GOST-R-34.11-94 output difference between LibreSSL and libgcrypt

Jussi Kivilinna jussi.kivilinna at iki.fi
Sat May 18 05:46:01 CEST 2019


Hello,

On 17.5.2019 19.00, Guido Vranken wrote:
> OSS-Fuzz recently found a new bug. Cryptofuzz always abort()s at the same place if it detects mismatching results, and this confuses OSS-Fuzz, thinking that multiple distinct bugs are the same bug. This is why nobody got an e-mail about it.
> 
> But about the bug:
> 
> https://oss-fuzz.com/testcase-detail/5651343798173696
> 
> 
>     Operation:
>     operation name: Digest
>     digest: GOST-R-34.11-94
>     cleartext: {}
>    
>     Module OpenSSL result:
>    
>     {0x98, 0x1e, 0x5f, 0x3c, 0xa3, 0x0c, 0x84, 0x14, 0x87, 0x83, 0x0f, 0x84, 0xfb, 0x43, 0x3e, 0x13,
>      0xac, 0x11, 0x01, 0x56, 0x9b, 0x9c, 0x13, 0x58, 0x4a, 0xc4, 0x83, 0x23, 0x4c, 0xd6, 0x56, 0xc0} (32 bytes)
>    
>     Module libgcrypt result:
>    
>     {0xce, 0x85, 0xb9, 0x9c, 0xc4, 0x67, 0x52, 0xff, 0xfe, 0xe3, 0x5c, 0xab, 0x9a, 0x7b, 0x02, 0x78,
>      0xab, 0xb4, 0xc2, 0xd2, 0x05, 0x5c, 0xff, 0x68, 0x5a, 0xf4, 0x91, 0x2c, 0x49, 0x49, 0x0f, 0x8d} (32 bytes)
> 
> 
> In LibreSSL I use EVP_gostr341194(), and in libgcrypt I use GCRY_MD_GOSTR3411_94.
> 

Libgcrypt digest GCRY_MD_GOSTR3411_CP gives same output as EVP_gostr341194(). Output from gchash:

 $ tests/gchash GOSTR3411_CP /dev/null
 981e5f3ca30c841487830f84fb433e13ac1101569b9c13584ac483234cd656c0  /dev/null

CP in the digest name means CryptoPro parameters and appears those parameters are used by EVP_gostr341194(). 

-Jussi



More information about the Gcrypt-devel mailing list