit/b61a1e77af5dc458ed6a5aee395d5b22775a4917
https://github.com/randombit/botan/issues/1372

Attachments

Issue Links

is duplicated by

MDEV-31801 Undefined behavior in ed25519

Closed

is part of

MDEV-25454 Make MariaDB server UBSAN safe

Confirmed

MDEV-33073 always green buildbot

Stalled

relates to

MXS-4686 Undefined behavior in ed25519 plugin

Closed

CONC-730 Reference ed25519 implementation contained undefined behaviour

Closed

Activity

People

Assignee:: Sergei Golubchik

Reporter:: markus makela

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2023-06-01 06:00

Updated:: 2024-09-18 07:20

Resolved:: 2024-03-27 16:07

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.