[09/11] crypto: arm64/chacha - correctly walk through blocks
Origin: https://git.zx2c4.com/wireguard-linux/commit?id=
8f4307aaff04bd71c810295e63bd917753b49fc4
Bug-Debian: https://bugs.debian.org/953569
Prior, passing in chunks of 2, 3, or 4, followed by any additional
chunks would result in the chacha state counter getting out of sync,
resulting in incorrect encryption/decryption, which is a pretty nasty
crypto vuln: "why do images look weird on webpages?" WireGuard users
never experienced this prior, because we have always, out of tree, used
a different crypto library, until the recent Frankenzinc addition. This
commit fixes the issue by advancing the pointers and state counter by
the actual size processed. It also fixes up a bug in the (optional,
costly) stride test that prevented it from running on arm64.
Fixes: b3aad5bad26a ("crypto: arm64/chacha - expose arm64 ChaCha routine as library function")
Reported-and-tested-by: Emil Renner Berthing <kernel@esmil.dk>
Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: stable@vger.kernel.org # v5.5+
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reviewed-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
[bwh: commit
c8cfcb78c65877313cda7bcbace624d3dbd1f3b3 upstream]
Gbp-Pq: Topic features/all/wireguard
Gbp-Pq: Name 0009-crypto-arm64-chacha-correctly-walk-through-blocks.patch
projects / linux.git / commit