Clarify the documentation on the use of ChaCha20

author Matt Caswell <matt@openssl.org>

Thu, 18 Apr 2019 09:54:58 +0000 (10:54 +0100)

committer Matt Caswell <matt@openssl.org>

Fri, 19 Apr 2019 08:42:31 +0000 (09:42 +0100)
author Matt Caswell <matt@openssl.org>
Thu, 18 Apr 2019 09:54:58 +0000 (10:54 +0100)
committer Matt Caswell <matt@openssl.org>
Fri, 19 Apr 2019 08:42:31 +0000 (09:42 +0100)
diff --git a/doc/man3/EVP_chacha20.pod b/doc/man3/EVP_chacha20.pod

index 96da825cded4b1de62ecaf5b51925d0abfbb7888..4636a1e9cc23ca288064ad98dbb9f2dea38349b5 100644 (file)
--- a/doc/man3/EVP_chacha20.pod
+++ b/doc/man3/EVP_chacha20.pod
@@ -21,7 +21,15 @@ The ChaCha20 stream cipher for EVP.
  
  =item EVP_chacha20()
  
-The ChaCha20 stream cipher. The key length is 256 bits, the IV is 96 bits long.
+The ChaCha20 stream cipher. The key length is 256 bits, the IV is 128 bits long.
+The first 32 bits consists of a counter in little-endian order followed by a 96
+bit nonce. For example a nonce of:
+
+000000000000000000000002
+
+With an initial counter of 42 (2a in hex) would be expressed as:
+
+2a000000000000000000000000000002
  
  =item EVP_chacha20_poly1305()
author	Matt Caswell <matt@openssl.org>
	Thu, 18 Apr 2019 09:54:58 +0000 (10:54 +0100)
committer	Matt Caswell <matt@openssl.org>
	Fri, 19 Apr 2019 08:42:31 +0000 (09:42 +0100)