Dependency on abandoned rust-crypto crate causes undefined behavior in sha256 hash #10

riking · 2024-02-27T23:51:13Z

https://asan.saethlin.dev/ub?crate=rust-kpdb&version=0.5.0

test crypto::aes256::tests::test_decrypt_inverses_encrypt ... thread 'crypto::aes256::tests::test_decrypt_inverses_encrypt' panicked at 'attempted to leave type `u32` uninitialized, which is invalid', /root/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/panicking.rs:126:5
stack backtrace:
   0: rust_begin_unwind
             at /root/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/std/src/panicking.rs:617:5
   1: core::panicking::panic_nounwind_fmt
             at /root/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/panicking.rs:96:14
   2: core::panicking::panic_nounwind
             at /root/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/panicking.rs:126:5
   3: core::mem::uninitialized
             at /root/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/mem/mod.rs:692:9
   4: crypto::cryptoutil::read_u32v_be
             at /root/.cargo/registry/src/index.crates.io-6f17d22bba15001f/rust-crypto-0.2.36/src/cryptoutil.rs:132:32
   5: crypto::sha2::sha256_digest_block
             at /root/.cargo/registry/src/index.crates.io-6f17d22bba15001f/rust-crypto-0.2.36/src/sha2.rs:354:5
   6: crypto::sha2::Engine256State::process_block
             at /root/.cargo/registry/src/index.crates.io-6f17d22bba15001f/rust-crypto-0.2.36/src/sha2.rs:994:9
   7: crypto::sha2::Engine256::finish
             at /root/.cargo/registry/src/index.crates.io-6f17d22bba15001f/rust-crypto-0.2.36/src/sha2.rs:1082:9
   8: <crypto::sha2::Sha256 as crypto::digest::Digest>::result
             at /root/.cargo/registry/src/index.crates.io-6f17d22bba15001f/rust-crypto-0.2.36/src/sha2.rs:1112:9
   9: kpdb::crypto::sha256::hash
             at ./src/crypto/sha256.rs:20:5

https://github.com/rustsec/advisory-db/blob/main/crates/rust-crypto/RUSTSEC-2016-0005.md

The ring crate provides a good implementation of SHA256.

The text was updated successfully, but these errors were encountered:

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Dependency on abandoned rust-crypto crate causes undefined behavior in sha256 hash #10

Dependency on abandoned rust-crypto crate causes undefined behavior in sha256 hash #10

riking commented Feb 27, 2024

Dependency on abandoned rust-crypto crate causes undefined behavior in sha256 hash #10

Dependency on abandoned rust-crypto crate causes undefined behavior in sha256 hash #10

Comments

riking commented Feb 27, 2024