[openssl-dev] [openssl.org #4512] ChaCha20_ctr32 function increments 64 bit counter?

Patrick Steuer via RT rt at openssl.org
Fri Apr 15 16:51:37 UTC 2016



Hello openssl team,

The following code in the ChaCha20_ctr32 function in
crypto/chacha/chacha_enc.c looks like you are actually using an IV=[64bit
counter||64 bit nonce] as specified in the "original Bernstein ChaCha"
instead of IV=[32bit counter||96bit nonce] as specified in RFC7539.

u32 input[16];
[...]
/* advance counter */
if (++input[12] == 0)
        input[13]++;

The code is from your git repo's master branch.

Mit freundlichen Grüßen / Kind regards

Patrick Steuer

Crypto for Linux on z Systems
Phone: +49-7031-16-1600
Email: patrick.steuer at de.ibm.com
IBM Deutschland Research & Development GmbH
Schönaicher Str. 220, 71032 Böblingen

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4512
Please log in as guest with password guest if prompted



More information about the openssl-dev mailing list