doc: note that out ChaCha20 isn't standard compliant.

author Pauli <pauli@openssl.org>

Wed, 31 May 2023 23:51:46 +0000 (09:51 +1000)

committer Pauli <pauli@openssl.org>

Tue, 6 Jun 2023 01:03:16 +0000 (11:03 +1000)
author Pauli <pauli@openssl.org>
Wed, 31 May 2023 23:51:46 +0000 (09:51 +1000)
committer Pauli <pauli@openssl.org>
Tue, 6 Jun 2023 01:03:16 +0000 (11:03 +1000)
diff --git a/doc/man3/EVP_chacha20.pod b/doc/man3/EVP_chacha20.pod

index 28ab25bf7188915bb52e8a3d6db2713e86b81ab5..683faa326e145309277cd0e9ec051f86087867f4 100644 (file)
--- a/doc/man3/EVP_chacha20.pod
+++ b/doc/man3/EVP_chacha20.pod
@@ -22,10 +22,10 @@ The ChaCha20 stream cipher for EVP.
  =item EVP_chacha20()
  
  The ChaCha20 stream cipher. The key length is 256 bits, the IV is 128 bits long.
-The first 32 bits consists of a counter in little-endian order followed by a 96
+The first 64 bits consists of a counter in little-endian order followed by a 64
  bit nonce. For example a nonce of:
  
-000000000000000000000002
+0000000000000002
  
  With an initial counter of 42 (2a in hex) would be expressed as:
  
@@ -47,6 +47,9 @@ calling these functions multiple times and should consider using
  L<EVP_CIPHER_fetch(3)> instead.
  See L<crypto(7)/Performance> for further information.
  
+L<RFC 7539|https://www.rfc-editor.org/rfc/rfc7539.html#section-2.4>
+uses a 32 bit counter and a 96 bit nonce for the IV.
+
  =head1 RETURN VALUES
  
  These functions return an B<EVP_CIPHER> structure that contains the
author	Pauli <pauli@openssl.org>
	Wed, 31 May 2023 23:51:46 +0000 (09:51 +1000)
committer	Pauli <pauli@openssl.org>
	Tue, 6 Jun 2023 01:03:16 +0000 (11:03 +1000)