diff options
author | jmg <jmg@FreeBSD.org> | 2015-07-03 00:37:16 +0000 |
---|---|---|
committer | jmg <jmg@FreeBSD.org> | 2015-07-03 00:37:16 +0000 |
commit | 4fc5e01d2ed52f740fe1defd507102edd38157a7 (patch) | |
tree | f72a9b001b17d78b6f1395273edc28147d76e437 /share | |
parent | baac4d6f2d398d591b8d67e3ec49d18469ab7cfa (diff) | |
download | FreeBSD-src-4fc5e01d2ed52f740fe1defd507102edd38157a7.zip FreeBSD-src-4fc5e01d2ed52f740fe1defd507102edd38157a7.tar.gz |
update the documentation of the _IV_ flags... _IV_PRESENT doesn't
mean what you think it should... This will be fixed in the future
with a flag rename, but document what the flag really does and make
the _IV_ flags clear what their presents (or lack there of) means...
Reviewed by: gnn, eri (both earlier version)
Diffstat (limited to 'share')
-rw-r--r-- | share/man/man9/crypto.9 | 21 |
1 files changed, 10 insertions, 11 deletions
diff --git a/share/man/man9/crypto.9 b/share/man/man9/crypto.9 index 7acfbea..3c4dae3 100644 --- a/share/man/man9/crypto.9 +++ b/share/man/man9/crypto.9 @@ -17,7 +17,7 @@ .\" .\" $FreeBSD$ .\" -.Dd December 12, 2014 +.Dd July 2, 2015 .Dt CRYPTO 9 .Os .Sh NAME @@ -333,13 +333,13 @@ on the input buffer. The various fields are: .Bl -tag -width ".Va crd_inject" .It Va crd_iv -The field where IV should be provided when the +When the flag .Dv CRD_F_IV_EXPLICIT -flag is given. +is set, this field contains the IV. .It Va crd_key When the .Dv CRD_F_KEY_EXPLICIT -flag is given, the +flag is set, the .Va crd_key points to a buffer with encryption or authentication key. .It Va crd_alg @@ -370,15 +370,14 @@ The following flags are defined: For encryption algorithms, this bit is set when encryption is required (when not set, decryption is performed). .It Dv CRD_F_IV_PRESENT -For encryption, this bit is set when the IV already -precedes the data, so the -.Va crd_inject -value will be ignored and no IV will be written in the buffer. -Otherwise, the IV used to encrypt the packet will be written -at the location pointed to by +.\" This flag name has nothing to do w/ it's behavior, fix the name. +For encryption, if this bit is not set the IV used to encrypt the packet +will be written at the location pointed to by .Va crd_inject . The IV length is assumed to be equal to the blocksize of the encryption algorithm. +For encryption, if this bit is set, nothing is done. +For decryption, this flag has no meaning. Applications that do special .Dq "IV cooking" , such as the half-IV mode in @@ -388,7 +387,7 @@ This flag is typically used in conjunction with the .Dv CRD_F_IV_EXPLICIT flag. .It Dv CRD_F_IV_EXPLICIT -For encryption algorithms, this bit is set when the IV is explicitly +This bit is set when the IV is explicitly provided by the consumer in the .Va crd_iv field. |