Hello, After reading the blog post here: http://insanecoding.blogspot.com/2014/06/avoid-incorrect-chacha20-implementations.html I went to test the implementation found here: http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/src/crypto/chacha/
It seems that the implementation fails just like described in the blog post, as soon as ChaCha() is called with a length which is not a multiple of 64, all further uses of the method produce incorrect results. The blog's author provided an implementation which does not suffer from this problem, along with test vectors: http://chacha20.insanecoding.org/ The license on that code appears to be friendly, although I don't know if the code itself is any good. J
