HashAlgo receives uninitialized memory from hash

[ammaraskar]

Hi there, we (Rust group @sslab-gatech) are scanning crates on crates.io for potential soundness bugs. We noticed that in Balloon::hash

rust-balloons/src/balloon.rs

Lines 101 to 111 in 6b0ce59

	// Create an uninitialized buffer
	let mut buffer = Vec::<H>::with_capacity(len);
	unsafe { buffer.set_len(len) };
	// Step 1. Expand input into buffer
	{
	let mut algo = A::create();
	algo.update_u64(0)?;
	algo.update(&passwd)?;
	algo.update(&salt)?;
	algo.finalize_into(&mut buffer[0])?;

An uninitialized buffer is used to make space for the final storage of the hash. This uninitialized buffer is passed straight to HashAlgo::finalize_into. We realize that HashAlgos should only write to the hash H, it is possible to implement a HashAlgo that reads and uses this uninitialized memory which invokes undefined behavior in Rust.

Some measures you might consider to fix this:

• Zero initialize the hash (might come with a performance hit)
• Pass MaybeUninit to finalize_into https://doc.rust-lang.org/std/mem/union.MaybeUninit.html#out-pointers
• Mark the finalize_into method as unsafe and document that the passed in hash should never be read.

[yangby-cryptape]

Thanks, but this repository will be archived, so I won't fix that.