Mailing List Archive

Backporting Stribog fix to 1.8.x
Hello,

Since Stribog fix corrects calculations of hashes, would it be
possible to push this fix to 1.8 branch and create a bugfix release?
The patch da6cd4fea30f79cf9d8f9b2f1c6daf3aea39fa9c applies to 1.8/1.7
without any issues.

--
With best wishes
Dmitry

_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
Re: Backporting Stribog fix to 1.8.x [ In reply to ]
On Thu, 23 May 2019 18:20, dbaryshkov@gmail.com said:

> Since Stribog fix corrects calculations of hashes, would it be
> possible to push this fix to 1.8 branch and create a bugfix release?
> The patch da6cd4fea30f79cf9d8f9b2f1c6daf3aea39fa9c applies to 1.8/1.7

Do you know applications which use that Stribog version in Libgcrypt
and which would have a regression if this is fixed?


Shalom-Salam,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
Re: Backporting Stribog fix to 1.8.x [ In reply to ]
??, 23 ??? 2019 ?. ? 19:45, Werner Koch <wk@gnupg.org>:
>
> On Thu, 23 May 2019 18:20, dbaryshkov@gmail.com said:
>
> > Since Stribog fix corrects calculations of hashes, would it be
> > possible to push this fix to 1.8 branch and create a bugfix release?
> > The patch da6cd4fea30f79cf9d8f9b2f1c6daf3aea39fa9c applies to 1.8/1.7
>
> Do you know applications which use that Stribog version in Libgcrypt
> and which would have a regression if this is fixed?

Not the public ones. AltLinux developers are working on GnuPG fork
which supports GOST S/MIME and GOST OpenPGP support. Other
developers are supporting Kleopatra patches for GOST support.

--
With best wishes
Dmitry

_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
Re: Backporting Stribog fix to 1.8.x [ In reply to ]
On Thu, 23 May 2019 21:12, dbaryshkov@gmail.com said:

> Not the public ones. AltLinux developers are working on GnuPG fork
> which supports GOST S/MIME and GOST OpenPGP support. Other
> developers are supporting Kleopatra patches for GOST support.

Does that mean they would anyway patch Libgcrypt?

Jussi: Do you think it is okay to backport tghe fix?


Salam-Shalom,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
Re: Backporting Stribog fix to 1.8.x [ In reply to ]
On 24.5.2019 16.09, Werner Koch wrote:
> On Thu, 23 May 2019 21:12, dbaryshkov@gmail.com said:
>
>> Not the public ones. AltLinux developers are working on GnuPG fork
>> which supports GOST S/MIME and GOST OpenPGP support. Other
>> developers are supporting Kleopatra patches for GOST support.
>
> Does that mean they would anyway patch Libgcrypt?
>
> Jussi: Do you think it is okay to backport tghe fix?

Yes, it would be ok to backport the fix. I'm a bit concerned about
potential breakage for users but that is going to happen with 1.9
anyway and if needed we can add bug-emu flag for Stribog to support
the broken algorithm variant.

-Jussi

_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
Re: Backporting Stribog fix to 1.8.x [ In reply to ]
On Sat, 25 May 2019 15:57, jussi.kivilinna@iki.fi said:

> Yes, it would be ok to backport the fix. I'm a bit concerned about
> potential breakage for users but that is going to happen with 1.9
> anyway and if needed we can add bug-emu flag for Stribog to support
> the broken algorithm variant.

Well, we already did this for Whirlpool and it even states that this
very flag may be reused for other algorithms:

@item GCRY_MD_FLAG_BUGEMU1
@cindex bug emulation
Versions of Libgcrypt before 1.6.0 had a bug in the Whirlpool code
which led to a wrong result for certain input sizes and write
[...]
Note that this flag works for the entire hash context. If needed
arises it may be used to enable bug emulation for other hash
algorithms. Thus you should not use this flag for a multi-algorithm
hash context.

I would propose to do this now for Stribog.


Shalom-Salam,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.