mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2026-02-23 15:38:27 +01:00
24 lines
1.1 KiB
TOML
24 lines
1.1 KiB
TOML
[advisory]
|
|
id = "RUSTSEC-2019-0029"
|
|
package = "chacha20"
|
|
date = "2019-10-22"
|
|
title = "ChaCha20 counter overflow can expose repetitions in the keystream"
|
|
description = """
|
|
The ChaCha20 stream cipher can produce a maximum of 2^32 blocks (~256GB)
|
|
before the 32-bit counter overflows. Releases of the `chacha20` crate prior
|
|
to v0.2.3 allow generating keystreams larger than this, including seeking
|
|
past the limit. When this occurs, the keystream is duplicated, with failure
|
|
modes similar to nonce reuse (i.e. exposure of the XOR of two plaintexts).
|
|
|
|
The v0.2.3 release now panics in this event, rather than exposing the
|
|
duplicated keystream. Note this is a "hot fix" solution to the problem
|
|
and future releases will pursue returning an error in this case.
|
|
|
|
Users of the `chacha20poly1305` crate are unaffected by this as this crate
|
|
properly asserts the length of the plaintext is less than the maximum allowed
|
|
(`P_MAX` as described in RFC 8439 Section 2.8).
|
|
"""
|
|
patched_versions = [">= 0.2.3"]
|
|
url = "https://github.com/RustCrypto/stream-ciphers/pull/64"
|
|
categories = ["crypto-failure"]
|