summaryrefslogtreecommitdiffstats
path: root/kernel/bpf
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2020-03-18 20:27:32 -0600
committerHerbert Xu <herbert@gondor.apana.org.au>2020-03-20 14:35:27 +1100
commitc8cfcb78c65877313cda7bcbace624d3dbd1f3b3 (patch)
treea8a322ebcd9ebc7475c33426d898c649a4bb1e8d /kernel/bpf
parent1579f1bc3b753d17a44de3457d5c6f4a5b14c752 (diff)
downloadlinux-c8cfcb78c65877313cda7bcbace624d3dbd1f3b3.tar.gz
linux-c8cfcb78c65877313cda7bcbace624d3dbd1f3b3.tar.bz2
linux-c8cfcb78c65877313cda7bcbace624d3dbd1f3b3.zip
crypto: arm64/chacha - correctly walk through blocks
Prior, passing in chunks of 2, 3, or 4, followed by any additional chunks would result in the chacha state counter getting out of sync, resulting in incorrect encryption/decryption, which is a pretty nasty crypto vuln: "why do images look weird on webpages?" WireGuard users never experienced this prior, because we have always, out of tree, used a different crypto library, until the recent Frankenzinc addition. This commit fixes the issue by advancing the pointers and state counter by the actual size processed. It also fixes up a bug in the (optional, costly) stride test that prevented it from running on arm64. Fixes: b3aad5bad26a ("crypto: arm64/chacha - expose arm64 ChaCha routine as library function") Reported-and-tested-by: Emil Renner Berthing <kernel@esmil.dk> Cc: Ard Biesheuvel <ardb@kernel.org> Cc: stable@vger.kernel.org # v5.5+ Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Reviewed-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'kernel/bpf')
0 files changed, 0 insertions, 0 deletions