diff options
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/src/crypto/chacha/chacha-merged.c | 32 |
1 files changed, 27 insertions, 5 deletions
diff --git a/src/lib/libssl/src/crypto/chacha/chacha-merged.c b/src/lib/libssl/src/crypto/chacha/chacha-merged.c index 25092b16da..a665fb316f 100644 --- a/src/lib/libssl/src/crypto/chacha/chacha-merged.c +++ b/src/lib/libssl/src/crypto/chacha/chacha-merged.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: chacha-merged.c,v 1.5 2014/06/24 17:48:30 jsing Exp $ */ | 1 | /* $OpenBSD: chacha-merged.c,v 1.6 2014/06/24 18:12:09 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | chacha-merged.c version 20080118 | 3 | chacha-merged.c version 20080118 |
| 4 | D. J. Bernstein | 4 | D. J. Bernstein |
| @@ -7,16 +7,18 @@ Public domain. | |||
| 7 | 7 | ||
| 8 | #include <sys/types.h> | 8 | #include <sys/types.h> |
| 9 | 9 | ||
| 10 | struct chacha_ctx { | ||
| 11 | u_int input[16]; | ||
| 12 | }; | ||
| 13 | |||
| 14 | #define CHACHA_MINKEYLEN 16 | 10 | #define CHACHA_MINKEYLEN 16 |
| 15 | #define CHACHA_NONCELEN 8 | 11 | #define CHACHA_NONCELEN 8 |
| 16 | #define CHACHA_CTRLEN 8 | 12 | #define CHACHA_CTRLEN 8 |
| 17 | #define CHACHA_STATELEN (CHACHA_NONCELEN+CHACHA_CTRLEN) | 13 | #define CHACHA_STATELEN (CHACHA_NONCELEN+CHACHA_CTRLEN) |
| 18 | #define CHACHA_BLOCKLEN 64 | 14 | #define CHACHA_BLOCKLEN 64 |
| 19 | 15 | ||
| 16 | struct chacha_ctx { | ||
| 17 | u_int input[16]; | ||
| 18 | u_int8_t ks[CHACHA_BLOCKLEN]; | ||
| 19 | u_int8_t unused; | ||
| 20 | }; | ||
| 21 | |||
| 20 | static inline void chacha_keysetup(struct chacha_ctx *x, const u_char *k, | 22 | static inline void chacha_keysetup(struct chacha_ctx *x, const u_char *k, |
| 21 | u_int kbits) | 23 | u_int kbits) |
| 22 | __attribute__((__bounded__(__minbytes__, 2, CHACHA_MINKEYLEN))); | 24 | __attribute__((__bounded__(__minbytes__, 2, CHACHA_MINKEYLEN))); |
| @@ -187,6 +189,25 @@ chacha_encrypt_bytes(chacha_ctx *x, const u8 *m, u8 *c, u32 bytes) | |||
| 187 | x14 = PLUS(x14, j14); | 189 | x14 = PLUS(x14, j14); |
| 188 | x15 = PLUS(x15, j15); | 190 | x15 = PLUS(x15, j15); |
| 189 | 191 | ||
| 192 | if (bytes < 64) { | ||
| 193 | U32TO8_LITTLE(x->ks + 0, x0); | ||
| 194 | U32TO8_LITTLE(x->ks + 4, x1); | ||
| 195 | U32TO8_LITTLE(x->ks + 8, x2); | ||
| 196 | U32TO8_LITTLE(x->ks + 12, x3); | ||
| 197 | U32TO8_LITTLE(x->ks + 16, x4); | ||
| 198 | U32TO8_LITTLE(x->ks + 20, x5); | ||
| 199 | U32TO8_LITTLE(x->ks + 24, x6); | ||
| 200 | U32TO8_LITTLE(x->ks + 28, x7); | ||
| 201 | U32TO8_LITTLE(x->ks + 32, x8); | ||
| 202 | U32TO8_LITTLE(x->ks + 36, x9); | ||
| 203 | U32TO8_LITTLE(x->ks + 40, x10); | ||
| 204 | U32TO8_LITTLE(x->ks + 44, x11); | ||
| 205 | U32TO8_LITTLE(x->ks + 48, x12); | ||
| 206 | U32TO8_LITTLE(x->ks + 52, x13); | ||
| 207 | U32TO8_LITTLE(x->ks + 56, x14); | ||
| 208 | U32TO8_LITTLE(x->ks + 60, x15); | ||
| 209 | } | ||
| 210 | |||
| 190 | x0 = XOR(x0, U8TO32_LITTLE(m + 0)); | 211 | x0 = XOR(x0, U8TO32_LITTLE(m + 0)); |
| 191 | x1 = XOR(x1, U8TO32_LITTLE(m + 4)); | 212 | x1 = XOR(x1, U8TO32_LITTLE(m + 4)); |
| 192 | x2 = XOR(x2, U8TO32_LITTLE(m + 8)); | 213 | x2 = XOR(x2, U8TO32_LITTLE(m + 8)); |
| @@ -237,6 +258,7 @@ chacha_encrypt_bytes(chacha_ctx *x, const u8 *m, u8 *c, u32 bytes) | |||
| 237 | } | 258 | } |
| 238 | x->input[12] = j12; | 259 | x->input[12] = j12; |
| 239 | x->input[13] = j13; | 260 | x->input[13] = j13; |
| 261 | x->unused = 64 - bytes; | ||
| 240 | return; | 262 | return; |
| 241 | } | 263 | } |
| 242 | bytes -= 64; | 264 | bytes -= 64; |