crypto/ed25519: differences in edge case handling between s390x KDSA implementation and Go implementation #40475
Labels
arch-s390x
Issues solely affecting the s390x architecture.
FrozenDueToAge
NeedsFix
The path to resolution is known, but the work has not been done.
release-blocker
Milestone
@hdevalence has indentified several examples of crafted signed messages that pass verification when using the software implementation of
crypto/ed25519
but fail verification when using the s390x KDSA implementation. Regardless of which is correct, the s390x KDSA implementation is new to Go 1.15 so I propose we remove it before the final release is cut to avoid the situation where we see different behaviour when running on different platforms. Once we have more information we can consider whether we can re-add it, perhaps with other fixes or custom special case handling, in a future release.The text was updated successfully, but these errors were encountered: