2021-02-10 Niels Möller <nisse@lysator.liu.se>
+ * chacha-crypt.c (_nettle_chacha_crypt_4core): Fix for the case
+ that counter increment should be 3 (129 <= message length <= 192).
+ (_nettle_chacha_crypt32_4core): Likewise.
+
* testsuite/chacha-test.c (test_chacha_rounds): New function, for
tests with non-standard round count. Extracted from _test_chacha.
(_test_chacha): Deleted rounds argument. Reorganized crypt/crypt32
while (length > 2*CHACHA_BLOCK_SIZE)
{
_nettle_chacha_4core (x, ctx->state, CHACHA_ROUNDS);
- ctx->state[12] += 4;
- ctx->state[13] += (ctx->state[12] < 4);
if (length <= 4*CHACHA_BLOCK_SIZE)
{
+ uint32_t incr = 3 + (length > 3*CHACHA_BLOCK_SIZE);
+ ctx->state[12] += incr;
+ ctx->state[13] += (ctx->state[12] < incr);
memxor3 (dst, src, x, length);
return;
}
+ ctx->state[12] += 4;
+ ctx->state[13] += (ctx->state[12] < 4);
memxor3 (dst, src, x, 4*CHACHA_BLOCK_SIZE);
length -= 4*CHACHA_BLOCK_SIZE;
while (length > 2*CHACHA_BLOCK_SIZE)
{
_nettle_chacha_4core32 (x, ctx->state, CHACHA_ROUNDS);
- ctx->state[12] += 4;
if (length <= 4*CHACHA_BLOCK_SIZE)
{
+ ctx->state[12] += 3 + (length > 3*CHACHA_BLOCK_SIZE);
memxor3 (dst, src, x, length);
return;
}
+ ctx->state[12] += 4;
memxor3 (dst, src, x, 4*CHACHA_BLOCK_SIZE);
length -= 4*CHACHA_BLOCK_SIZE;
projects / thirdparty / nettle.git / commitdiff
