Behaviour change in `crypto:verify/5` between 24.3.4.5 and 25.0

Question

Behaviour change in `crypto:verify/5` between 24.3.4.5 and 25.0

mtrudel opened this issue 2 years ago · 2 comments

Describe the bug
Calls to crypto:verify/5 which succeeded on OTP up to and including 24.3.4.5 now fail on OTP 25.0 and newer.

To Reproduce

Message = <<115, 205, 18, 146, 208, 219, 183, 107, 241, 205, 182, 147, 60, 175, 110, 115,
  186, 186, 9, 228, 115, 196, 97, 28, 38, 200, 191, 59, 112, 141, 3, 54, 69, 66,
  70, 66, 56, 65, 56, 50, 45, 57, 69, 52, 48, 45, 52, 57, 57, 69, 45, 66, 68,
  53, 49, 45, 51, 50, 52, 50, 68, 55, 48, 57, 57, 69, 56, 53, 86, 64, 132, 242,
  162, 131, 28, 46, 85, 114, 54, 183, 19, 255, 150, 107, 23, 18, 227, 60, 190,
  106, 248, 156, 48, 74, 18, 58, 235, 168, 156, 216>>.
Signature = <<214, 188, 190, 17, 243, 236, 205, 32, 101, 36, 137, 44, 107, 221, 72, 134,
  119, 8, 223, 217, 136, 25, 143, 111, 222, 79, 160, 76, 59, 163, 75, 126, 3,
  177, 69, 235, 36, 216, 139, 69, 213, 24, 115, 198, 42, 227, 173, 162, 136,
  163, 8, 149, 154, 201, 73, 78, 254, 67, 75, 69, 82, 176, 13, 8>>.
Key = <<86, 64, 132, 242, 162, 131, 28, 46, 85, 114, 54, 183, 19, 255, 150, 107, 23,
  18, 227, 60, 190, 106, 248, 156, 48, 74, 18, 58, 235, 168, 156, 216>>.
crypto:verify(eddsa, sha512, Message, Signature, [Key, ed25519]).

The above call returns true on OTP 24.3.4.5 (and all earlier versions that I've tried), and false on OTP 25.0 and newer

(Mis)behaviour verified on macOS 12.3.1 (Erlang installed via asdf), and aarch64 linux (via official Docker images)

Expected behavior

OTP behaviour should be unchanged

Affected versions

OTP 25.0 and newer

Answer 1 · 2022-09-19T06:47:16.000Z

This has been fixed in OTP-25.1, planned to be released on Wednesday 21 September. This issue is a duplicate of #6219

Answer 2 · 2022-09-19T13:35:03.000Z

I can confirm that this is fixed on master. Thanks for the quick turnaround!