Advisories for Cargo/Crypto2 package

2022

Use of a Broken or Risky Cryptographic Algorithm in crypto2

The implementation does not enforce alignment requirements on input slices while incorrectly assuming 4-byte alignment through an unsafe call to std::slice::from_raw_parts_mut, which breaks the contract and introduces undefined behavior. This affects Chacha20 encryption and decryption in crypto2.