From: Niels Möller <nisse@lysator.liu.se>
Date: Tue, 14 Jul 2020 14:44:36 +0000 (+0200)
Subject: In chacha_crypt, use _chacha_3core if leftover is more than one block.
X-Git-Tag: nettle_3.7rc1~83
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b2975f7fa8c1bcd4e2cee9ab6ce5f21d00c30c57;p=thirdparty%2Fnettle.git

In chacha_crypt, use _chacha_3core if leftover is more than one block.
---

diff --git a/chacha-crypt.c b/chacha-crypt.c
index 59d808d1..c612ea4a 100644
--- a/chacha-crypt.c
+++ b/chacha-crypt.c
@@ -82,14 +82,17 @@ chacha_crypt(struct chacha_ctx *ctx,
       dst += 3*CHACHA_BLOCK_SIZE;
       src += 3*CHACHA_BLOCK_SIZE;
     }
-  _chacha_core (x, ctx->state, CHACHA_ROUNDS);
-  ctx->state[13] += (++ctx->state[12] == 0);
-
-  if (length > CHACHA_BLOCK_SIZE)
+  if (length <= CHACHA_BLOCK_SIZE)
     {
-      _chacha_core (x + _CHACHA_STATE_LENGTH, ctx->state, CHACHA_ROUNDS);
+      _chacha_core (x, ctx->state, CHACHA_ROUNDS);
       ctx->state[13] += (++ctx->state[12] == 0);
     }
+  else
+    {
+      _chacha_3core (x, ctx->state, CHACHA_ROUNDS);
+      ctx->state[12] += 2;
+      ctx->state[13] += (ctx->state[12] < 2);
+    }
   memxor3 (dst, src, x, length);
 }
 #else