mirror of
https://github.com/torvalds/linux.git
synced 2025-11-04 10:40:15 +02:00
c8cfcb78c6
Prior, passing in chunks of 2, 3, or 4, followed by any additional
chunks would result in the chacha state counter getting out of sync,
resulting in incorrect encryption/decryption, which is a pretty nasty
crypto vuln: "why do images look weird on webpages?" WireGuard users
never experienced this prior, because we have always, out of tree, used
a different crypto library, until the recent Frankenzinc addition. This
commit fixes the issue by advancing the pointers and state counter by
the actual size processed. It also fixes up a bug in the (optional,
costly) stride test that prevented it from running on arm64.
Fixes:
|
||
|---|---|---|
| .. | ||
| aes.c | ||
| arc4.c | ||
| blake2s-generic.c | ||
| blake2s-selftest.c | ||
| blake2s.c | ||
| chacha.c | ||
| chacha20poly1305-selftest.c | ||
| chacha20poly1305.c | ||
| curve25519-fiat32.c | ||
| curve25519-generic.c | ||
| curve25519-hacl64.c | ||
| curve25519-selftest.c | ||
| curve25519.c | ||
| des.c | ||
| Kconfig | ||
| libchacha.c | ||
| Makefile | ||
| poly1305-donna32.c | ||
| poly1305-donna64.c | ||
| poly1305.c | ||
| sha256.c | ||