Minor fixes for chacha comments and docs.

author: Niels Möller <nisse@lysator.liu.se> 2020-03-09 22:15:21 +0100
committer: Niels Möller <nisse@lysator.liu.se> 2020-03-09 22:15:21 +0100
commit: dedba6ff09f78b96dbc5a2b3a13fb8825f438d3c (patch)
tree: c4e6e0fee1584c5512ed762ea82bfeb66e1c9a0d
parent: 85a2b7f27bce13683a3aade7e0005edee202e045 (diff)
download: nettle-dedba6ff09f78b96dbc5a2b3a13fb8825f438d3c.tar.gz
2 files changed, 2 insertions, 2 deletions
diff --git a/chacha-crypt.c b/chacha-crypt.c
index 0bb44ed9..1797bd02 100644
--- a/chacha-crypt.c
+++ b/chacha-crypt.c
@@ -103,7 +103,7 @@ chacha_crypt32(struct chacha_ctx *ctx,
 
       ++ctx->state[12];
 
-      /* stopping at 2^70 length per nonce is user's responsibility */
+      /* stopping at 2^38 length per nonce is user's responsibility */
 
       if (length <= CHACHA_BLOCK_SIZE)
 	{
diff --git a/nettle.texinfo b/nettle.texinfo
index 418f46d8..ff64889c 100644
--- a/nettle.texinfo
+++ b/nettle.texinfo
@@ -3328,7 +3328,7 @@ defines a similar construction but with Salsa20 instead of ChaCha.
 Nettle's implementation of ChaCha-Poly1305 follows @cite{RFC 8439},
 where the ChaCha cipher is initialized with a 12-byte nonce and a 4-byte
 block counter. This allows up to 256 gigabytes of data to be encrypted
-using the same key.
+using the same key and nonce.
 
 For ChaCha-Poly1305, the ChaCha cipher is initialized with a key, of 256
 bits, and a per-message nonce. The first block of the key stream
author	Niels Möller <nisse@lysator.liu.se>	2020-03-09 22:15:21 +0100
committer	Niels Möller <nisse@lysator.liu.se>	2020-03-09 22:15:21 +0100
commit	dedba6ff09f78b96dbc5a2b3a13fb8825f438d3c (patch)
tree	c4e6e0fee1584c5512ed762ea82bfeb66e1c9a0d
parent	85a2b7f27bce13683a3aade7e0005edee202e045 (diff)
download	nettle-dedba6ff09f78b96dbc5a2b3a13fb8825f438d3c.tar.gz