chacha20: fix bug in starts() and add test for it

Previously the streaming API would fail when encrypting multiple messages with the same key.
2025-08-01 10:06:53 +03:00 · 2018-05-09 12:37:58 +02:00
parent 7296771194
commit 55c0d096b7
2 changed files with 42 additions and 1 deletions
--- a/library/chacha20.c
+++ b/library/chacha20.c
@ -243,6 +243,12 @@ int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
    ctx->initial_state[14] = BYTES_TO_U32_LE( nonce, 4 );
    ctx->initial_state[15] = BYTES_TO_U32_LE( nonce, 8 );

+    mbedtls_zeroize( ctx->working_state, sizeof( ctx->working_state ) );
+    mbedtls_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) );
+
+    /* Initially, there's no keystream bytes available */
+    ctx->keystream_bytes_used = CHACHA20_BLOCK_SIZE_BYTES;
+
    return( 0 );
 }