From a054d15c22c501d33e1382bb09ba80bac08c2738 Mon Sep 17 00:00:00 2001
From: Shane Lontis <shane.lontis@oracle.com>
Date: Thu, 17 Dec 2020 16:39:57 +1000
Subject: Replace provider cipher flags with separate param fields

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13830)
---
 doc/man7/provider-cipher.pod | 28 +++++++++++++++++++++-------
 1 file changed, 21 insertions(+), 7 deletions(-)

(limited to 'doc/man7')

diff --git a/doc/man7/provider-cipher.pod b/doc/man7/provider-cipher.pod
index 3ab277ecf9..34a5ec0a7f 100644
--- a/doc/man7/provider-cipher.pod
+++ b/doc/man7/provider-cipher.pod
@@ -218,13 +218,27 @@ For example AES in CTR mode has a block size of 1 (because it operates like a
 stream cipher), even though AES has a block size of 16.
 The length of the "blocksize" parameter should not exceed that of a B<size_t>.
 
-=item "flags" (B<OSSL_CIPHER_PARAM_FLAGS>) <unsigned integer>
+=item "aead" (B<OSSL_CIPHER_PARAM_AEAD>) <integer>
 
-Gets any flags for the associated cipher algorithm.
-See L<EVP_CIPHER_meth_set_flags(3)> for a list of currently defined cipher
-flags.
-The length of the "flags" parameter should equal that of an
-B<unsigned long int>.
+Gets 1 if this is an AEAD cipher algorithm, otherwise it gets 0.
+
+=item "custom-iv" (B<OSSL_CIPHER_PARAM_CUSTOM_IV>) <integer>
+
+Gets 1 if the cipher algorithm has a custom IV, otherwise it gets 0.
+Storing and initializing the IV is left entirely to the implementation, if a
+custom IV is used.
+
+=item "cts" (B<OSSL_CIPHER_PARAM_CTS>) <integer>
+
+Gets 1 if the cipher algorithm uses ciphertext stealing, otherwise it gets 0.
+This is currently used to indicate that the cipher is a one shot that only
+allows a single call to EVP_CipherUpdate().
+
+=item "tls-multi" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK>) <integer>
+
+Gets 1 if the cipher algorithm supports interleaving of crypto blocks, otherwise
+it gets 0. The interleaving is an optimization only applicable to certain
+TLS ciphers.
 
 =item "keylen" (B<OSSL_CIPHER_PARAM_KEYLEN>) <unsigned integer>
 
@@ -263,7 +277,7 @@ See L<EVP_EncryptInit(3)/AEAD Interface>.
 =item "taglen" (B<OSSL_CIPHER_PARAM_AEAD_TAGLEN>) <unsigned integer>
 
 Gets the tag length to be used for an AEAD cipher for the associated cipher ctx.
-It returns a default value if it has not been set.
+It gets a default value if it has not been set.
 The length of the "taglen" parameter should not exceed that of a B<size_t>.
 
 =item "tlsaad" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_AAD>) <octet string>
-- 
cgit v1.2.3