diff options
author | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2019-05-07 14:49:05 +0300 |
---|---|---|
committer | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2019-05-13 19:00:00 +0300 |
commit | c1441665abe761536b3ed67d36b12f2198be6b12 (patch) | |
tree | 11af326b80d8f0356b28dbb4fe9dd756729fa8b4 | |
parent | 9620d12f28db2aeb252512922ab319555608b82a (diff) | |
download | gnutls-c1441665abe761536b3ed67d36b12f2198be6b12.tar.gz |
lib/nettle: fix carry flag in Streebog code
Fix carry flag being calculated incorrectly in Streebog code.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
-rw-r--r-- | NEWS | 3 | ||||
-rw-r--r-- | lib/crypto-selftests.c | 16 | ||||
-rw-r--r-- | lib/nettle/gost/streebog.c | 12 |
3 files changed, 26 insertions, 5 deletions
@@ -14,6 +14,9 @@ See the end for copying conditions. ** libgnutls: the gnutls_srp_set_server_credentials_function can be used with the 8192 parameters as well (#995). +** libgnutls: Fix calculation of Streebog digests (incorrect carry operation in + 512 bit addition) + ** API and ABI modifications: gnutls_prf_early: Added diff --git a/lib/crypto-selftests.c b/lib/crypto-selftests.c index 66f6db620d..02e92849e9 100644 --- a/lib/crypto-selftests.c +++ b/lib/crypto-selftests.c @@ -1310,6 +1310,22 @@ const struct hash_vectors_st streebog_512_vectors[] = { "\x03\x5f\xe8\x35\x49\xad\xa2\xb8\x62\x0f\xcd\x7c\x49\x6c\xe5\xb3" "\x3f\x0c\xb9\xdd\xdc\x2b\x64\x60\x14\x3b\x03\xda\xba\xc9\xfb\x28"), }, + { + STR(plaintext, plaintext_size, + "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" + "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" + "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" + "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" + "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" + "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" + "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" + "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"), + STR(output, output_size, + "\x90\xa1\x61\xd1\x2a\xd3\x09\x49\x8d\x3f\xe5\xd4\x82\x02\xd8\xa4" + "\xe9\xc4\x06\xd6\xa2\x64\xae\xab\x25\x8a\xc5\xec\xc3\x7a\x79\x62" + "\xaa\xf9\x58\x7a\x5a\xbb\x09\xb6\xbb\x81\xec\x4b\x37\x52\xa3\xff" + "\x5a\x83\x8e\xf1\x75\xbe\x57\x72\x05\x6b\xc5\xfe\x54\xfc\xfc\x7e"), + }, }; /* GOST R 34.11-2012 */ diff --git a/lib/nettle/gost/streebog.c b/lib/nettle/gost/streebog.c index 12c5c08362..4d7c131da2 100644 --- a/lib/nettle/gost/streebog.c +++ b/lib/nettle/gost/streebog.c @@ -1200,7 +1200,7 @@ static void streebog512_compress (struct streebog512_ctx *ctx, const uint8_t *input, size_t count) { uint64_t M[8]; - uint64_t l; + uint64_t l, cf; int i; for (i = 0; i < 8; i++, input += 8) @@ -1219,12 +1219,14 @@ streebog512_compress (struct streebog512_ctx *ctx, const uint8_t *input, size_t } } + cf = 0; ctx->sigma[0] += M[0]; for (i = 1; i < 8; i++) - if (ctx->sigma[i-1] < M[i-1]) - ctx->sigma[i] += M[i] + 1; - else - ctx->sigma[i] += M[i]; + { + if (ctx->sigma[i-1] != M[i-1]) + cf = (ctx->sigma[i-1] < M[i-1]); + ctx->sigma[i] += M[i] + cf; + } } static void |