Date: Fri, 3 Jul 2015 00:37:17 +0000 (UTC) From: John-Mark Gurney <jmg@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r285065 - head/share/man/man9 Message-ID: <201507030037.t630bHZn000830@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jmg Date: Fri Jul 3 00:37:16 2015 New Revision: 285065 URL: https://svnweb.freebsd.org/changeset/base/285065 Log: update the documentation of the _IV_ flags... _IV_PRESENT doesn't mean what you think it should... This will be fixed in the future with a flag rename, but document what the flag really does and make the _IV_ flags clear what their presents (or lack there of) means... Reviewed by: gnn, eri (both earlier version) Modified: head/share/man/man9/crypto.9 Modified: head/share/man/man9/crypto.9 ============================================================================== --- head/share/man/man9/crypto.9 Thu Jul 2 22:23:52 2015 (r285064) +++ head/share/man/man9/crypto.9 Fri Jul 3 00:37:16 2015 (r285065) @@ -17,7 +17,7 @@ .\" .\" $FreeBSD$ .\" -.Dd December 12, 2014 +.Dd July 2, 2015 .Dt CRYPTO 9 .Os .Sh NAME @@ -333,13 +333,13 @@ on the input buffer. The various fields are: .Bl -tag -width ".Va crd_inject" .It Va crd_iv -The field where IV should be provided when the +When the flag .Dv CRD_F_IV_EXPLICIT -flag is given. +is set, this field contains the IV. .It Va crd_key When the .Dv CRD_F_KEY_EXPLICIT -flag is given, the +flag is set, the .Va crd_key points to a buffer with encryption or authentication key. .It Va crd_alg @@ -370,15 +370,14 @@ The following flags are defined: For encryption algorithms, this bit is set when encryption is required (when not set, decryption is performed). .It Dv CRD_F_IV_PRESENT -For encryption, this bit is set when the IV already -precedes the data, so the -.Va crd_inject -value will be ignored and no IV will be written in the buffer. -Otherwise, the IV used to encrypt the packet will be written -at the location pointed to by +.\" This flag name has nothing to do w/ it's behavior, fix the name. +For encryption, if this bit is not set the IV used to encrypt the packet +will be written at the location pointed to by .Va crd_inject . The IV length is assumed to be equal to the blocksize of the encryption algorithm. +For encryption, if this bit is set, nothing is done. +For decryption, this flag has no meaning. Applications that do special .Dq "IV cooking" , such as the half-IV mode in @@ -388,7 +387,7 @@ This flag is typically used in conjuncti .Dv CRD_F_IV_EXPLICIT flag. .It Dv CRD_F_IV_EXPLICIT -For encryption algorithms, this bit is set when the IV is explicitly +This bit is set when the IV is explicitly provided by the consumer in the .Va crd_iv field.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201507030037.t630bHZn000830>