Fix regressions introduced in #1388#1421
Merged
newpavlov merged 3 commits intoRustCrypto:masterfrom Jan 4, 2024
lmaotrigine:patch-1
Merged
Fix regressions introduced in #1388#1421newpavlov merged 3 commits intoRustCrypto:masterfrom lmaotrigine:patch-1
newpavlov merged 3 commits intoRustCrypto:masterfrom
lmaotrigine:patch-1
Conversation
When `StreamCipherCoreWrapper` is instantiated via `KeyIvInit::new` or `KeyInit::new`, the lowest bit of the buffer remains zero. This makes the initial call to `StreamCipherCoreWrapper::get_pos` result in undefined behaviour in release builds. Additionally, the wrong length is used to index into the buffer when XORing with the tail end of the stream after blocks are processed. I am performing this commit on a mobile device using the web interface, so I might have missed things. These two issues immediately jumped at me while casually browsing the code. I see no open issue regarding this and no other PRs attempting to fix this, so I'm just doing this hasty fix. If there is a more fundamental issue at play here that I am not seeing, feel free to suggest/open a fix that supersedes this. Also, if I'm way off base here, I apologise and you may close this PR, because I'm making this change solely after a glance through the source without performing any testing.
Please squash these when merging thanks.
tarcieri
approved these changes
Dec 30, 2023
Member
|
Thank you! In future we probably should add proper testing of the wrappers to the |
Merged
tarcieri
added a commit
that referenced
this pull request
Feb 4, 2026
### Added - Traits for tweakable block ciphers (#1721) - Methods for writing keystream (#1907) ### Changed - Replaced `generic-array` with `hybrid-array` (#1358) - Rename `BlockCipher*`/`BlockMode*` (#1482) - `BlockEncrypt` => `BlockCipherEncrypt` - `BlockDecrypt` => `BlockCipherDecrypt` - `BlockEncryptMut` => `BlockModeEncrypt` - `BlockDecryptMut` => `BlockModeDecrypt` - Split `BlockBackend` traits into 4 specific traits: (#1636) - `BlockCipherEncBackend` - `BlockCipherDecBackend` - `BlockModeEncBackend` - `BlockModeDecBackend` - Edition changed to 2024 and MSRV bumped to 1.85 (#1759) - Use `block_buffer::ReadBuffer` in `StreamCipherCoreWrapper` (#1959) - Re-export of `crypto-common` moved to `cipher::common` (#2237, #2260) - `crypto-common` dependency bumped to v0.2 (#2276) - `blobby` requirement bumped to v0.4 (#2147) - `inout` dependency bumped to v0.2.2 (#2149) ### Fixed - Bugs in `StreamCipherCoreWrapper` trait implementations (#1421) - Seeking implementation in the stream cipher wrapper (#2052) ### Removed - `std` feature (#1691) - `BlockCipherEncrypt::encrypt_padded*` and `BlockCipherDecrypt::decrypt_padded*` methods. Users of the ECB mode should use the `ecb-mode` crate instead. (#2245) - `AsyncStreamCipher` trait (#2280)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
When
StreamCipherCoreWrapperis instantiated viaKeyIvInit::neworKeyInit::new, the first byte of the buffer remains zero. This makes the initial call toStreamCipherCoreWrapper::get_posresult in undefined behaviour in release builds.Additionally, the wrong length is used to index into the buffer when XORing with the tail end of the stream after blocks are processed.
I am performing this commit on a mobile device using the web interface, so I might have missed things. These two issues immediately jumped at me while casually browsing the code.
I see no open issue regarding this and no other PRs attempting to fix this, so I'm just doing this hasty fix. If there is a more fundamental issue at play here that I am not seeing, feel free to suggest/open a fix that supersedes this.
Also, if I'm way off base here, I apologise and you may close this PR, because I'm making this change solely after a glance through the source without performing any testing.
Since this change hasn't rolled out publicly and isn't in use by any crates in RustCrypto/stream-ciphers, I am thinking this doesn't constitute a security vulnerability and directly submitting a patch is OK.
Cheers.