1 files changed, 5 insertions, 3 deletions

diff --git a/cipher-chachapoly.c b/cipher-chachapoly.c
index 0caccd297..8665b41a3 100644
--- a/cipher-chachapoly.c
+++ b/cipher-chachapoly.c
@@ -14,7 +14,7 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $OpenBSD: cipher-chachapoly.c,v 1.5 2014/06/24 01:13:21 djm Exp $ */
+/* $OpenBSD: cipher-chachapoly.c,v 1.6 2014/07/03 12:42:16 jsing Exp $ */
 
 #include "includes.h"
 
@@ -65,8 +65,6 @@ chachapoly_crypt(struct chachapoly_ctx *ctx, u_int seqnr, u_char *dest,
         chacha_ivsetup(&ctx->main_ctx, seqbuf, NULL);
         chacha_encrypt_bytes(&ctx->main_ctx,
             poly_key, poly_key, sizeof(poly_key));
-        /* Set Chacha's block counter to 1 */
-        chacha_ivsetup(&ctx->main_ctx, seqbuf, one);
 
         /* If decrypting, check tag before anything else */
         if (!do_encrypt) {
@@ -78,11 +76,15 @@ chachapoly_crypt(struct chachapoly_ctx *ctx, u_int seqnr, u_char *dest,
                         goto out;
                 }
         }
+
         /* Crypt additional data */
         if (aadlen) {
                 chacha_ivsetup(&ctx->header_ctx, seqbuf, NULL);
                 chacha_encrypt_bytes(&ctx->header_ctx, src, dest, aadlen);
         }
+
+        /* Set Chacha's block counter to 1 */
+        chacha_ivsetup(&ctx->main_ctx, seqbuf, one);
         chacha_encrypt_bytes(&ctx->main_ctx, src + aadlen,
             dest + aadlen, len);