On Wed, Mar 18, 2020 at 08:27:32PM -0600, Jason A. Donenfeld wrote: > Prior, passing in chunks of 2, 3, or 4, followed by any additional > chunks would result in the chacha state counter getting out of sync, > resulting in incorrect encryption/decryption, which is a pretty nasty > crypto vuln: "why do images look weird on webpages?" WireGuard users > never experienced this prior, because we have always, out of tree, used > a different crypto library, until the recent Frankenzinc addition. This > commit fixes the issue by advancing the pointers and state counter by > the actual size processed. It also fixes up a bug in the (optional, > costly) stride test that prevented it from running on arm64. > > Fixes: b3aad5bad26a ("crypto: arm64/chacha - expose arm64 ChaCha routine as library function") > Reported-and-tested-by: Emil Renner Berthing <kernel@xxxxxxxx> > Cc: Ard Biesheuvel <ardb@xxxxxxxxxx> > Cc: stable@xxxxxxxxxxxxxxx # v5.5+ > Signed-off-by: Jason A. Donenfeld <Jason@xxxxxxxxx> > --- > arch/arm64/crypto/chacha-neon-glue.c | 8 ++++---- > lib/crypto/chacha20poly1305-selftest.c | 11 ++++++++--- > 2 files changed, 12 insertions(+), 7 deletions(-) Patch applied. Thanks. -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt