Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix an overflow in Streebog causing panic or incorrect output #91

Merged
merged 1 commit into from
Nov 6, 2019

Conversation

jack-fortanix
Copy link
Contributor

There is a bug in the update_sigma function of Streebog.

For example for the input consisting of 96 bytes of 255 (0xFF), current crate either panics:

$ ./target/debug/examples/streebog256sum ffs
thread 'main' panicked at 'attempt to add with overflow', streebog/src/streebog.rs:68:23
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace.

Or produces an incorrect output:

$ ./target/release/examples/streebog256sum ffs
b9260dbf1e41a461b964a31035f60ebbe508c4946f443ba8974922f1f55e1e3f        ffs

Compare output with OpenSSL using the GOST engine:

$ openssl dgst -md_gost12_256 ffs
md_gost12_256(ffs)= cec87784e5b15bb20e1717ff8e940c9ef9a156401f31546f48a4314ad9f34606

Due to poor specification and missing KATs a number of other impls have run into similar issues
gpg/libgcrypt@da6cd4f

@newpavlov
Copy link
Member

Thank you! I will add a test vector for this bug and will publish a release ASAP. Later I will also add an appropriate advisory to the RustSec DB.

There is also an opportunity to improve performance a bit by using addition over 32-bit number in the update_sigma function (for my laptop it gives 89 vs 81 MB/s).

@newpavlov newpavlov merged commit 9695573 into RustCrypto:master Nov 6, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants