Clarify the documentation on the use of ChaCha20
authorMatt Caswell <matt@openssl.org>
Thu, 18 Apr 2019 09:54:58 +0000 (10:54 +0100)
committerMatt Caswell <matt@openssl.org>
Fri, 19 Apr 2019 08:42:31 +0000 (09:42 +0100)
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8780)

(cherry picked from commit 6f3aae256d62cfcc48c07cc0ead5080b070f371b)

doc/man3/EVP_chacha20.pod

index 96da825cded4b1de62ecaf5b51925d0abfbb7888..4636a1e9cc23ca288064ad98dbb9f2dea38349b5 100644 (file)
@@ -21,7 +21,15 @@ The ChaCha20 stream cipher for EVP.
 
 =item EVP_chacha20()
 
-The ChaCha20 stream cipher. The key length is 256 bits, the IV is 96 bits long.
+The ChaCha20 stream cipher. The key length is 256 bits, the IV is 128 bits long.
+The first 32 bits consists of a counter in little-endian order followed by a 96
+bit nonce. For example a nonce of:
+
+000000000000000000000002
+
+With an initial counter of 42 (2a in hex) would be expressed as:
+
+2a000000000000000000000000000002
 
 =item EVP_chacha20_poly1305()