[Bug 3475] clang-15 amd64 ED25519 signature verification nondeterministic spurious failure

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Mon Sep 26 01:53:58 AEST 2022


Daniel Pouzzner <douzzer at mega.nu> changed:

           What    |Removed                     |Added
           Severity|critical                    |minor
            Summary|ED25519 signature           |clang-15 amd64 ED25519
                   |verification                |signature verification
                   |nondeterministic spurious   |nondeterministic spurious
                   |failure                     |failure

--- Comment #1 from Daniel Pouzzner <douzzer at mega.nu> ---
This glitch turns out to have been caused by building with the
llvm-15.0.1+clang-15.0.1 toolchain (by accident/Gentoo portage/package
bug).  It's highly repeatable, and is either a bug in the
compiler/toolchain, or a bug somewhere in openssh around the handling
of ED25519 signature blobs and whatnot.

The ssh and sshd built under clang-15 cause the "incorrect signature"
failure for ED25519 on incoming connections to ED25519-hostkeyed sshd,
and outgoing connections to e.g. github.com, which use ED25519

Building under gcc-11.3.1 resolves all ED25519 problems, inbound and

You are receiving this mail because:
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list