RustCrypto · newpavlov · Mar 4, 2026 · Mar 4, 2026 · Mar 4, 2026 · Mar 4, 2026
diff --git a/chacha20/src/backends/neon.rs b/chacha20/src/backends/neon.rs
@@ -180,10 +180,9 @@ impl<R: Rounds, V: Variant> StreamCipherBackend for Backend<R, V> {
                 }
                 // write blocks to dest
                 for state_row in 0..4 {
-                    #[allow(clippy::cast_sign_loss, reason = "needs triage")]
                     vst1q_u8(
-                        dest[block].as_mut_ptr().offset(state_row << 4),
-                        vreinterpretq_u8_u32(blocks[block][state_row as usize]),
+                        dest[block].as_mut_ptr().add(state_row << 4),
+                        vreinterpretq_u8_u32(blocks[block][state_row]),
                     );
                 }
             }

diff --git a/chacha20/src/legacy.rs b/chacha20/src/legacy.rs
@@ -15,7 +15,7 @@ use crate::variants::Legacy;
 /// The ChaCha20 stream cipher (legacy "djb" construction with 64-bit nonce).
 pub type ChaCha20Legacy = StreamCipherCoreWrapper<ChaCha20LegacyCore>;
 
-/// /// The ChaCha20 stream cipher (legacy "djb" construction with 64-bit nonce).
+/// The ChaCha20 stream cipher (legacy "djb" construction with 64-bit nonce).
 pub type ChaCha20LegacyCore = ChaChaCore<R20, Legacy>;
 
 impl KeySizeUser for ChaCha20LegacyCore {

diff --git a/chacha20/src/rng.rs b/chacha20/src/rng.rs
@@ -193,7 +193,7 @@ macro_rules! impl_chacha_rng {
         impl $Rng {
             /// Get the offset from the start of the stream, in 32-bit words.
             ///
-            /// Since the generated blocks are 64 words (2<sup>6</sup>) long and the
+            /// Since the generated blocks are 16 words (2<sup>4</sup>) long and the
             /// counter is 64-bits, the offset is a 68-bit number. Sub-word offsets are
             /// not supported, hence the result can simply be multiplied by 4 to get a
             /// byte-offset.
@@ -252,7 +252,7 @@ macro_rules! impl_chacha_rng {
                 let counter = self.core.core.get_block_pos();
                 let offset = self.core.word_offset();
                 if offset != 0 {
-                    counter - u64::from(BUF_BLOCKS) + offset as u64 / 16
+                    counter - u64::from(BUF_BLOCKS) + offset as u64 / u64::from(BLOCK_WORDS)
                 } else {
                     counter
                 }

diff --git a/chacha20/tests/rng.rs b/chacha20/tests/rng.rs
@@ -125,11 +125,12 @@ fn test_chacha_true_values_c() {
     // Test block 2 by using `set_block_pos` and [u8; 8]
     let mut rng4 = ChaCha20Rng::from_seed(seed);
     rng4.set_block_pos(2);
-    results = [0u32; 16];
-    for i in results.iter_mut() {
-        *i = rng4.next_u32();
+    let mut buf = [0u8; 8];
+    for chunk in expected.chunks_exact(2) {
+        rng4.fill_bytes(&mut buf);
+        assert_eq!(buf[..4], chunk[0].to_le_bytes());
+        assert_eq!(buf[4..], chunk[1].to_le_bytes());
     }
-    assert_eq!(results, expected);
     assert_eq!(rng4.get_word_pos(), expected_end);
 
     // Test skipping behaviour with other types