Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix panic on arithmetic overflow #193

Merged
merged 4 commits into from
Nov 3, 2020
Merged

Fix panic on arithmetic overflow #193

merged 4 commits into from
Nov 3, 2020

Conversation

divergentdave
Copy link
Contributor

I found a crash in the GOST hash function through fuzzing. The test added here was panicking with attempt to add with overflow, because there was one place a carry bit was being added with + instead of overflowing_add.

@tarcieri tarcieri requested a review from newpavlov November 2, 2020 16:22
@tarcieri
Copy link
Member

tarcieri commented Nov 2, 2020

Looks good to me

newpavlov
newpavlov approved these changes Nov 3, 2020
View reviewed changes
Copy link
Member

@newpavlov newpavlov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you! I have modified your PR a bit to use const-time arithmetic. Ideally it should use word-sized integers instead of u64s, but the current version should be good enough.

@newpavlov newpavlov merged commit 07cc0d4 into RustCrypto:master Nov 3, 2020
@divergentdave divergentdave deleted the gost94-overflow branch December 8, 2021 06:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@newpavlov newpavlov newpavlov approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@divergentdave @tarcieri @newpavlov