diff options
| author | jsing <> | 2022-08-20 18:44:58 +0000 |
|---|---|---|
| committer | jsing <> | 2022-08-20 18:44:58 +0000 |
| commit | fc53650fac6d818e74786e8e94b2d9bb8e390901 (patch) | |
| tree | a11d32f1d64962ab4a6131e20dc47622d67c5858 /src | |
| parent | 1f514c7f37e83673996474309b61dfea3714ed3c (diff) | |
| download | openbsd-fc53650fac6d818e74786e8e94b2d9bb8e390901.tar.gz openbsd-fc53650fac6d818e74786e8e94b2d9bb8e390901.tar.bz2 openbsd-fc53650fac6d818e74786e8e94b2d9bb8e390901.zip | |
Remove UINT32_MAX limitation on ChaCha() and CRYPTO_chacha_20().
We can avoid this unnecessary limitation by calling chacha_encrypt_bytes()
multiple times internally. In the case of ChaCha(), the caller still needs
to ensure that the same IV is not used for more than 2^70 bytes.
ok tb@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/chacha/chacha.c | 26 |
1 files changed, 23 insertions, 3 deletions
diff --git a/src/lib/libcrypto/chacha/chacha.c b/src/lib/libcrypto/chacha/chacha.c index 6a2dddf055..0ce4545186 100644 --- a/src/lib/libcrypto/chacha/chacha.c +++ b/src/lib/libcrypto/chacha/chacha.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: chacha.c,v 1.8 2019/01/22 00:59:21 dlg Exp $ */ | 1 | /* $OpenBSD: chacha.c,v 1.9 2022/08/20 18:44:58 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -40,6 +40,7 @@ void | |||
| 40 | ChaCha(ChaCha_ctx *ctx, unsigned char *out, const unsigned char *in, size_t len) | 40 | ChaCha(ChaCha_ctx *ctx, unsigned char *out, const unsigned char *in, size_t len) |
| 41 | { | 41 | { |
| 42 | unsigned char *k; | 42 | unsigned char *k; |
| 43 | uint64_t n; | ||
| 43 | int i, l; | 44 | int i, l; |
| 44 | 45 | ||
| 45 | /* Consume remaining keystream, if any exists. */ | 46 | /* Consume remaining keystream, if any exists. */ |
| @@ -52,7 +53,16 @@ ChaCha(ChaCha_ctx *ctx, unsigned char *out, const unsigned char *in, size_t len) | |||
| 52 | len -= l; | 53 | len -= l; |
| 53 | } | 54 | } |
| 54 | 55 | ||
| 55 | chacha_encrypt_bytes((chacha_ctx *)ctx, in, out, (uint32_t)len); | 56 | while (len > 0) { |
| 57 | if ((n = len) > UINT32_MAX) | ||
| 58 | n = UINT32_MAX; | ||
| 59 | |||
| 60 | chacha_encrypt_bytes((chacha_ctx *)ctx, in, out, (uint32_t)n); | ||
| 61 | |||
| 62 | in += n; | ||
| 63 | out += n; | ||
| 64 | len -= n; | ||
| 65 | } | ||
| 56 | } | 66 | } |
| 57 | 67 | ||
| 58 | void | 68 | void |
| @@ -60,6 +70,7 @@ CRYPTO_chacha_20(unsigned char *out, const unsigned char *in, size_t len, | |||
| 60 | const unsigned char key[32], const unsigned char iv[8], uint64_t counter) | 70 | const unsigned char key[32], const unsigned char iv[8], uint64_t counter) |
| 61 | { | 71 | { |
| 62 | struct chacha_ctx ctx; | 72 | struct chacha_ctx ctx; |
| 73 | uint64_t n; | ||
| 63 | 74 | ||
| 64 | /* | 75 | /* |
| 65 | * chacha_ivsetup expects the counter to be in u8. Rather than | 76 | * chacha_ivsetup expects the counter to be in u8. Rather than |
| @@ -73,7 +84,16 @@ CRYPTO_chacha_20(unsigned char *out, const unsigned char *in, size_t len, | |||
| 73 | ctx.input[13] = (uint32_t)(counter >> 32); | 84 | ctx.input[13] = (uint32_t)(counter >> 32); |
| 74 | } | 85 | } |
| 75 | 86 | ||
| 76 | chacha_encrypt_bytes(&ctx, in, out, (uint32_t)len); | 87 | while (len > 0) { |
| 88 | if ((n = len) > UINT32_MAX) | ||
| 89 | n = UINT32_MAX; | ||
| 90 | |||
| 91 | chacha_encrypt_bytes(&ctx, in, out, (uint32_t)n); | ||
| 92 | |||
| 93 | in += n; | ||
| 94 | out += n; | ||
| 95 | len -= n; | ||
| 96 | } | ||
| 77 | } | 97 | } |
| 78 | 98 | ||
| 79 | void | 99 | void |