chacha20: fix bug in starts() and add test for it Previously the streaming API would fail when encrypting multiple messages with the same key.

commit: b60045aacb1b365cd1d6d4e3e0c022bd36ff0642 [log] [tgz]
author: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Wed May 09 12:37:58 2018 +0200
committer: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Thu May 10 13:23:02 2018 +0200
tree: 5751afaf4eb28d7f29f1c15a27b005ab0412c576
parent: 2faaa10e68b134924f7b5ba6fa09be2ddf22591a [diff]
diff --git a/library/chacha20.c b/library/chacha20.c
index 5ede455..d89000d 100644
--- a/library/chacha20.c
+++ b/library/chacha20.c

@@ -243,6 +243,12 @@
     ctx->initial_state[14] = BYTES_TO_U32_LE( nonce, 4 );
     ctx->initial_state[15] = BYTES_TO_U32_LE( nonce, 8 );
 
+    mbedtls_zeroize( ctx->working_state, sizeof( ctx->working_state ) );
+    mbedtls_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) );
+
+    /* Initially, there's no keystream bytes available */
+    ctx->keystream_bytes_used = CHACHA20_BLOCK_SIZE_BYTES;
+
     return( 0 );
 }
commit	b60045aacb1b365cd1d6d4e3e0c022bd36ff0642	[log] [tgz]
author	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Wed May 09 12:37:58 2018 +0200
committer	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Thu May 10 13:23:02 2018 +0200
tree	5751afaf4eb28d7f29f1c15a27b005ab0412c576
parent	2faaa10e68b134924f7b5ba6fa09be2ddf22591a [diff]