diff options
| -rw-r--r-- | src/lib/libcrypto/evp/e_chacha.c | 14 |
1 files changed, 6 insertions, 8 deletions
diff --git a/src/lib/libcrypto/evp/e_chacha.c b/src/lib/libcrypto/evp/e_chacha.c index add0488477..5cd03c7c8d 100644 --- a/src/lib/libcrypto/evp/e_chacha.c +++ b/src/lib/libcrypto/evp/e_chacha.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: e_chacha.c,v 1.12 2023/07/07 19:37:53 beck Exp $ */ | 1 | /* $OpenBSD: e_chacha.c,v 1.13 2023/08/24 04:20:57 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -53,13 +53,11 @@ static const EVP_CIPHER chacha20_cipher = { | |||
| 53 | .nid = NID_chacha20, | 53 | .nid = NID_chacha20, |
| 54 | .block_size = 1, | 54 | .block_size = 1, |
| 55 | .key_len = 32, | 55 | .key_len = 32, |
| 56 | /* | 56 | /* |
| 57 | * The 128 bit EVP IV is split for ChaCha into four 32 bit pieces: | 57 | * The 16-byte EVP IV is split into 4 little-endian 4-byte words |
| 58 | * counter[0] counter[1] iv[0] iv[1] | 58 | * evpiv[15:12] evpiv[11:8] evpiv[7:4] evpiv[3:0] |
| 59 | * OpenSSL exposes these as: | 59 | * iv[1] iv[0] counter[1] counter[0] |
| 60 | * openssl_iv = counter[0] iv[0] iv[1] iv[2] | 60 | * and passed as iv[] and counter[] to ChaCha_set_iv(). |
| 61 | * Due to the cipher internal state's symmetry, these are functionally | ||
| 62 | * equivalent. | ||
| 63 | */ | 61 | */ |
| 64 | .iv_len = 16, | 62 | .iv_len = 16, |
| 65 | .flags = EVP_CIPH_STREAM_CIPHER | EVP_CIPH_ALWAYS_CALL_INIT | | 63 | .flags = EVP_CIPH_STREAM_CIPHER | EVP_CIPH_ALWAYS_CALL_INIT | |