From 8ea370bba1b4292e8c004e0d8e23445ffdfebcf6 Mon Sep 17 00:00:00 2001
From: Rajeev Ranjan <ranjan.rajeev@siemens.com>
Date: Tue, 30 Jan 2024 15:18:10 +0100
Subject: [PATCH] EVP_CIPHER-NULL.pod: Add NULL-HMAC-* algorithms

---
 doc/man7/EVP_CIPHER-NULL.pod | 60 +++++++++++++-----------------------
 1 file changed, 22 insertions(+), 38 deletions(-)

diff --git a/doc/man7/EVP_CIPHER-NULL.pod b/doc/man7/EVP_CIPHER-NULL.pod
index 44e07dcf1b056..dbb767099d13b 100644
--- a/doc/man7/EVP_CIPHER-NULL.pod
+++ b/doc/man7/EVP_CIPHER-NULL.pod
@@ -2,71 +2,55 @@
 
 =head1 NAME
 
-EVP_CIPHER-NULL - The NULL EVP_CIPHER implementation
+EVP_CIPHER-NULL - NULL encryption EVP_CIPHER implementation
 
 =head1 DESCRIPTION
 
-Support for a NULL symmetric encryption using the B<EVP_CIPHER> API.
-This is used when the TLS cipher suite is TLS_NULL_WITH_NULL_NULL.
-This does no encryption (just copies the data) and has a mac size of zero.
+This module provides support for NULL encryption using the B<EVP_CIPHER> API.
+It simply copies the data without any encryption.
 
-=head2 Algorithm Name
+=head2 Algorithm Names
 
-The following algorithm is available in the default provider:
+The default provider offers the following algorithms:
 
 =over 4
 
 =item "NULL"
 
-=back
-
-=head2 Parameters
-
-This implementation supports the following parameters:
-
-=head3 Gettable EVP_CIPHER parameters
-
-See L<EVP_EncryptInit(3)/Gettable EVP_CIPHER parameters>
-
-=head3 Gettable EVP_CIPHER_CTX parameters
-
-=over 4
-
-=item "keylen" (B<OSSL_CIPHER_PARAM_KEYLEN>) <unsigned integer>
-
-=item "ivlen" (B<OSSL_CIPHER_PARAM_IVLEN> and <B<OSSL_CIPHER_PARAM_AEAD_IVLEN>) <unsigned integer>
-
-=item "tls-mac" (B<OSSL_CIPHER_PARAM_TLS_MAC>) <octet ptr>
+=item "NULL-HMAC-SHA256" and "NULL-HMAC-SHA384"
 
 =back
 
-See L<EVP_EncryptInit(3)/PARAMETERS> for further information.
-
-=head3 Settable EVP_CIPHER_CTX parameters
-
-=over 4
-
-=item "tls-mac-size" (B<OSSL_CIPHER_PARAM_TLS_MAC_SIZE>) <unsigned integer>
+=head2 Parameters
 
-=back
+The parameters supported by this implementation are detailed in
+L<EVP_EncryptInit(3)/PARAMETERS>.
 
-See L<EVP_EncryptInit(3)/PARAMETERS> for further information.
+=head1 NOTES
 
-=head1 CONFORMING TO
+"NULL" algorithm is used when the TLS cipher suite is TLS_NULL_WITH_NULL_NULL.
+This does no encryption (just copies the data) and has a mac size of zero.
+This conforms to RFC 5246 section-6.2.3.1.
 
-RFC 5246 section-6.2.3.1
+"NULL-HMAC-SHA256" and "NULL-HMAC-SHA384" are used when the TLS cipher suite is
+TLS_SHA256_SHA256 and TLS_SHA384_SHA384 respectively.
+This conforms to RFC 9150.
 
 =head1 SEE ALSO
 
 L<provider-cipher(7)>, L<OSSL_PROVIDER-default(7)>
 
+=head1 HISTORY
+
+The NULL-HMAC-SHA256 and NULL-HMAC-SHA384 ciphers were added in OpenSSL version 3.3.
+
 =head1 COPYRIGHT
 
-Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
 in the file LICENSE in the source distribution or at
 L<https://www.openssl.org/source/license.html>.
 
-=cut
+=cut
\ No newline at end of file