Skip to content

AVM: Catch any panic in edcsa verifying#4368

Merged
algorandskiy merged 3 commits intoalgorand:masterfrom
jannotti:go19-crypto-panics
Jan 6, 2023
Merged

AVM: Catch any panic in edcsa verifying#4368
algorandskiy merged 3 commits intoalgorand:masterfrom
jannotti:go19-crypto-panics

Conversation

@jannotti
Copy link
Copy Markdown
Contributor

@jannotti jannotti commented Aug 7, 2022

Return false from ecdsa_verify if library panics.

@codecov
Copy link
Copy Markdown

codecov Bot commented Aug 7, 2022
edited
Loading

Codecov Report

Merging #4368 (d7c87d7) into master (00b37f2) will increase coverage by 0.01%.
The diff coverage is 86.36%.

@@            Coverage Diff             @@
##           master    #4368      +/-   ##
==========================================
+ Coverage   55.28%   55.30%   +0.01%     
==========================================
  Files         398      398              
  Lines       50336    50340       +4     
==========================================
+ Hits        27829    27839      +10     
+ Misses      20178    20173       -5     
+ Partials     2329     2328       -1
Impacted Files Coverage Δ
data/transactions/logic/eval.go 89.45% <86.36%> (-0.10%) ⬇️
agreement/cryptoVerifier.go 67.60% <0.00%> (-2.12%) ⬇️
agreement/proposalManager.go 96.07% <0.00%> (-1.97%) ⬇️
catchup/peerSelector.go 98.95% <0.00%> (-1.05%) ⬇️
cmd/tealdbg/debugger.go 72.69% <0.00%> (-0.81%) ⬇️
ledger/acctupdates.go 69.59% <0.00%> (-0.60%) ⬇️
catchup/service.go 69.38% <0.00%> (ø)
network/wsNetwork.go 64.82% <0.00%> (+0.19%) ⬆️
network/wsPeer.go 68.21% <0.00%> (+2.73%) ⬆️
ledger/tracker.go 77.87% <0.00%> (+2.97%) ⬆️
... and 1 more

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@jannotti jannotti marked this pull request as ready for review August 7, 2022 15:51
@jannotti jannotti requested a review from algorandskiy August 7, 2022 15:51
@michaeldiamant
Copy link
Copy Markdown
Contributor

michaeldiamant commented Aug 9, 2022

For more complete context, here's the commit changing Go behavior: golang/go@a218b35.

michaeldiamant
michaeldiamant reviewed Aug 9, 2022
View reviewed changes
Comment thread data/transactions/logic/eval.go Outdated
@jannotti @michaeldiamant
typo
2e2cec1 
Co-authored-by: Michael Diamant <michaeldiamant@users.noreply.github.com>
@michaeldiamant michaeldiamant mentioned this pull request Aug 30, 2022
Merged
@cce
Copy link
Copy Markdown
Contributor

cce commented Sep 6, 2022

Invalid points would have led to false before too, right?

@jannotti
Copy link
Copy Markdown
Contributor Author

jannotti commented Sep 6, 2022
edited
Loading

Invalid points would have led to false before too, right?

I sure hope so!

I am a little worried about this fix, because it assume nothing used to panic. If there was something that caused a panic before, that thing would now be caught and cause 0 instead of a guaranteed program failure.

I have done an alternate that explicitly tests for being on the curve instead. Maybe that's better?

This was referenced Nov 2, 2022
Merged
Closed
michaeldiamant
michaeldiamant reviewed Nov 5, 2022
View reviewed changes
Comment thread data/transactions/logic/eval.go
func (cx *EvalContext) ecdsaVerify(curve EcdsaCurve, pkX, pkY []byte, msg []byte, sigR, sigS []byte) (result bool) {
// Go 1.19 panics on bad inputs. Catch it so that re can return false cleanly.
defer func() {
if recover() != nil {
Copy link
Copy Markdown
Contributor

@michaeldiamant michaeldiamant Nov 5, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Leaving a note for when we return to the PR: I'm open to discussion, but initial my preference is to catch the specific failure condition rather than the catch-all presented by the PR.

Additionally - I opened an issue to track upgrading to Go v1.19 with a checklist item referencing this PR: #4759. Intent is to confirm we finalize the PR prior to completing a v1.19 upgrade.

@algorandskiy algorandskiy merged commit 19fa6c2 into algorand:master Jan 6, 2023
jannotti added a commit to jannotti/go-algorand that referenced this pull request Jan 9, 2023
@jannotti
Revert "AVM: Catch any panic in edcsa verifying (algorand#4368)"
e0cac7c 
This reverts commit 19fa6c2.
jannotti added a commit that referenced this pull request Jan 9, 2023
@jannotti
Revert "AVM: Catch any panic in edcsa verifying (#4368)" (#4985)
272ad3f 
This reverts commit 19fa6c2.
winder pushed a commit to winder/go-algorand that referenced this pull request Jan 18, 2023
@jannotti @winder
AVM: Catch any panic in edcsa verifying (algorand#4368)
2b3cc19
winder pushed a commit to winder/go-algorand that referenced this pull request Jan 18, 2023
@jannotti @winder
Revert "AVM: Catch any panic in edcsa verifying (algorand#4368)" (alg…
f549347 
…orand#4985)

This reverts commit 19fa6c2.
This was referenced Jan 23, 2023
Merged
Merged
This was referenced Jan 30, 2023
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cce cce cce approved these changes

@algorandskiy algorandskiy algorandskiy approved these changes

+1 more reviewer

@michaeldiamant michaeldiamant michaeldiamant left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

Bug-Fix

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jannotti @michaeldiamant @cce @algorandskiy