Fix an overflow in Streebog causing panic or incorrect output

[jack-fortanix]

There is a bug in the update_sigma function of Streebog.

For example for the input consisting of 96 bytes of 255 (0xFF), current crate either panics:

$ ./target/debug/examples/streebog256sum ffs
thread 'main' panicked at 'attempt to add with overflow', streebog/src/streebog.rs:68:23
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace.

Or produces an incorrect output:

$ ./target/release/examples/streebog256sum ffs
b9260dbf1e41a461b964a31035f60ebbe508c4946f443ba8974922f1f55e1e3f        ffs

Compare output with OpenSSL using the GOST engine:

$ openssl dgst -md_gost12_256 ffs
md_gost12_256(ffs)= cec87784e5b15bb20e1717ff8e940c9ef9a156401f31546f48a4314ad9f34606

Due to poor specification and missing KATs a number of other impls have run into similar issues
gpg/libgcrypt@da6cd4f

[newpavlov]

Thank you! I will add a test vector for this bug and will publish a release ASAP. Later I will also add an appropriate advisory to the RustSec DB.

There is also an opportunity to improve performance a bit by using addition over 32-bit number in the update_sigma function (for my laptop it gives 89 vs 81 MB/s).