In chacha_crypt, use _chacha_3core if leftover is more than one block.

author: Niels Möller <nisse@lysator.liu.se> 2020-07-14 16:44:36 +0200
committer: Niels Möller <nisse@lysator.liu.se> 2020-07-14 16:44:36 +0200
commit: b2975f7fa8c1bcd4e2cee9ab6ce5f21d00c30c57 (patch)
tree: 47911ae683fca5b580a3516fdbea0f9a5c0cd5a9 /chacha-crypt.c
parent: c23a5f17ab3ec653267cd9131949ee7b5b5c5c27 (diff)
download: nettle-b2975f7fa8c1bcd4e2cee9ab6ce5f21d00c30c57.tar.gz
1 files changed, 8 insertions, 5 deletions
diff --git a/chacha-crypt.c b/chacha-crypt.c
index 59d808d1..c612ea4a 100644
--- a/chacha-crypt.c
+++ b/chacha-crypt.c
@@ -82,14 +82,17 @@ chacha_crypt(struct chacha_ctx *ctx,
       dst += 3*CHACHA_BLOCK_SIZE;
       src += 3*CHACHA_BLOCK_SIZE;
     }
-  _chacha_core (x, ctx->state, CHACHA_ROUNDS);
-  ctx->state[13] += (++ctx->state[12] == 0);
-
-  if (length > CHACHA_BLOCK_SIZE)
+  if (length <= CHACHA_BLOCK_SIZE)
     {
-      _chacha_core (x + _CHACHA_STATE_LENGTH, ctx->state, CHACHA_ROUNDS);
+      _chacha_core (x, ctx->state, CHACHA_ROUNDS);
       ctx->state[13] += (++ctx->state[12] == 0);
     }
+  else
+    {
+      _chacha_3core (x, ctx->state, CHACHA_ROUNDS);
+      ctx->state[12] += 2;
+      ctx->state[13] += (ctx->state[12] < 2);
+    }
   memxor3 (dst, src, x, length);
 }
 #else
author	Niels Möller <nisse@lysator.liu.se>	2020-07-14 16:44:36 +0200
committer	Niels Möller <nisse@lysator.liu.se>	2020-07-14 16:44:36 +0200
commit	b2975f7fa8c1bcd4e2cee9ab6ce5f21d00c30c57 (patch)
tree	47911ae683fca5b580a3516fdbea0f9a5c0cd5a9 /chacha-crypt.c
parent	c23a5f17ab3ec653267cd9131949ee7b5b5c5c27 (diff)
download	nettle-b2975f7fa8c1bcd4e2cee9ab6ce5f21d00c30c57.tar.gz