mirror of
https://github.com/torvalds/linux.git
synced 2026-06-08 22:52:35 +02:00
cdae15d806
Prior, passing in chunks of 2, 3, or 4, followed by any additional chunks would result in the chacha state counter getting out of sync, resulting in incorrect encryption/decryption, which is a pretty nasty crypto vuln: "why do images look weird on webpages?" WireGuard users never experienced this prior, because we have always, out of tree, used a different crypto library, until the recent Frankenzinc addition. This commit fixes the issue by advancing the pointers and state counter by the actual size processed. It also fixes up a bug in the (optional, costly) stride test that prevented it from running on arm64. Fixes: |
||
|---|---|---|
| .. | ||
| blake2s-generic.c | ||
| blake2s-selftest.c | ||
| blake2s.c | ||
| chacha.c | ||
| chacha20poly1305-selftest.c | ||
| chacha20poly1305.c | ||
| curve25519-fiat32.c | ||
| curve25519-generic.c | ||
| curve25519-hacl64.c | ||
| curve25519-selftest.c | ||
| curve25519.c | ||
| Kconfig | ||
| libchacha.c | ||
| Makefile | ||
| poly1305-donna32.c | ||
| poly1305-donna64.c | ||
| poly1305.c | ||