Hide Forgot
Created attachment 1913587 [details] Reproducer program Description of problem: libgcrypt does not correctly compute SHA-3 hashes of buffers that are larger than 4 GiB. Computation is correct when performed incrementally. Version-Release number of selected component (if applicable): 1.10.0-5.el9_9 How reproducible: Run the attached reproducer with --bytes $(( 0xffffffff )) sha3-256 and --bytes $(( 0x100000000 )) sha3-256. Steps to Reproduce: 1. gcc -o libgcrypt-ldt-hash -std=c99 -Wall -Werror -pedantic -D_XOPEN_SOURCE=600 $(pkg-config --cflags libgcrypt) libgcrypt-ldt-hash.c $(pkg-config --libs libgcrypt) $(pkg-config --libs gpg-error) 2. ./libgcrypt-ldt-hash --bytes $(( 0xffffffff )) --verbose sha3-256 (passes) 3. ./libgcrypt-ldt-hash --bytes $(( 0x100000000 )) --verbose sha3-256 (fails due to hash mismatch) Actual results: Running test with 4294967296 (0x100000000) bytes libgcrypt-ldt-hash: 4294967296 B (0x100000000 B) (oneshot ) SHA3-256 472e199b66c2ae3002909d1f33c05583525cabeb121c4eb14191c28b2c280aaf libgcrypt-ldt-hash: 4294967296 B (0x100000000 B) (incremental ) SHA3-256 be86a518eebe157b2da0d300be9a867880e1d1fe7493e416ee1d301b4284253b Expected results: Running test with 4294967296 (0x100000000) bytes libgcrypt-ldt-hash: 4294967296 B (0x100000000 B) (oneshot ) SHA3-256 be86a518eebe157b2da0d300be9a867880e1d1fe7493e416ee1d301b4284253b libgcrypt-ldt-hash: 4294967296 B (0x100000000 B) (incremental ) SHA3-256 be86a518eebe157b2da0d300be9a867880e1d1fe7493e416ee1d301b4284253b Additional info: This causes failues in the large data ACVP tests.
The sha3 issue should be solved with the following change: https://gitlab.com/redhat-crypto/libgcrypt/libgcrypt-mirror/-/merge_requests/6 I will work on the regression tests and I believe we should be able to include this change in the next build for FIPS too.
Filled upstream https://dev.gnupg.org/T6217