From ca925163abb997be0da93a3a05d78a17b823ccc1 Mon Sep 17 00:00:00 2001 From: tb <> Date: Sun, 26 Jan 2020 07:34:05 +0000 Subject: Improve the comment explaining why the previous change matches OpenSSL's behavior. ok jsing --- src/lib/libcrypto/evp/e_chacha.c | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/src/lib/libcrypto/evp/e_chacha.c b/src/lib/libcrypto/evp/e_chacha.c index bc496241e6..198eaef09f 100644 --- a/src/lib/libcrypto/evp/e_chacha.c +++ b/src/lib/libcrypto/evp/e_chacha.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_chacha.c,v 1.6 2020/01/26 02:39:58 tb Exp $ */ +/* $OpenBSD: e_chacha.c,v 1.7 2020/01/26 07:34:05 tb Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -34,7 +34,15 @@ static const EVP_CIPHER chacha20_cipher = { .nid = NID_chacha20, .block_size = 1, .key_len = 32, - .iv_len = 16, /* OpenSSL has 8 byte counter followed by 8 byte iv */ + /* + * The 128 bit EVP IV is split for ChaCha into four 32 bit pieces: + * counter[0] counter[1] iv[0] iv[1] + * OpenSSL exposes these as; + * openssl_iv = counter[0] iv[0] iv[1] iv[2] + * Due to the cipher internal state's symmetry, these are functionally + * equivalent. + */ + .iv_len = 16, .flags = EVP_CIPH_STREAM_CIPHER | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV, .init = chacha_init, @@ -50,17 +58,16 @@ EVP_chacha20(void) static int chacha_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) + const unsigned char *openssl_iv, int enc) { if (key != NULL) ChaCha_set_key((ChaCha_ctx *)ctx->cipher_data, key, EVP_CIPHER_CTX_key_length(ctx) * 8); - if (iv != NULL) { - const unsigned char *openssl_iv = iv + 8; - const unsigned char *counter = iv; + if (openssl_iv != NULL) { + const unsigned char *iv = openssl_iv + 8; + const unsigned char *counter = openssl_iv; - ChaCha_set_iv((ChaCha_ctx *)ctx->cipher_data, openssl_iv, - counter); + ChaCha_set_iv((ChaCha_ctx *)ctx->cipher_data, iv, counter); } return 1; } -- cgit v1.2.3-55-g6feb