diff --git a/src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c b/src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c
index 2d0c9ff9..ef000d16 100644
--- a/src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c
+++ b/src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c
@@ -23,6 +23,15 @@
 
 static const unsigned char _pad0[16] = { 0 };
 
+static inline void
+_crypto_secretstream_xchacha20poly1305_counter_reset
+    (crypto_secretstream_xchacha20poly1305_state *state)
+{
+    memset(STATE_COUNTER(state), 0,
+           crypto_secretstream_xchacha20poly1305_COUNTERBYTES);
+    STATE_COUNTER(state)[0] = 1;
+}
+
 void
 crypto_secretstream_xchacha20poly1305_keygen
    (unsigned char k[crypto_secretstream_xchacha20poly1305_KEYBYTES])
@@ -47,7 +56,7 @@ crypto_secretstream_xchacha20poly1305_init_push
 
     randombytes_buf(out, crypto_secretstream_xchacha20poly1305_HEADERBYTES);
     crypto_core_hchacha20(state->k, out, k, NULL);
-    memset(STATE_COUNTER(state), 0, crypto_secretstream_xchacha20poly1305_COUNTERBYTES);
+    _crypto_secretstream_xchacha20poly1305_counter_reset(state);
     memcpy(STATE_INONCE(state), out + crypto_core_hchacha20_INPUTBYTES,
            crypto_secretstream_xchacha20poly1305_INONCEBYTES);
     memset(state->_pad, 0, sizeof state->_pad);
@@ -62,7 +71,7 @@ crypto_secretstream_xchacha20poly1305_init_pull
     const unsigned char k[crypto_secretstream_xchacha20poly1305_KEYBYTES])
 {
     crypto_core_hchacha20(state->k, in, k, NULL);
-    memset(STATE_COUNTER(state), 0, crypto_secretstream_xchacha20poly1305_COUNTERBYTES);
+    _crypto_secretstream_xchacha20poly1305_counter_reset(state);
     memcpy(STATE_INONCE(state), in + crypto_core_hchacha20_INPUTBYTES,
            crypto_secretstream_xchacha20poly1305_INONCEBYTES);
     memset(state->_pad, 0, sizeof state->_pad);
@@ -95,8 +104,7 @@ crypto_secretstream_xchacha20poly1305_rekey
         STATE_INONCE(state)[i] =
             new_key_and_inonce[crypto_stream_chacha20_ietf_KEYBYTES + i];
     }
-    memset(STATE_COUNTER(state), 0,
-           crypto_secretstream_xchacha20poly1305_COUNTERBYTES);
+    _crypto_secretstream_xchacha20poly1305_counter_reset(state);
 }
 
 int
diff --git a/test/default/secretstream.c b/test/default/secretstream.c
index b3cefc97..6e842e98 100644
--- a/test/default/secretstream.c
+++ b/test/default/secretstream.c
@@ -219,7 +219,8 @@ main(void)
 
     assert(memcmp(state_copy.k, state->k, sizeof state->k) != 0);
     assert(memcmp(state_copy.nonce, state->nonce, sizeof state->nonce) != 0);
-    assert(sodium_is_zero(state->nonce, 4U));
+    assert(state->nonce[0] == 1U);
+    assert(sodium_is_zero(state->nonce + 1, 3U));
 
     ret = crypto_secretstream_xchacha20poly1305_init_pull(state, header, k);
     assert(ret == 0);