From 57e869e28b6f3fe20ff7f48c5c0a3f4bda1de182 Mon Sep 17 00:00:00 2001
From: Jeffrey Walton <noloader@gmail.com>
Date: Tue, 12 Feb 2019 15:31:43 -0500
Subject: [PATCH] Latch previous ROUNDS in Salsa and ChaCha ciphers (GH #800)

---
 chacha.cpp | 2 +-
 chacha.h   | 2 +-
 salsa.cpp  | 6 ++----
 salsa.h    | 1 +
 4 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/chacha.cpp b/chacha.cpp
index 9e0e3d37..9f68a0aa 100644
--- a/chacha.cpp
+++ b/chacha.cpp
@@ -345,7 +345,7 @@ void ChaCha_Policy::CipherSetKey(const NameValuePairs &params, const byte *key,
     CRYPTOPP_ASSERT(key); CRYPTOPP_ASSERT(length == 16 || length == 32);
     CRYPTOPP_UNUSED(key); CRYPTOPP_UNUSED(length);
 
-    m_rounds = params.GetIntValueWithDefault(Name::Rounds(), 20);
+    m_rounds = params.GetIntValueWithDefault(Name::Rounds(), m_rounds);
     if (m_rounds != 20 && m_rounds != 12 && m_rounds != 8)
         throw InvalidRounds(ChaCha::StaticAlgorithmName(), m_rounds);
 
diff --git a/chacha.h b/chacha.h
index 76aeb01b..ac53c66f 100644
--- a/chacha.h
+++ b/chacha.h
@@ -58,7 +58,7 @@ class CRYPTOPP_NO_VTABLE ChaCha_Policy : public AdditiveCipherConcretePolicy<wor
 {
 public:
     virtual ~ChaCha_Policy() {}
-    ChaCha_Policy() : m_rounds(0) {}
+    ChaCha_Policy() : m_rounds(20) {}
 
 protected:
     void CipherSetKey(const NameValuePairs &params, const byte *key, size_t length);
diff --git a/salsa.cpp b/salsa.cpp
index c5330a9a..93f6293b 100644
--- a/salsa.cpp
+++ b/salsa.cpp
@@ -112,8 +112,7 @@ std::string Salsa20_Policy::AlgorithmProvider() const
 
 void Salsa20_Policy::CipherSetKey(const NameValuePairs &params, const byte *key, size_t length)
 {
-	m_rounds = params.GetIntValueWithDefault(Name::Rounds(), 20);
-
+	m_rounds = params.GetIntValueWithDefault(Name::Rounds(), m_rounds);
 	if (!(m_rounds == 8 || m_rounds == 12 || m_rounds == 20))
 		throw InvalidRounds(Salsa20::StaticAlgorithmName(), m_rounds);
 
@@ -692,8 +691,7 @@ Salsa20_OperateKeystream ENDP
 
 void XSalsa20_Policy::CipherSetKey(const NameValuePairs &params, const byte *key, size_t length)
 {
-	m_rounds = params.GetIntValueWithDefault(Name::Rounds(), 20);
-
+	m_rounds = params.GetIntValueWithDefault(Name::Rounds(), m_rounds);
 	if (!(m_rounds == 8 || m_rounds == 12 || m_rounds == 20))
 		throw InvalidRounds(XSalsa20::StaticAlgorithmName(), m_rounds);
 
diff --git a/salsa.h b/salsa.h
index a42d684b..e7e13b8a 100644
--- a/salsa.h
+++ b/salsa.h
@@ -36,6 +36,7 @@ struct Salsa20_Info : public VariableKeyLength<32, 16, 32, 16, SimpleKeyingInter
 class CRYPTOPP_NO_VTABLE Salsa20_Policy : public AdditiveCipherConcretePolicy<word32, 16>
 {
 protected:
+	Salsa20_Policy() : m_rounds(20) {}
 	void CipherSetKey(const NameValuePairs &params, const byte *key, size_t length);
 	void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount);
 	void CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length);