svn commit: r317277 - head/sys/crypto/chacha20
Dag-Erling Smørgrav
des at FreeBSD.org
Sat Apr 22 01:06:25 UTC 2017
Author: des
Date: Sat Apr 22 01:06:23 2017
New Revision: 317277
URL: https://svnweb.freebsd.org/changeset/base/317277
Log:
Fix counter increment in Salsa and ChaCha.
In my eagerness to eliminate a branch which is taken once per 2^38
bytes of keystream, I forgot that the state words are in host order.
Thus, the counter increment code worked fine on little-endian
machines, but not on big-endian ones. Switch to a simpler (branchful)
solution.
Modified:
head/sys/crypto/chacha20/chacha20.c
Modified: head/sys/crypto/chacha20/chacha20.c
==============================================================================
--- head/sys/crypto/chacha20/chacha20.c Fri Apr 21 23:01:32 2017 (r317276)
+++ head/sys/crypto/chacha20/chacha20.c Sat Apr 22 01:06:23 2017 (r317277)
@@ -130,7 +130,6 @@ size_t
chacha20_encrypt(chacha20_ctx *ctx, const void *vpt, uint8_t *ct, size_t len)
{
const uint8_t *pt = vpt;
- uint64_t ctr;
uint32_t mix[16];
uint8_t ks[64];
unsigned int b, i;
@@ -157,8 +156,8 @@ chacha20_encrypt(chacha20_ctx *ctx, cons
for (i = 0; i < 64 && i < len; ++i)
*ct++ = *pt++ ^ ks[i];
}
- ctr = le64dec(ctx->state + 12);
- le64enc(ctx->state + 12, ++ctr);
+ if (++ctx->state[12] == 0)
+ ++ctx->state[13];
}
return (len);
}
More information about the svn-src-all
mailing list