svn commit: r285065 - head/share/man/man9

John-Mark Gurney jmg at FreeBSD.org
Fri Jul 3 00:37:17 UTC 2015 

Author: jmg
Date: Fri Jul  3 00:37:16 2015
New Revision: 285065
URL: https://svnweb.freebsd.org/changeset/base/285065

Log:
  update the documentation of the _IV_ flags...  _IV_PRESENT doesn't
  mean what you think it should...  This will be fixed in the future
  with a flag rename, but document what the flag really does and make
  the _IV_ flags clear what their presents (or lack there of) means...
  
  Reviewed by:	gnn, eri (both earlier version)

Modified:
  head/share/man/man9/crypto.9

Modified: head/share/man/man9/crypto.9
==============================================================================
--- head/share/man/man9/crypto.9	Thu Jul  2 22:23:52 2015	(r285064)
+++ head/share/man/man9/crypto.9	Fri Jul  3 00:37:16 2015	(r285065)
@@ -17,7 +17,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd December 12, 2014
+.Dd July 2, 2015
 .Dt CRYPTO 9
 .Os
 .Sh NAME
@@ -333,13 +333,13 @@ on the input buffer.
 The various fields are:
 .Bl -tag -width ".Va crd_inject"
 .It Va crd_iv
-The field where IV should be provided when the
+When the flag
 .Dv CRD_F_IV_EXPLICIT
-flag is given.
+is set, this field contains the IV.
 .It Va crd_key
 When the
 .Dv CRD_F_KEY_EXPLICIT
-flag is given, the
+flag is set, the
 .Va crd_key
 points to a buffer with encryption or authentication key.
 .It Va crd_alg
@@ -370,15 +370,14 @@ The following flags are defined:
 For encryption algorithms, this bit is set when encryption is required
 (when not set, decryption is performed).
 .It Dv CRD_F_IV_PRESENT
-For encryption, this bit is set when the IV already
-precedes the data, so the
-.Va crd_inject
-value will be ignored and no IV will be written in the buffer.
-Otherwise, the IV used to encrypt the packet will be written
-at the location pointed to by
+.\" This flag name has nothing to do w/ it's behavior, fix the name.
+For encryption, if this bit is not set the IV used to encrypt the packet
+will be written at the location pointed to by
 .Va crd_inject .
 The IV length is assumed to be equal to the blocksize of the
 encryption algorithm.
+For encryption, if this bit is set, nothing is done.
+For decryption, this flag has no meaning.
 Applications that do special
 .Dq "IV cooking" ,
 such as the half-IV mode in
@@ -388,7 +387,7 @@ This flag is typically used in conjuncti
 .Dv CRD_F_IV_EXPLICIT
 flag.
 .It Dv CRD_F_IV_EXPLICIT
-For encryption algorithms, this bit is set when the IV is explicitly
+This bit is set when the IV is explicitly
 provided by the consumer in the
 .Va crd_iv
 field.

More information about the svn-src-all mailing list