chacha/chacha_enc.c: harmonize counter width with subroutine name.

_ctr32 in function name refers to 32-bit counter, but it was implementing 64-bit one. This didn't pose problem to EVP, but 64-bit counter was just misleading. RT#4512 Reviewed-by: Richard Levitte <levitte@openssl.org>
author: Andy Polyakov <appro@openssl.org> 2016-04-27 15:07:32 +0200
committer: Andy Polyakov <appro@openssl.org> 2016-06-03 10:23:58 +0200
commit: 66bceb5f19d8a1c4436138e6c9e66f25fa0f75d4 (patch)
tree: 8a08150a3ed645a4df1509b90c57cf1e8a0b5b2e /crypto
parent: GH1123: sort dir before rehash (diff)
download: openssl-66bceb5f19d8a1c4436138e6c9e66f25fa0f75d4.tar.xz
openssl-66bceb5f19d8a1c4436138e6c9e66f25fa0f75d4.zip
1 files changed, 7 insertions, 3 deletions
diff --git a/crypto/chacha/chacha_enc.c b/crypto/chacha/chacha_enc.c
index 13720d0cc5..239f68ab82 100644
--- a/crypto/chacha/chacha_enc.c
+++ b/crypto/chacha/chacha_enc.c
@@ -110,8 +110,12 @@ void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp,
         inp += todo;
         len -= todo;
 
-        /* advance counter */
-        if (++input[12] == 0)
-            input[13]++;
+        /*
+         * Advance 32-bit counter. Note that as subroutine is so to
+         * say nonce-agnostic, this limited counter width doesn't
+         * prevent caller from implementing wider counter. It would
+         * simply take two calls split on counter overflow...
+         */
+        input[12]++;
     }
 }
author	Andy Polyakov <appro@openssl.org>	2016-04-27 15:07:32 +0200
committer	Andy Polyakov <appro@openssl.org>	2016-06-03 10:23:58 +0200
commit	66bceb5f19d8a1c4436138e6c9e66f25fa0f75d4 (patch)
tree	8a08150a3ed645a4df1509b90c57cf1e8a0b5b2e /crypto
parent	GH1123: sort dir before rehash (diff)
download	openssl-66bceb5f19d8a1c4436138e6c9e66f25fa0f75d4.tar.xz openssl-66bceb5f19d8a1c4436138e6c9e66f25fa0f75d4.zip