Re: [PATCH v2] crypto: arm/chacha-neon - add missing counter increment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Dec 13, 2020 at 03:39:29PM +0100, Ard Biesheuvel wrote:
> Commit 86cd97ec4b943af3 ("crypto: arm/chacha-neon - optimize for non-block
> size multiples") refactored the chacha block handling in the glue code in
> a way that may result in the counter increment to be omitted when calling
> chacha_block_xor_neon() to process a full block. This violates the skcipher
> API, which requires that the output IV is suitable for handling more input
> as long as the preceding input has been presented in round multiples of the
> block size. Also, the same code is exposed via the chacha library interface
> whose callers may actually rely on this increment to occur even for final
> blocks that are smaller than the chacha block size.
> 
> So increment the counter after calling chacha_block_xor_neon().
> 
> Fixes: 86cd97ec4b943af3 ("crypto: arm/chacha-neon - optimize for non-block size multiples")
> Reported-by: Eric Biggers <ebiggers@xxxxxxxxxx>
> Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx>
> ---
> v2: - use ++ instead of += 1
>     - make note in the commit log of the fact that the library API needs the
>       increment to occur in all cases, not only for final blocks whose size
>       is exactly the block size
> 
>  arch/arm/crypto/chacha-glue.c | 1 +
>  1 file changed, 1 insertion(+)

Patch applied.  Thanks.
-- 
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux