Browse Source

Fix the counter wrap detection for the IETF mode.

Oops, that bug's been there forever, since the time I added back the
ChaCha20 constant to the state vector.
Yawning Angel 2 years ago
parent
commit
70289bb213
2 changed files with 2 additions and 2 deletions
  1. 1 1
      chacha20_amd64.go
  2. 1 1
      chacha20_ref.go

+ 1 - 1
chacha20_amd64.go

@@ -31,7 +31,7 @@ func blocksAmd64(x *[stateSize]uint32, in []byte, out []byte, nrBlocks int, isIe
 
 	if isIetf {
 		var totalBlocks uint64
-		totalBlocks = uint64(x[8]) + uint64(nrBlocks)
+		totalBlocks = uint64(x[12]) + uint64(nrBlocks)
 		if totalBlocks > math.MaxUint32 {
 			panic("chacha20: Exceeded keystream per nonce limit")
 		}

+ 1 - 1
chacha20_ref.go

@@ -16,7 +16,7 @@ import (
 func blocksRef(x *[stateSize]uint32, in []byte, out []byte, nrBlocks int, isIetf bool) {
 	if isIetf {
 		var totalBlocks uint64
-		totalBlocks = uint64(x[8]) + uint64(nrBlocks)
+		totalBlocks = uint64(x[12]) + uint64(nrBlocks)
 		if totalBlocks > math.MaxUint32 {
 			panic("chacha20: Exceeded keystream per nonce limit")
 		}