Fix: gost-crypto hash incorrect if input data contains long 0xFF sequence #2391
Conversation
…ence, refs #73127
|
Problem was within overflow detection: if result is less than any of two arguments, than there was overflow. But in fact there are three arguments, so with the right data overflow would not be detected: 0x00000001 + 0xFFFFFFFF+0xFFFFFFFF = 0xFFFFFFFF. My fix changes operations to 16-bits, so there are no undetectable overflows possible. |
|
Could you please add a test for this change? Also, the implementation looks unnecessarily complicated. For example, this is how the same code in rhash looks like: https://github.com/rhash/RHash/blob/master/librhash/gost.c#L326 |
…ence, refs #73127 Cleaner approach (thanks to rhash)
…uence, refs #73127
|
I have modified overflow detection code and added test. Feel free to move test to more appropriate place if necessary. |
…uence, refs #73127 Moved to hash module
|
@nikic can you take care of this one please ? |
|
Since all versions of PHP are affected by this bug: https://3v4l.org/0IECu, it would be very convenient if this fix would be applied to all supported PHP versions. |
|
Sorry for the delay, now merged into 7.0+ via eac8166. Thanks! |
https://bugs.php.net/bug.php?id=73127
Problem was lying in calculations of Sum-block.