diff options
| author | Eric Biggers <ebiggers@google.com> | 2017-11-22 11:51:39 -0800 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2022-06-25 11:46:24 +0200 |
| commit | f83ff022179e7ba4b5e14d96524fc0b74b6e3845 (patch) | |
| tree | 72a387195ea01a5b46a8e70819cec593b96efa99 /lib | |
| parent | a0764df52607180d3b3712d698f491196731844b (diff) | |
| download | linux-f83ff022179e7ba4b5e14d96524fc0b74b6e3845.tar.gz linux-f83ff022179e7ba4b5e14d96524fc0b74b6e3845.tar.bz2 linux-f83ff022179e7ba4b5e14d96524fc0b74b6e3845.zip | |
crypto: chacha20 - Fix keystream alignment for chacha20_block()
commit 9f480faec58cd6197a007ea1dcac6b7c3daf1139 upstream.
When chacha20_block() outputs the keystream block, it uses 'u32' stores
directly. However, the callers (crypto/chacha20_generic.c and
drivers/char/random.c) declare the keystream buffer as a 'u8' array,
which is not guaranteed to have the needed alignment.
Fix it by having both callers declare the keystream as a 'u32' array.
For now this is preferable to switching over to the unaligned access
macros because chacha20_block() is only being used in cases where we can
easily control the alignment (stack buffers).
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/chacha20.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/chacha20.c b/lib/chacha20.c index 250ceed9ec9a..29d3801dee24 100644 --- a/lib/chacha20.c +++ b/lib/chacha20.c @@ -21,7 +21,7 @@ static inline u32 rotl32(u32 v, u8 n) return (v << n) | (v >> (sizeof(v) * 8 - n)); } -extern void chacha20_block(u32 *state, void *stream) +void chacha20_block(u32 *state, u32 *stream) { u32 x[16], *out = stream; int i; |