torvalds/linux
torvalds/linux
2
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-09-04 20:19:47 +08:00
Code
4b45a0cd39
linux/lib/crypto
History
Jason A. Donenfeld c8cfcb78c6 crypto: arm64/chacha - correctly walk through blocks 
Prior, passing in chunks of 2, 3, or 4, followed by any additional
chunks would result in the chacha state counter getting out of sync,
resulting in incorrect encryption/decryption, which is a pretty nasty
crypto vuln: "why do images look weird on webpages?" WireGuard users
never experienced this prior, because we have always, out of tree, used
a different crypto library, until the recent Frankenzinc addition. This
commit fixes the issue by advancing the pointers and state counter by
the actual size processed. It also fixes up a bug in the (optional,
costly) stride test that prevented it from running on arm64.

Fixes: b3aad5bad2 ("crypto: arm64/chacha - expose arm64 ChaCha routine as library function")
Reported-and-tested-by: Emil Renner Berthing <kernel@esmil.dk>
Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: stable@vger.kernel.org # v5.5+
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reviewed-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-03-20 14:35:27 +11:00
..
aes.c crypto: aes - helper function to validate key length for AES algorithms 2019-08-09 15:11:43 +10:00
arc4.c
blake2s-generic.c crypto: blake2s - generic C library implementation and selftest 2019-11-17 09:02:42 +08:00
blake2s-selftest.c crypto: blake2s - generic C library implementation and selftest 2019-11-17 09:02:42 +08:00
blake2s.c crypto: blake2s - generic C library implementation and selftest 2019-11-17 09:02:42 +08:00
chacha20poly1305-selftest.c crypto: arm64/chacha - correctly walk through blocks 2020-03-20 14:35:27 +11:00
chacha20poly1305.c crypto: chacha20poly1305 - prevent integer overflow on large input 2020-02-14 14:48:37 +08:00
chacha.c crypto: chacha - move existing library code into lib/crypto 2019-11-17 09:02:39 +08:00
curve25519-fiat32.c crypto: lib/curve25519 - work around Clang stack spilling issue 2019-11-17 09:02:43 +08:00
curve25519-generic.c crypto: curve25519 - Fix selftest build error 2020-01-16 15:18:13 +08:00
curve25519-hacl64.c crypto: curve25519 - generic C library implementations 2019-11-17 09:02:43 +08:00
curve25519-selftest.c crypto: lib/curve25519 - re-add selftests 2019-12-27 18:18:03 +08:00
curve25519.c crypto: curve25519 - Fix selftest build error 2020-01-16 15:18:13 +08:00
des.c crypto: des - split off DES library from generic DES cipher driver 2019-08-22 14:57:33 +10:00
Kconfig crypto: x86/poly1305 - wire up faster implementations for kernel 2020-01-16 15:18:12 +08:00
libchacha.c crypto: chacha - move existing library code into lib/crypto 2019-11-17 09:02:39 +08:00
Makefile crypto: curve25519 - Fix selftest build error 2020-01-16 15:18:13 +08:00
poly1305-donna32.c crypto: poly1305 - add new 32 and 64-bit generic versions 2020-01-16 15:18:12 +08:00
poly1305-donna64.c crypto: poly1305 - add new 32 and 64-bit generic versions 2020-01-16 15:18:12 +08:00
poly1305.c crypto: poly1305 - add new 32 and 64-bit generic versions 2020-01-16 15:18:12 +08:00
sha256.c crypto: sha256 - Remove sha256/224_init code duplication 2019-09-05 14:54:54 +10:00