Align the documentation of EVP_chacha20() with actual behavior

Incorrect OpenSSL documentation was moved here and inherited parts of a
comment that was fixed in evp/e_chacha.c r1.13. Adjust the manual page
accordingly.

Discussed with schwarze

diff --git a/lib/libcrypto/man/EVP_chacha20.3 b/lib/libcrypto/man/EVP_chacha20.3
index 0dcd7a1..55e730e 100644 (file)
--- a/lib/libcrypto/man/EVP_chacha20.3
+++ b/lib/libcrypto/man/EVP_chacha20.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_chacha20.3,v 1.4 2023/08/23 13:46:42 schwarze Exp $
+.\" $OpenBSD: EVP_chacha20.3,v 1.5 2023/08/24 04:23:30 tb Exp $
 .\" full merge up to: OpenSSL 35fd9953 May 28 14:49:38 2019 +0200
 .\"
 .\" This file is a derived work.
@@ -65,7 +65,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 23 2023 $
+.Dd $Mdocdate: August 24 2023 $
 .Dt EVP_CHACHA20 3
 .Os
 .Sh NAME
@@ -93,11 +93,11 @@ argument of 16 bytes = 128 bits, internally using
 .Xr ChaCha_set_key 3
 and
 .Xr ChaCha_set_iv 3 .
-Due to the symmetry of the internal cipher state, interpreting the
+The lower 8 bytes = 64 bits of
 .Fa iv
-argument as a 4 byte counter followed by a 12 byte nonce
-or interpreting it as an 8 byte counter followed by an 8 byte nonce
-is functionally equivalent.
+are used as counter and the remaining 8 bytes are used as
+the initialization vector of
+.Xr ChaCha_set_iv 3 .
 .Xr EVP_EncryptUpdate 3 ,
 .Xr EVP_EncryptFinal_ex 3 ,
 .Xr EVP_DecryptUpdate 3 ,