Re: fix CRYPTO_chacha_20() on BE32 platforms

2015-11-06 Thread Reyk Floeter 
Hi,

On Fri, Nov 06, 2015 at 05:39:03AM +, Miod Vallat wrote:
> Running regress/lib/libcrypto/aead fails on big-endian platforms without
> the following diff, for the ``Test vector from RFC7539 2.8.2'' test, due
> to 64-bit counters being truncated to size_t.
> 

Yes, the counter should be unsigned 64bit.

OK reyk@

I can only see one other *int64_t in LibreSSL's API, should it be
unsigned long long?  Or is it OK to start using C99 types in the API? (yes!)

The comment "converting size_t to u8" should also be updated:

---snip---
void
CRYPTO_chacha_20(unsigned char *out, const unsigned char *in, size_t len,
const unsigned char key[32], const unsigned char iv[8], size_t counter)
{
struct chacha_ctx ctx;

/*
 * chacha_ivsetup expects the counter to be in u8. Rather than
 * converting size_t to u8 and then back again, pass a counter of
 * NULL and manually assign it afterwards.
 */
chacha_keysetup(, key, 256);
chacha_ivsetup(, iv, NULL);
if (counter != 0) {
ctx.input[12] = (uint32_t)counter;
ctx.input[13] = (uint32_t)(((uint64_t)counter) >> 32);
}

chacha_encrypt_bytes(, in, out, (uint32_t)len);
}
---snap---

Reyk

> Index: chacha/chacha.c
> ===
> RCS file: /OpenBSD/src/lib/libssl/src/crypto/chacha/chacha.c,v
> retrieving revision 1.6
> diff -u -p -r1.6 chacha.c
> --- chacha/chacha.c   8 Jul 2014 14:30:23 -   1.6
> +++ chacha/chacha.c   6 Nov 2015 05:37:19 -
> @@ -57,7 +57,7 @@ ChaCha(ChaCha_ctx *ctx, unsigned char *o
>  
>  void
>  CRYPTO_chacha_20(unsigned char *out, const unsigned char *in, size_t len,
> -const unsigned char key[32], const unsigned char iv[8], size_t counter)
> +const unsigned char key[32], const unsigned char iv[8], uint64_t counter)
>  {
>   struct chacha_ctx ctx;
>  
> Index: chacha/chacha.h
> ===
> RCS file: /OpenBSD/src/lib/libssl/src/crypto/chacha/chacha.h,v
> retrieving revision 1.6
> diff -u -p -r1.6 chacha.h
> --- chacha/chacha.h   25 Jul 2014 14:04:51 -  1.6
> +++ chacha/chacha.h   6 Nov 2015 05:37:19 -
> @@ -44,7 +44,7 @@ void ChaCha(ChaCha_ctx *ctx, unsigned ch
>  size_t len);
>  
>  void CRYPTO_chacha_20(unsigned char *out, const unsigned char *in, size_t 
> len,
> -const unsigned char key[32], const unsigned char iv[8], size_t counter);
> +const unsigned char key[32], const unsigned char iv[8], uint64_t 
> counter);
>  
>  #ifdef  __cplusplus
>  }
> 

--

Re: fix CRYPTO_chacha_20() on BE32 platforms

2015-11-06 Thread Miod Vallat 
> Hi,
> 
> On Fri, Nov 06, 2015 at 05:39:03AM +, Miod Vallat wrote:
> > Running regress/lib/libcrypto/aead fails on big-endian platforms without
> > the following diff, for the ``Test vector from RFC7539 2.8.2'' test, due
> > to 64-bit counters being truncated to size_t.
> > 
> 
> Yes, the counter should be unsigned 64bit.
> 
> OK reyk@

But note that will require a .so major version bump, as the API changes
on 32-bit systems.

> I can only see one other *int64_t in LibreSSL's API, should it be
> unsigned long long?  Or is it OK to start using C99 types in the API? (yes!)

 types are definitely welcome.

> The comment "converting size_t to u8" should also be updated:

Indeed. Thanks for noticing.