1 files changed, 38 insertions, 17 deletions

diff --git a/src/pkg/crypto/cipher/ctr.go b/src/pkg/crypto/cipher/ctr.go
index d9ee9d827..70ac40f6a 100644
--- a/src/pkg/crypto/cipher/ctr.go
+++ b/src/pkg/crypto/cipher/ctr.go
@@ -19,37 +19,58 @@ type ctr struct {
 	outUsed int
 }
 
+const streamBufferSize = 512
+
 // NewCTR returns a Stream which encrypts/decrypts using the given Block in
 // counter mode. The length of iv must be the same as the Block's block size.
 func NewCTR(block Block, iv []byte) Stream {
 	if len(iv) != block.BlockSize() {
 		panic("cipher.NewCTR: IV length must equal block size")
 	}
-
+	bufSize := streamBufferSize
+	if bufSize < block.BlockSize() {
+		bufSize = block.BlockSize()
+	}
 	return &ctr{
 		b:       block,
 		ctr:     dup(iv),
-		out:     make([]byte, len(iv)),
-		outUsed: len(iv),
+		out:     make([]byte, 0, bufSize),
+		outUsed: 0,
 	}
 }
 
-func (x *ctr) XORKeyStream(dst, src []byte) {
-	for i := 0; i < len(src); i++ {
-		if x.outUsed == len(x.ctr) {
-			x.b.Encrypt(x.out, x.ctr)
-			x.outUsed = 0
-
-			// Increment counter
-			for i := len(x.ctr) - 1; i >= 0; i-- {
-				x.ctr[i]++
-				if x.ctr[i] != 0 {
-					break
-				}
+func (x *ctr) refill() {
+	remain := len(x.out) - x.outUsed
+	if remain > x.outUsed {
+		return
+	}
+	copy(x.out, x.out[x.outUsed:])
+	x.out = x.out[:cap(x.out)]
+	bs := x.b.BlockSize()
+	for remain < len(x.out)-bs {
+		x.b.Encrypt(x.out[remain:], x.ctr)
+		remain += bs
+
+		// Increment counter
+		for i := len(x.ctr) - 1; i >= 0; i-- {
+			x.ctr[i]++
+			if x.ctr[i] != 0 {
+				break
 			}
 		}
+	}
+	x.out = x.out[:remain]
+	x.outUsed = 0
+}
 
-		dst[i] = src[i] ^ x.out[x.outUsed]
-		x.outUsed++
+func (x *ctr) XORKeyStream(dst, src []byte) {
+	for len(src) > 0 {
+		if x.outUsed >= len(x.out)-x.b.BlockSize() {
+			x.refill()
+		}
+		n := xorBytes(dst, src, x.out[x.outUsed:])
+		dst = dst[n:]
+		src = src[n:]
+		x.outUsed += n
 	}
 }