In chacha_crypt, use _chacha_3core if leftover is more than one block.

diff --git a/chacha-crypt.c b/chacha-crypt.c
index 59d808d1eda2ee559a3db50585c5cdede1e0a263..c612ea4a6cb92a2470db5552c053337637c4db22 100644 (file)
--- a/chacha-crypt.c
+++ b/chacha-crypt.c
@@ -82,14 +82,17 @@ chacha_crypt(struct chacha_ctx *ctx,
       dst += 3*CHACHA_BLOCK_SIZE;
       src += 3*CHACHA_BLOCK_SIZE;
     }
-  _chacha_core (x, ctx->state, CHACHA_ROUNDS);
-  ctx->state[13] += (++ctx->state[12] == 0);
-
-  if (length > CHACHA_BLOCK_SIZE)
+  if (length <= CHACHA_BLOCK_SIZE)
     {
-      _chacha_core (x + _CHACHA_STATE_LENGTH, ctx->state, CHACHA_ROUNDS);
+      _chacha_core (x, ctx->state, CHACHA_ROUNDS);
       ctx->state[13] += (++ctx->state[12] == 0);
     }
+  else
+    {
+      _chacha_3core (x, ctx->state, CHACHA_ROUNDS);
+      ctx->state[12] += 2;
+      ctx->state[13] += (ctx->state[12] < 2);
+    }
   memxor3 (dst, src, x, length);
 }
 #else