1, /* block_size */
CHACHA_KEY_SIZE, /* key_len */
CHACHA_CTR_SIZE, /* iv_len, 128-bit counter in the context */
- 0, /* flags */
+ EVP_CIPH_CUSTOM_IV | EVP_CIPH_ALWAYS_CALL_INIT,
chacha_init_key,
chacha_cipher,
NULL,
const EVP_CIPHER *EVP_chacha20(void)
{
- return (&chacha20);
+ return &chacha20;
}
# ifndef OPENSSL_NO_POLY1305
{
EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
if (actx)
- OPENSSL_cleanse(ctx->cipher_data, sizeof(*ctx) + Poly1305_ctx_size());
+ OPENSSL_cleanse(ctx->cipher_data, sizeof(*actx) + Poly1305_ctx_size());
return 1;
}
len = aad[EVP_AEAD_TLS1_AAD_LEN - 2] << 8 |
aad[EVP_AEAD_TLS1_AAD_LEN - 1];
if (!ctx->encrypt) {
+ if (len < POLY1305_BLOCK_SIZE)
+ return 0;
len -= POLY1305_BLOCK_SIZE; /* discount attached tag */
memcpy(temp, aad, EVP_AEAD_TLS1_AAD_LEN - 2);
aad = temp;
actx->tls_payload_length = len;
/*
- * merge record sequence number as per
- * draft-ietf-tls-chacha20-poly1305-03
+ * merge record sequence number as per RFC7905
*/
actx->key.counter[1] = actx->nonce[0];
actx->key.counter[2] = actx->nonce[1] ^ CHACHA_U8TOU32(aad);