chacha/chacha_enc.c: harmonize counter width with subroutine name.

_ctr32 in function name refers to 32-bit counter, but it was implementing
64-bit one. This didn't pose problem to EVP, but 64-bit counter was just
misleading.

RT#4512

Reviewed-by: Richard Levitte <levitte@openssl.org>

diff --git a/crypto/chacha/chacha_enc.c b/crypto/chacha/chacha_enc.c
index 13720d0cc5f93366a186645acfd2678eea59052e..239f68ab825e3f613169075947dfe50a1319bbf8 100644 (file)
--- a/crypto/chacha/chacha_enc.c
+++ b/crypto/chacha/chacha_enc.c
@@ -110,8 +110,12 @@ void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp,
         inp += todo;
         len -= todo;
 
-        /* advance counter */
-        if (++input[12] == 0)
-            input[13]++;
+        /*
+         * Advance 32-bit counter. Note that as subroutine is so to
+         * say nonce-agnostic, this limited counter width doesn't
+         * prevent caller from implementing wider counter. It would
+         * simply take two calls split on counter overflow...
+         */
+        input[12]++;
     }
 }