mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2025-01-22 13:54:57 +08:00
c8cfcb78c6
Prior, passing in chunks of 2, 3, or 4, followed by any additional
chunks would result in the chacha state counter getting out of sync,
resulting in incorrect encryption/decryption, which is a pretty nasty
crypto vuln: "why do images look weird on webpages?" WireGuard users
never experienced this prior, because we have always, out of tree, used
a different crypto library, until the recent Frankenzinc addition. This
commit fixes the issue by advancing the pointers and state counter by
the actual size processed. It also fixes up a bug in the (optional,
costly) stride test that prevented it from running on arm64.
Fixes:
|
||
---|---|---|
.. | ||
aes.c | ||
arc4.c | ||
blake2s-generic.c | ||
blake2s-selftest.c | ||
blake2s.c | ||
chacha20poly1305-selftest.c | ||
chacha20poly1305.c | ||
chacha.c | ||
curve25519-fiat32.c | ||
curve25519-generic.c | ||
curve25519-hacl64.c | ||
curve25519-selftest.c | ||
curve25519.c | ||
des.c | ||
Kconfig | ||
libchacha.c | ||
Makefile | ||
poly1305-donna32.c | ||
poly1305-donna64.c | ||
poly1305.c | ||
sha256.c |