From 0f1e1885dbde795d0ca8718959ace1f3939a36b9 Mon Sep 17 00:00:00 2001
From: Tony Arcieri <bascule@gmail.com>
Date: Wed, 23 Oct 2019 10:36:53 -0700
Subject: [PATCH 1/2] chacha20: Add counter overflow advisory

Upstream issue: https://github.com/RustCrypto/stream-ciphers/pull/64
---
 crates/chacha20/RUSTSEC-0000-0000.toml | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 crates/chacha20/RUSTSEC-0000-0000.toml

diff --git a/crates/chacha20/RUSTSEC-0000-0000.toml b/crates/chacha20/RUSTSEC-0000-0000.toml
new file mode 100644
index 0000000..0752cc1
--- /dev/null
+++ b/crates/chacha20/RUSTSEC-0000-0000.toml
@@ -0,0 +1,23 @@
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "chacha20"
+date = "2019-10-22"
+title = "ChaCha20 counter overflow can expose repetitions in the keystream"
+description = """
+The ChaCha20 stream cipher can produce a maximum of 2^32 blocks (~256GB)
+before the 32-bit counter overflows. Releases of the `chacha20` crate prior
+to v0.2.3 allow generating keystreams larger than this, including seeking
+past the limit. When this occurs, the keystream is duplicated, with failure
+modes similar to nonce reuse (i.e. exposure of the XOR of two plaintexts).
+
+The v0.2.3 release now panics in this event, rather than exposing the
+duplicated keystream. Note this is a "hot fix" solution to the problem
+and future releases will pursue returning an error in this case.
+
+Users of the `chacha20poly1305` crate are unaffected by this as this crate
+properly asserts the length of the plaintext is less than the maximum allowed
+(`P_MAX` as described in RFC 8439 Section 2.8).
+"""
+patched_versions = [">= 0.2.3"]
+url = "https://github.com/RustCrypto/stream-ciphers/pull/64"
+categories = ["crypto-failure"]

From ab01fe3e286c101b3941a60cfdffe601dfa75fcd Mon Sep 17 00:00:00 2001
From: Tony Arcieri <bascule@gmail.com>
Date: Wed, 23 Oct 2019 10:56:18 -0700
Subject: [PATCH 2/2] Assign RUSTSEC-2019-0029 to chacha20

---
 .../chacha20/{RUSTSEC-0000-0000.toml => RUSTSEC-2019-0029.toml} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename crates/chacha20/{RUSTSEC-0000-0000.toml => RUSTSEC-2019-0029.toml} (97%)

diff --git a/crates/chacha20/RUSTSEC-0000-0000.toml b/crates/chacha20/RUSTSEC-2019-0029.toml
similarity index 97%
rename from crates/chacha20/RUSTSEC-0000-0000.toml
rename to crates/chacha20/RUSTSEC-2019-0029.toml
index 0752cc1..11da021 100644
--- a/crates/chacha20/RUSTSEC-0000-0000.toml
+++ b/crates/chacha20/RUSTSEC-2019-0029.toml
@@ -1,5 +1,5 @@
 [advisory]
-id = "RUSTSEC-0000-0000"
+id = "RUSTSEC-2019-0029"
 package = "chacha20"
 date = "2019-10-22"
 title = "ChaCha20 counter overflow can expose repetitions in the keystream"