Bugzilla – Attachment 3614 Details for
Bug 3475
clang-15 amd64 ED25519 signature verification nondeterministic spurious failure
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch with a kludge fix
ed25519_bit256_glitch.patch (text/plain), 616 bytes, created by
Daniel Pouzzner
on 2022-09-25 04:22:20 AEST
(
hide
)
Description:
patch with a kludge fix
Filename:
MIME Type:
Creator:
Daniel Pouzzner
Created:
2022-09-25 04:22:20 AEST
Size:
616 bytes
patch
obsolete
>--- openssh-9.0p1/ed25519.c 2022-04-05 19:47:48.000000000 -0500 >+++ openssh-9.0p1/ed25519.c 2022-09-24 12:54:09.826021259 -0500 >@@ -127,6 +127,13 @@ int crypto_sign_ed25519_open( > ge25519_double_scalarmult_vartime(&get2, &get1, &schram, &ge25519_base, &scs); > ge25519_pack(t2, &get2); > >+ /* nonsignificant bit #256 is nondeterministically set/clear in >+ * sm[31], but always clear in t2[31], so it needs to be copied >+ * verbatim from sm to t2, to avoid spurious mismatches from >+ * crypto_verify_32(). >+ */ >+ t2[31] |= sm[31] & 0x80; >+ > ret = crypto_verify_32(sm, t2); > > if (!ret)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3614">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 3475
:
3614
|
3628