diff --git a/src/libsodium/Makefile.am b/src/libsodium/Makefile.am
index fef73783..f59e0e84 100644
--- a/src/libsodium/Makefile.am
+++ b/src/libsodium/Makefile.am
@@ -192,7 +192,8 @@ libsodium_la_SOURCES += \
 	crypto_stream/salsa2012/ref/xor_salsa2012.c \
 	crypto_stream/salsa208/stream_salsa208_api.c \
 	crypto_stream/salsa208/ref/stream_salsa208.c \
-	crypto_stream/salsa208/ref/xor_salsa208.c
+	crypto_stream/salsa208/ref/xor_salsa208.c \
+	crypto_stream/xchacha20/stream_xchacha20.c
 endif
 
 libsodium_la_LDFLAGS = \
diff --git a/src/libsodium/crypto_stream/xchacha20/stream_xchacha20.c b/src/libsodium/crypto_stream/xchacha20/stream_xchacha20.c
new file mode 100644
index 00000000..1af0a991
--- /dev/null
+++ b/src/libsodium/crypto_stream/xchacha20/stream_xchacha20.c
@@ -0,0 +1,53 @@
+
+#include <stdlib.h>
+#include <assert.h>
+
+#include "crypto_core_hchacha20.h"
+#include "crypto_stream_chacha20.h"
+#include "crypto_stream_xchacha20.h"
+
+size_t
+crypto_stream_xchacha20_keybytes(void) {
+    return crypto_stream_xchacha20_KEYBYTES;
+}
+
+size_t
+crypto_stream_xchacha20_noncebytes(void) {
+    return crypto_stream_xchacha20_NONCEBYTES;
+}
+
+int
+crypto_stream_xchacha20(unsigned char *c, unsigned long long clen,
+                        const unsigned char *n, const unsigned char *k)
+{
+    unsigned char k2[crypto_core_hchacha20_OUTPUTBYTES];
+
+    crypto_core_hchacha20(k2, n, k, NULL);
+    assert(crypto_stream_chacha20_KEYBYTES <= sizeof k2);
+    assert(crypto_stream_chacha20_NONCEBYTES ==
+           (sizeof n) - crypto_core_hchacha20_INPUTBYTES);
+    return crypto_stream_chacha20(c, clen,
+                                  n + crypto_core_hchacha20_INPUTBYTES, k2);
+}
+
+int
+crypto_stream_xchacha20_xor_ic(unsigned char *c, const unsigned char *m,
+                               unsigned long long mlen,
+                               const unsigned char *n, uint64_t ic,
+                               const unsigned char *k)
+{
+    unsigned char k2[crypto_core_hchacha20_OUTPUTBYTES];
+
+    crypto_core_hchacha20(k2, n, k, NULL);
+    return crypto_stream_chacha20_xor_ic(c, m, mlen,
+                                         n + crypto_core_hchacha20_INPUTBYTES,
+                                         ic, k2);
+}
+
+int
+crypto_stream_xchacha20_xor(unsigned char *c, const unsigned char *m,
+                           unsigned long long mlen, const unsigned char *n,
+                           const unsigned char *k)
+{
+    return crypto_stream_xchacha20_xor_ic(c, m, mlen, n, 0U, k);
+}
diff --git a/src/libsodium/include/Makefile.am b/src/libsodium/include/Makefile.am
index 05b8ae8f..4cb58c8e 100644
--- a/src/libsodium/include/Makefile.am
+++ b/src/libsodium/include/Makefile.am
@@ -40,6 +40,7 @@ SODIUM_EXPORT = \
 	sodium/crypto_stream_salsa20.h \
 	sodium/crypto_stream_salsa2012.h \
 	sodium/crypto_stream_salsa208.h \
+	sodium/crypto_stream_xchacha20.h \
 	sodium/crypto_stream_xsalsa20.h \
 	sodium/crypto_int32.h \
 	sodium/crypto_int64.h \
diff --git a/src/libsodium/include/sodium.h b/src/libsodium/include/sodium.h
index ea0c247c..9fbbf99e 100644
--- a/src/libsodium/include/sodium.h
+++ b/src/libsodium/include/sodium.h
@@ -40,6 +40,7 @@
 #include "sodium/crypto_stream_salsa20.h"
 #include "sodium/crypto_stream_salsa2012.h"
 #include "sodium/crypto_stream_salsa208.h"
+#include "sodium/crypto_stream_xchacha20.h"
 #include "sodium/crypto_stream_xsalsa20.h"
 #include "sodium/crypto_verify_16.h"
 #include "sodium/crypto_verify_32.h"
diff --git a/src/libsodium/include/sodium/crypto_stream_xchacha20.h b/src/libsodium/include/sodium/crypto_stream_xchacha20.h
new file mode 100644
index 00000000..5da0f584
--- /dev/null
+++ b/src/libsodium/include/sodium/crypto_stream_xchacha20.h
@@ -0,0 +1,50 @@
+#ifndef crypto_stream_xchacha20_H
+#define crypto_stream_xchacha20_H
+
+/*
+ *  WARNING: This is just a stream cipher. It is NOT authenticated encryption.
+ *  While it provides some protection against eavesdropping, it does NOT
+ *  provide any security against active attacks.
+ *  Unless you know what you're doing, what you are looking for is probably
+ *  the crypto_box functions.
+ */
+
+#include <stddef.h>
+#include <stdint.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+#  pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_stream_xchacha20_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_stream_xchacha20_keybytes(void);
+
+#define crypto_stream_xchacha20_NONCEBYTES 24U
+SODIUM_EXPORT
+size_t crypto_stream_xchacha20_noncebytes(void);
+
+SODIUM_EXPORT
+int crypto_stream_xchacha20(unsigned char *c, unsigned long long clen,
+                            const unsigned char *n, const unsigned char *k);
+
+SODIUM_EXPORT
+int crypto_stream_xchacha20_xor(unsigned char *c, const unsigned char *m,
+                                unsigned long long mlen, const unsigned char *n,
+                                const unsigned char *k);
+
+SODIUM_EXPORT
+int crypto_stream_xchacha20_xor_ic(unsigned char *c, const unsigned char *m,
+                                   unsigned long long mlen,
+                                   const unsigned char *n, uint64_t ic,
+                                   const unsigned char *k);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif