Backporting Stribog fix to 1.8.x
Werner Koch
wk at gnupg.org
Mon May 27 08:51:11 CEST 2019
On Sat, 25 May 2019 15:57, jussi.kivilinna at iki.fi said:
> Yes, it would be ok to backport the fix. I'm a bit concerned about
> potential breakage for users but that is going to happen with 1.9
> anyway and if needed we can add bug-emu flag for Stribog to support
> the broken algorithm variant.
Well, we already did this for Whirlpool and it even states that this
very flag may be reused for other algorithms:
@item GCRY_MD_FLAG_BUGEMU1
@cindex bug emulation
Versions of Libgcrypt before 1.6.0 had a bug in the Whirlpool code
which led to a wrong result for certain input sizes and write
[...]
Note that this flag works for the entire hash context. If needed
arises it may be used to enable bug emulation for other hash
algorithms. Thus you should not use this flag for a multi-algorithm
hash context.
I would propose to do this now for Stribog.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20190527/604cbab0/attachment-0001.sig>
More information about the Gcrypt-devel
mailing list