otp icon indicating copy to clipboard operation
otp copied to clipboard

Published 20 hours ago verified publisher icon erlang

public_key:sign/3 returns different result on OTP 25 and earlier versions

Open hauleth opened this issue 2 years ago • 2 comments

Describe the bug

Different signature returned on different Erlang versions.

To Reproduce

OTP 24:

Key = {'ECPrivateKey',1,
                      <<15,192,10,239,169,93,9,105,143,13,221,71,191,255,201,
                        60,8,80,43,234,82,68,151,219,233,144,174,41,227,241,
                        229,232>>,
                      {namedCurve,{1,3,101,112}},
                      <<209,208,142,135,125,251,57,203,2,49,232,74,238,214,170,
                        181,23,107,221,39,187,225,106,19,34,133,117,198,138,
                        180,16,70>>,
                      asn1_NOVALUE},
Algo = sha512,
Body = <<83,83,72,83,73,71,0,0,0,4,116,101,120,116,0,0,0,0,0,0,0,6,115,104,97,
         53,49,50,0,0,0,64,119,199,206,154,93,134,187,56,109,68,59,185,99,144,
         250,161,32,99,49,88,105,156,136,68,195,11,19,171,11,249,39,96,183,228,
         65,106,234,57,125,185,27,74,192,229,221,86,184,239,126,75,6,97,98,171,
         31,220,8,131,25,206,109,239,200,118>>,
<<203,148,171,54,165,4,216,251,189,124,35,227,88,183,187,225,142,10,132,163,98,
  48,167,195,67,12,49,148,85,146,41,14,58,0,198,68,103,114,90,61,31,38,200,198,
  64,179,135,138,31,172,236,105,0,71,50,195,168,247,216,110,210,61,159,5>> = public_key:sign(Body, Algo, Key).

OTP 25:

Key = {'ECPrivateKey',1,
                      <<15,192,10,239,169,93,9,105,143,13,221,71,191,255,201,
                        60,8,80,43,234,82,68,151,219,233,144,174,41,227,241,
                        229,232>>,
                      {namedCurve,{1,3,101,112}},
                      <<209,208,142,135,125,251,57,203,2,49,232,74,238,214,170,
                        181,23,107,221,39,187,225,106,19,34,133,117,198,138,
                        180,16,70>>,
                      asn1_NOVALUE},
Algo = sha512,
Body = <<83,83,72,83,73,71,0,0,0,4,116,101,120,116,0,0,0,0,0,0,0,6,115,104,97,
         53,49,50,0,0,0,64,119,199,206,154,93,134,187,56,109,68,59,185,99,144,
         250,161,32,99,49,88,105,156,136,68,195,11,19,171,11,249,39,96,183,228,
         65,106,234,57,125,185,27,74,192,229,221,86,184,239,126,75,6,97,98,171,
         31,220,8,131,25,206,109,239,200,118>>,
<<131,113,32,77,175,76,58,217,159,175,79,84,2,117,64,59,26,203,233,186,196,57,
  179,86,111,161,107,196,14,189,57,22,196,212,161,37,237,115,105,247,152,115,3,
  91,80,32,151,126,174,160,223,168,130,119,204,213,198,111,139,95,230,65,99,7>> = public_key:sign(Body, Algo, Key).

Expected behavior

public_key:sign/3 should return the same value on all versions. The result on OTP 24 is the correct one (checked against OpenSSL ssh-keygen signing functionality).

Affected versions

  • OTP 25

hauleth avatar Aug 12 '22 08:08 hauleth

Which versions of OpenSSL cryptolib did you link to Erlang in the two cases?

(Call crypto:info() to get that information)

HansN avatar Aug 15 '22 06:08 HansN

OTP 24:

1> crypto:info_lib().
[{<<"OpenSSL">>,269488415,<<"OpenSSL 1.1.1q  5 Jul 2022">>}]

OTP 25:

1> crypto:info_lib().
[{<<"OpenSSL">>,269488415,<<"OpenSSL 1.1.1q  5 Jul 2022">>}]

Both installations use the same version.

hauleth avatar Aug 15 '22 12:08 hauleth

If it can help, I use versions packaged by Nix on macOS and I haven't compiled them on my machine.

hauleth avatar Aug 16 '22 13:08 hauleth

Thanks for info of the versions information!

A "funny" thing is that in OTP-24 it seems as it does not matter if one writes public_key:sign(Body, sha512, Key) or public_key:sign(Body, none, Key) with ed25519 as you use. In OTP-25 it matters. I get the same as in OTP-24 if I call public_key:sign(Body, none, Key) in OTP-25.

We are right now investigating why and also how it should be.

HansN avatar Aug 16 '22 15:08 HansN

Fixed in maint and master. It will be released in OTP-25.1

Thanks for the report!

HansN avatar Aug 19 '22 08:08 HansN