- Issued
-
- Package
-
crypto2
(crates.io)
- Type
-
INFO
Unsound
- Keywords
-
#crypto
#alignment
#unsound
- Details
-
https://github.com/shadowsocks/crypto2/issues/27
- Patched
-
no patched versions
- Affected Functions
- Version
crypto2::streamcipher::Chacha20::decrypt_slice-
crypto2::streamcipher::Chacha20::encrypt_slice-
crypto2::streamcipher::xor_si512_inplace-
Description
The implementation does not enforce alignment requirements on input slices while incorrectly assuming 4-byte alignment through an unsafe call to std::slice::from_raw_parts_mut, which breaks the contract and introduces undefined behavior.
This affects Chacha20 encryption and decryption in crypto2.