RUSTSEC-2021-0121
Non-aligned u32 read in Chacha20 encryption and decryption
- Reported
- Issued
- Package
- crypto2 (crates.io)
- Type
- INFO Unsound
- Keywords
- #crypto #alignment #unsound
- Aliases
- References
- Patched
- no patched versions
- Affected Functions
- Version
crypto2::streamcipher::Chacha20::decrypt_slice
-
*
crypto2::streamcipher::Chacha20::encrypt_slice
-
*
crypto2::streamcipher::xor_si512_inplace
-
*
Description
The implementation does not enforce alignment requirements on input slices while incorrectly assuming 4-byte alignment through an unsafe call to std::slice::from_raw_parts_mut
, which breaks the contract and introduces undefined behavior.
This affects Chacha20 encryption and decryption in crypto2.
Advisory available under CC0-1.0 license.