From b2975f7fa8c1bcd4e2cee9ab6ce5f21d00c30c57 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se>
Date: Tue, 14 Jul 2020 16:44:36 +0200
Subject: [PATCH] In chacha_crypt, use _chacha_3core if leftover is more than
 one block.

---
 chacha-crypt.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/chacha-crypt.c b/chacha-crypt.c
index 59d808d1..c612ea4a 100644
--- a/chacha-crypt.c
+++ b/chacha-crypt.c
@@ -82,14 +82,17 @@ chacha_crypt(struct chacha_ctx *ctx,
       dst += 3*CHACHA_BLOCK_SIZE;
       src += 3*CHACHA_BLOCK_SIZE;
     }
-  _chacha_core (x, ctx->state, CHACHA_ROUNDS);
-  ctx->state[13] += (++ctx->state[12] == 0);
-
-  if (length > CHACHA_BLOCK_SIZE)
+  if (length <= CHACHA_BLOCK_SIZE)
     {
-      _chacha_core (x + _CHACHA_STATE_LENGTH, ctx->state, CHACHA_ROUNDS);
+      _chacha_core (x, ctx->state, CHACHA_ROUNDS);
       ctx->state[13] += (++ctx->state[12] == 0);
     }
+  else
+    {
+      _chacha_3core (x, ctx->state, CHACHA_ROUNDS);
+      ctx->state[12] += 2;
+      ctx->state[13] += (ctx->state[12] < 2);
+    }
   memxor3 (dst, src, x, length);
 }
 #else
-- 
2.47.2