X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=doc%2Fman7%2Fprovider-cipher.pod;h=83f17683020eaa9dc32809409833c8b66de94127;hb=7cc355c2e4e081dca3c6c345a75a2ab16800c807;hp=bb8df17514b61bb2e8dca44cca01f8e7ce32c347;hpb=c35b8535768e22cd3b7743f4887a72e53a621a5f;p=openssl.git

diff --git a/doc/man7/provider-cipher.pod b/doc/man7/provider-cipher.pod
index bb8df17514..83f1768302 100644
--- a/doc/man7/provider-cipher.pod
+++ b/doc/man7/provider-cipher.pod
@@ -410,6 +410,38 @@ Byte 11-12: Input length (Always 0)
 
 Gets the result of running the "tls1multi_aad" operation.
 
+=item "cts_mode" (B<OSSL_CIPHER_PARAM_CTS_MODE>) <utf8 string>
+
+Sets the cipher text stealing mode. For all modes the output size is the same as
+the input size.
+
+Valid values for the mode are:
+
+=over 4
+
+=item "CS1"
+
+The NIST variant of cipher text stealing.
+For message lengths that are multiples of the block size it is equivalent to
+using a "AES-CBC" cipher otherwise the second last cipher text block is a
+partial block.
+
+=item "CS2"
+
+For message lengths that are multiples of the block size it is equivalent to
+using a "AES-CBC" cipher, otherwise it is the same as "CS3".
+
+=item "CS3"
+
+The Kerberos5 variant of cipher text stealing which always swaps the last
+cipher text block with the previous block (which may be a partial or full block
+depending on the input length).
+
+=back
+
+The default is "CS1".
+This is only supported for "AES-128-CBC-CTS", "AES-192-CBC-CTS" and "AES-256-CBC-CTS".
+
 =back
 
 =head1 RETURN VALUES