forked from luck/tmp_suning_uos_patched
c8cfcb78c6
Prior, passing in chunks of 2, 3, or 4, followed by any additional
chunks would result in the chacha state counter getting out of sync,
resulting in incorrect encryption/decryption, which is a pretty nasty
crypto vuln: "why do images look weird on webpages?" WireGuard users
never experienced this prior, because we have always, out of tree, used
a different crypto library, until the recent Frankenzinc addition. This
commit fixes the issue by advancing the pointers and state counter by
the actual size processed. It also fixes up a bug in the (optional,
costly) stride test that prevented it from running on arm64.
Fixes:
|
||
---|---|---|
.. | ||
aes.c | ||
arc4.c | ||
blake2s-generic.c | ||
blake2s-selftest.c | ||
blake2s.c | ||
chacha.c | ||
chacha20poly1305-selftest.c | ||
chacha20poly1305.c | ||
curve25519-fiat32.c | ||
curve25519-generic.c | ||
curve25519-hacl64.c | ||
curve25519-selftest.c | ||
curve25519.c | ||
des.c | ||
Kconfig | ||
libchacha.c | ||
Makefile | ||
poly1305-donna32.c | ||
poly1305-donna64.c | ||
poly1305.c | ||
sha256.c |