nspcc-dev/neofs-crypto
1
0
Fork 0
mirror of https://github.com/nspcc-dev/neofs-crypto.git synced 2026-03-01 04:29:00 +00:00
Code Issues 2 Projects Packages Wiki Activity

The sign method panics with go1.19 #2

New issue
Closed
opened 2025-12-28 18:13:23 +00:00 by sami · 1 comment
sami commented 2025-12-28 18:13:23 +00:00
Owner
Copy link

Originally created by @KirillovDenis on GitHub (Aug 8, 2022).

With go1.19 this nspcc-dev/neofs-crypto@357aa98aa2/ecdsa.go (L217) panics now: https://tip.golang.org/doc/go1.19#minor_library_changes

This affects neofs-api-go nspcc-dev/neofs-api-go@882c4ab76c/go.mod (L6) and then neofs-sdk-go, neofs-http-gw and so on.

Code to reproduce:

pk, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
require.NoError(t, err)

msg := []byte{1, 2, 3, 4}

_, err = crypto.Sign(pk, msg)
require.NoError(t, err)

Panic message:

panic: crypto/elliptic: attempted operation on invalid point [recovered]
	panic: crypto/elliptic: attempted operation on invalid point

goroutine 6 [running]:
testing.tRunner.func1.2({0xacc2e0, 0xcf7450})
	/home/denis/go/go1.19/src/testing/testing.go:1396 +0x24e
testing.tRunner.func1()
	/home/denis/go/go1.19/src/testing/testing.go:1399 +0x39f
panic({0xacc2e0, 0xcf7450})
	/home/denis/go/go1.19/src/runtime/panic.go:884 +0x212
crypto/elliptic.panicIfNotOnCurve({0xd05fa8?, 0x12245b0?}, 0x80?, 0x7?)
	/home/denis/go/go1.19/src/crypto/elliptic/elliptic.go:182 +0xa5
crypto/elliptic.Marshal({0xd05fa8, 0x12245b0}, 0xc0001d9a40?, 0xc00008feb8?)
	/home/denis/go/go1.19/src/crypto/elliptic/elliptic.go:75 +0x31
github.com/nspcc-dev/neofs-crypto.marshalXY(...)
	/home/denis/go/pkg/mod/github.com/nspcc-dev/neofs-crypto@v0.3.0/ecdsa.go:44
github.com/nspcc-dev/neofs-crypto.Sign(0xd02318?, {0xc00008ff4c?, 0x0?, 0x0?})
	/home/denis/go/pkg/mod/github.com/nspcc-dev/neofs-crypto@v0.3.0/ecdsa.go:217 +0xd8
Originally created by @KirillovDenis on GitHub (Aug 8, 2022). With go1.19 this https://github.com/nspcc-dev/neofs-crypto/blob/357aa98aa2adddadd6a726cfdcecd894b55ba0d7/ecdsa.go#L217 panics now: https://tip.golang.org/doc/go1.19#minor_library_changes This affects neofs-api-go https://github.com/nspcc-dev/neofs-api-go/blob/882c4ab76c53d9eb8c41ca9155b25dcd99836946/go.mod#L6 and then [neofs-sdk-go](https://github.com/nspcc-dev/neofs-sdk-go), [neofs-http-gw](https://github.com/nspcc-dev/neofs-http-gw) and so on. Code to reproduce: ```golang pk, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) require.NoError(t, err) msg := []byte{1, 2, 3, 4} _, err = crypto.Sign(pk, msg) require.NoError(t, err) ``` Panic message: ``` panic: crypto/elliptic: attempted operation on invalid point [recovered] panic: crypto/elliptic: attempted operation on invalid point goroutine 6 [running]: testing.tRunner.func1.2({0xacc2e0, 0xcf7450}) /home/denis/go/go1.19/src/testing/testing.go:1396 +0x24e testing.tRunner.func1() /home/denis/go/go1.19/src/testing/testing.go:1399 +0x39f panic({0xacc2e0, 0xcf7450}) /home/denis/go/go1.19/src/runtime/panic.go:884 +0x212 crypto/elliptic.panicIfNotOnCurve({0xd05fa8?, 0x12245b0?}, 0x80?, 0x7?) /home/denis/go/go1.19/src/crypto/elliptic/elliptic.go:182 +0xa5 crypto/elliptic.Marshal({0xd05fa8, 0x12245b0}, 0xc0001d9a40?, 0xc00008feb8?) /home/denis/go/go1.19/src/crypto/elliptic/elliptic.go:75 +0x31 github.com/nspcc-dev/neofs-crypto.marshalXY(...) /home/denis/go/pkg/mod/github.com/nspcc-dev/neofs-crypto@v0.3.0/ecdsa.go:44 github.com/nspcc-dev/neofs-crypto.Sign(0xd02318?, {0xc00008ff4c?, 0x0?, 0x0?}) /home/denis/go/pkg/mod/github.com/nspcc-dev/neofs-crypto@v0.3.0/ecdsa.go:217 +0xd8 ```
sami 2025-12-28 18:13:23 +00:00
  • closed this issue
  • added the
    bug
         label
sami commented 2025-12-28 18:13:24 +00:00
Author
Owner
Copy link

@roman-khimov commented on GitHub (Aug 8, 2022):

This Sign() is very strange to me:

  1. It outputs 65-byte slice, while normally signatures are 64-byte, that is they don't have a prefix.
  2. The output of ecdsa.Sign() (https://pkg.go.dev/crypto/ecdsa#Sign) is not X and Y, but R and S. No wonder they're not on the curve.

Consider serializing the result like this: nspcc-dev/neo-go@41613cd631/pkg/crypto/keys/private_key.go (L155-L163)

@roman-khimov commented on GitHub (Aug 8, 2022): This `Sign()` is _very_ strange to me: 1. It outputs 65-byte slice, while normally signatures are 64-byte, that is they don't have a prefix. 2. The output of `ecdsa.Sign()` (https://pkg.go.dev/crypto/ecdsa#Sign) is _not_ X and Y, but R and S. No wonder they're not on the curve. Consider serializing the result like this: https://github.com/nspcc-dev/neo-go/blob/41613cd631e662dab1791adc306f53faddb17b89/pkg/crypto/keys/private_key.go#L155-L163
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
v0.4.1
v0.4.0
v0.3.0
v0.2.3
v0.2.2
v0.2.1
v0.2.0
v0.1.0
Labels
Clear labels   
I4

   
S2

   
S2

   
S2

   
U3

   
U4

   
U4

   
blocked

   
blocked

   
bug

   
enhancement

   
enhancement

   
go
No labels
I4
S2
S2
S2
U3
U4
U4
blocked
blocked
bug
enhancement
enhancement
go
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
nspcc-dev/neofs-crypto#2
No description provided.