From 916e6512ac4a0ded2bdeeaf74a4f3e2b76e22277 Mon Sep 17 00:00:00 2001
From: Michael Savage <mikejsavage@gmail.com>
Date: Sat, 30 Dec 2017 11:04:16 +0000
Subject: [PATCH] Apply Loup's feedback

---
 doc/man/man3/crypto_lock_init.3monocypher            | 7 +++----
 doc/man/man3/crypto_sign_init_first_pass.3monocypher | 9 +++++----
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/doc/man/man3/crypto_lock_init.3monocypher b/doc/man/man3/crypto_lock_init.3monocypher
index db38f52..c9371c4 100644
--- a/doc/man/man3/crypto_lock_init.3monocypher
+++ b/doc/man/man3/crypto_lock_init.3monocypher
@@ -235,10 +235,9 @@ XChacha20 derives from Chacha20 the same way XSalsa20 derives from
 Salsa20, and benefits from the same security reduction (proven secure
 as long as Chacha20 itself is secure).
 .Sh SECURITY CONSIDERATIONS
-Messages must be completely decrypted before they can be verified.
-Make sure to call
-.Fn crypto_unlock_final ,
-and make sure to check its return value
+Messages are not verified until the call to
+.Fn crypto_unlock_final .
+Make sure to call it and check the return value
 .Em before
 processing the message.
 Messages may be stored before they are verified, but they cannot be
diff --git a/doc/man/man3/crypto_sign_init_first_pass.3monocypher b/doc/man/man3/crypto_sign_init_first_pass.3monocypher
index 3797fda..f96faea 100644
--- a/doc/man/man3/crypto_sign_init_first_pass.3monocypher
+++ b/doc/man/man3/crypto_sign_init_first_pass.3monocypher
@@ -168,7 +168,7 @@ This is the same as Ed25519, with Blake2b instead of SHA-512.
 Ed25519 is described in RFC 7748.
 .Sh SECURITY CONSIDERATIONS
 Messages are not verified until the call to
-.Xr crypto_check_final .
+.Fn crypto_check_final .
 Messages may be stored before they are verified, but they cannot be
 .Em trusted .
 Processing untrusted messages increases the attack surface of the
@@ -176,9 +176,10 @@ system.
 Doing so securely is hard.
 Do not process messages before calling
 .Fn crypto_check_final .
-Additionally, the security considerations documented in
-.Xr crypto_sign 3monocypher ,
-apply here too.
+.Pp
+When signing messages, the security considerations documented in
+.Xr crypto_sign 3monocypher
+also apply.
 .Sh IMPLEMENTATION DETAILS
 EdDSA signatures require two passes that cannot be performed in
 parallel.
-- 
2.47.3