summaryrefslogtreecommitdiff
path: root/libgo/go/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_generic.go
diff options
context:
space:
mode:
Diffstat (limited to 'libgo/go/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_generic.go')
-rw-r--r--libgo/go/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_generic.go22
1 files changed, 7 insertions, 15 deletions
diff --git a/libgo/go/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_generic.go b/libgo/go/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_generic.go
index c27971216c9..91b38568ce1 100644
--- a/libgo/go/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_generic.go
+++ b/libgo/go/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_generic.go
@@ -7,7 +7,7 @@ package chacha20poly1305
import (
"encoding/binary"
- "golang.org/x/crypto/internal/chacha20"
+ "golang.org/x/crypto/chacha20"
"golang.org/x/crypto/internal/subtle"
"golang.org/x/crypto/poly1305"
)
@@ -22,14 +22,10 @@ func (c *chacha20poly1305) sealGeneric(dst, nonce, plaintext, additionalData []b
panic("chacha20poly1305: invalid buffer overlap")
}
- var polyKey [32]byte
- s := chacha20.New(c.key, [3]uint32{
- binary.LittleEndian.Uint32(nonce[0:4]),
- binary.LittleEndian.Uint32(nonce[4:8]),
- binary.LittleEndian.Uint32(nonce[8:12]),
- })
+ var polyKey, discardBuf [32]byte
+ s, _ := chacha20.NewUnauthenticatedCipher(c.key[:], nonce)
s.XORKeyStream(polyKey[:], polyKey[:])
- s.Advance() // skip the next 32 bytes
+ s.XORKeyStream(discardBuf[:], discardBuf[:]) // skip the next 32 bytes
s.XORKeyStream(out, plaintext)
polyInput := make([]byte, roundTo16(len(additionalData))+roundTo16(len(plaintext))+8+8)
@@ -50,14 +46,10 @@ func (c *chacha20poly1305) openGeneric(dst, nonce, ciphertext, additionalData []
copy(tag[:], ciphertext[len(ciphertext)-16:])
ciphertext = ciphertext[:len(ciphertext)-16]
- var polyKey [32]byte
- s := chacha20.New(c.key, [3]uint32{
- binary.LittleEndian.Uint32(nonce[0:4]),
- binary.LittleEndian.Uint32(nonce[4:8]),
- binary.LittleEndian.Uint32(nonce[8:12]),
- })
+ var polyKey, discardBuf [32]byte
+ s, _ := chacha20.NewUnauthenticatedCipher(c.key[:], nonce)
s.XORKeyStream(polyKey[:], polyKey[:])
- s.Advance() // skip the next 32 bytes
+ s.XORKeyStream(discardBuf[:], discardBuf[:]) // skip the next 32 bytes
polyInput := make([]byte, roundTo16(len(additionalData))+roundTo16(len(ciphertext))+8+8)
copy(polyInput, additionalData)
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-04 17:47:13 +0000