Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-31379

Undefined behavior in the reference Ed25519 implementation

Details

    Description

      This is from the MaxScale sources but the same undefined behavior that UBSAN reports should be in MariaDB as well:

      /home/timofey_turenko_mariadb_com/MaxScale/server/modules/authenticator/Ed25519/ref10/fe_sq.c:121:76: runtime error: left shift of negative value -46510040
          #0 0x7f0921c31b8b in mxs_ed25519_ref10_fe_sq /home/timofey_turenko_mariadb_com/MaxScale/server/modules/authenticator/Ed25519/ref10/fe_sq.c:121
          #1 0x7f0921c0dc63 in mxs_ed25519_ref10_ge_frombytes_negate_vartime /home/timofey_turenko_mariadb_com/MaxScale/server/modules/authenticator/Ed25519/ref10/ge_frombytes.c:21
          #2 0x7f0921c0addd in crypto_sign_open /home/timofey_turenko_mariadb_com/MaxScale/server/modules/authenticator/Ed25519/ref10/open.c:24
      

      It seems this problem has also been found by others:
      https://github.com/hyperledger/iroha-ed25519/commit/b61a1e77af5dc458ed6a5aee395d5b22775a4917
      https://github.com/randombit/botan/issues/1372

      Attachments

        Issue Links

          Activity

            markus makela markus makela added a comment -

            According to marko this wasn't seen in a recent run with UBSAN enabled.

            markus makela markus makela added a comment - According to marko this wasn't seen in a recent run with UBSAN enabled.

            I have observed this error in my local builds at least since 2020. I had commented about it in MDEV-29332.

            For some reason, the https://buildbot.mariadb.net/buildbot/builders/kvm-ubsan/ builder does not report this. It compiles with GCC 9.3.0, while I would use something newer.

            marko Marko Mäkelä added a comment - I have observed this error in my local builds at least since 2020. I had commented about it in MDEV-29332 . For some reason, the https://buildbot.mariadb.net/buildbot/builders/kvm-ubsan/ builder does not report this. It compiles with GCC 9.3.0, while I would use something newer.
            danblack Daniel Black added a comment -

            hyperledger resoved by using unsigned types

            botan changed shifts to multication

            Visible on amd64-debian-12-asan-ubsan builder:

            https://buildbot.mariadb.org/#/builders/588/builds/3371/steps/9/logs/stdio (10.6)

            perfschema.hostcache_ipv4_auth_ed25519   w7 [ fail ]  Found warnings/errors in server log file!
                    Test ended at 2024-03-05 22:39:26
            line
            /home/buildbot/amd64-debian-12-asan-ubsan/build/plugin/auth_ed25519/ref10/fe_mul.c:208:76: runtime error: left shift of negative value -5350089
            /home/buildbot/amd64-debian-12-asan-ubsan/build/plugin/auth_ed25519/ref10/fe_mul.c:215:76: runtime error: left shift of negative value -208233749
            /home/buildbot/amd64-debian-12-asan-ubsan/build/plugin/auth_ed25519/ref10/fe_mul.c:222:76: runtime error: left shift of negative value -238031246
            /home/buildbot/amd64-debian-12-asan-ubsan/build/plugin/auth_ed25519/ref10/fe_mul.c:229:76: runtime error: left shift of negative value -29947552
            /home/buildbot/amd64-debian-12-asan-ubsan/build/plugin/auth_ed25519/ref10/fe_sq.c:124:76: runtime error: left shift of negative value -104164572
            /home/buildbot/amd64-debian-12-asan-ubsan/build/plugin/auth_ed25519/ref10/fe_sq.c:129:76: runtime error: left shift of negative value -271089255
            /home/buildbot/amd64-debian-12-asan-ubsan/build/plugin/auth_ed25519/ref10/fe_sq.c:130:76: runtime error: left shift of negative value -171532679
            /home/buildbot/amd64-debian-12-asan-ubsan/build/plugin/auth_ed25519/ref10/fe_sq.c:132:76: runtime error: left shift of negative value -4
            /home/buildbot/amd64-debian-12-asan-ubsan/build/plugin/auth_ed25519/ref10/fe_sq.c:135:81: runtime error: left shift of negative value -14201833
            /home/buildbot/amd64-debian-12-asan-ubsan/build/plugin/auth_ed25519/ref10/fe_sq.c:137:76: runtime error: left shift of negative value -4
            ...
            plugins.auth_ed25519                     w7 [ fail ]  Found warnings/errors in server log file!
                    Test ended at 2024-03-05 22:41:02
            ....
            unit.conc_connection                     w31 [ fail ]  Found warnings/errors in server log file!
                    Test ended at 2024-03-05 22:42:23
            line
            

             

            danblack Daniel Black added a comment - hyperledger resoved by using unsigned types botan changed shifts to multication Visible on amd64-debian-12-asan-ubsan builder : https://buildbot.mariadb.org/#/builders/588/builds/3371/steps/9/logs/stdio (10.6) perfschema.hostcache_ipv4_auth_ed25519 w7 [ fail ] Found warnings/errors in server log file! Test ended at 2024-03-05 22:39:26 line /home/buildbot/amd64-debian-12-asan-ubsan/build/plugin/auth_ed25519/ref10/fe_mul.c:208:76: runtime error: left shift of negative value -5350089 /home/buildbot/amd64-debian-12-asan-ubsan/build/plugin/auth_ed25519/ref10/fe_mul.c:215:76: runtime error: left shift of negative value -208233749 /home/buildbot/amd64-debian-12-asan-ubsan/build/plugin/auth_ed25519/ref10/fe_mul.c:222:76: runtime error: left shift of negative value -238031246 /home/buildbot/amd64-debian-12-asan-ubsan/build/plugin/auth_ed25519/ref10/fe_mul.c:229:76: runtime error: left shift of negative value -29947552 /home/buildbot/amd64-debian-12-asan-ubsan/build/plugin/auth_ed25519/ref10/fe_sq.c:124:76: runtime error: left shift of negative value -104164572 /home/buildbot/amd64-debian-12-asan-ubsan/build/plugin/auth_ed25519/ref10/fe_sq.c:129:76: runtime error: left shift of negative value -271089255 /home/buildbot/amd64-debian-12-asan-ubsan/build/plugin/auth_ed25519/ref10/fe_sq.c:130:76: runtime error: left shift of negative value -171532679 /home/buildbot/amd64-debian-12-asan-ubsan/build/plugin/auth_ed25519/ref10/fe_sq.c:132:76: runtime error: left shift of negative value -4 /home/buildbot/amd64-debian-12-asan-ubsan/build/plugin/auth_ed25519/ref10/fe_sq.c:135:81: runtime error: left shift of negative value -14201833 /home/buildbot/amd64-debian-12-asan-ubsan/build/plugin/auth_ed25519/ref10/fe_sq.c:137:76: runtime error: left shift of negative value -4 ... plugins.auth_ed25519 w7 [ fail ] Found warnings/errors in server log file! Test ended at 2024-03-05 22:41:02 .... unit.conc_connection w31 [ fail ] Found warnings/errors in server log file! Test ended at 2024-03-05 22:42:23 line  
            danblack Daniel Black added a comment -

            As hyperledger is the reference implementation also - cherry picked their commit in https://github.com/MariaDB/server/pull/3103

            danblack Daniel Black added a comment - As hyperledger is the reference implementation also - cherry picked their commit in https://github.com/MariaDB/server/pull/3103
            danblack Daniel Black added a comment - clean build - https://buildbot.mariadb.org/#/builders/588/builds/3374

            People

              serg Sergei Golubchik
              markus makela markus makela
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.