Two methods expose uninitialized buffer to user-provided fns

Hello,
we (Rust group @sslab-gatech) found a memory-safety/soundness issue in this crate while scanning Rust code on crates.io for potential vulnerabilities.

Issue Description

rust-sha/src/utils.rs

Lines 19 to 24 in 03bfd55

    
           fn to_bytes_len(&mut self, len: usize) -> Vec<u8> { 
        
               let mut bytes: Vec<u8> = Vec::with_capacity(len); 
        
               unsafe { bytes.set_len(len); }; 
        
               self.read(&mut bytes[..]).unwrap(); 
        
               bytes 
        
           }

rust-sha/src/utils.rs

Lines 100 to 111 in 03bfd55

    
           self.buf.clear(); 
        
           unsafe { self.buf.set_len(self.block_len); }; 
        
           let mut len = try!(self.inner.read(&mut self.buf[..])); 
        
           self.len += len; 
        
           if len < self.block_len { 
        
               unsafe { self.buf.set_len(len); }; 
        
               let reader: P = (self.padder)(self.len); 
        
               len += try!(reader.read_pad(&mut self.buf)); 
        
               //assert_eq!(self.buf.len(), self.block_len); 
        
               self.finished = true; 
        
           }

utils::Digest::to_bytes_len() method & utils::PadBlocks::<I, P, F>::fill_buf() create an uninitialized buffer and passes it to user-provided Read implementation or user-provided reader.read_pad(). This is unsound, because it allows safe Rust code to exhibit an undefined behavior (read from uninitialized memory).

In case a user-provided Read reads from the given buffer, uninitialized buffer can make safe Rust code to cause memory safety errors by miscompilation. Uninitialized values are lowered to LLVM as llvm::UndefValue which may take different random values for each read. Propagation of UndefValue can quickly cause safe Rust code to exhibit undefined behavior.

This part from the Read trait documentation explains the issue:

It is your responsibility to make sure that buf is initialized before calling read. Calling read with an uninitialized buf (of the kind one obtains via MaybeUninit<T>) is not safe, and can lead to undefined behavior.

How to fix the issue?

The Naive & safe way to fix the issue is to always zero-initialize a buffer before lending it to a user-provided Read implementation. Note that this approach will add runtime performance overhead of zero-initializing the buffer.

As of Feb 2021, there is not yet an ideal fix that works with no performance overhead. Below are links to relevant discussions & suggestions for the fix.

	fn to_bytes_len(&mut self, len: usize) -> Vec<u8> {
	let mut bytes: Vec<u8> = Vec::with_capacity(len);
	unsafe { bytes.set_len(len); };
	self.read(&mut bytes[..]).unwrap();
	bytes
	}

	self.buf.clear();
	unsafe { self.buf.set_len(self.block_len); };
	let mut len = try!(self.inner.read(&mut self.buf[..]));
	self.len += len;

	if len < self.block_len {
	unsafe { self.buf.set_len(len); };
	let reader: P = (self.padder)(self.len);
	len += try!(reader.read_pad(&mut self.buf));
	//assert_eq!(self.buf.len(), self.block_len);
	self.finished = true;
	}