Improve documentation of mbedtls_record

commit: f832343c1d65d8304af9c0cf003c6ba56111fa3a [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Thu Apr 04 16:29:48 2019 +0100
committer: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Mon Apr 29 12:19:07 2019 +0200
tree: abaff8c9845ba5dd2d3bf557eb81cbcbdab70f5c
parent: c5aee96855fdb3d40e81f931bc8d3d4738d8bc9b [diff] [blame]
diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index cf03162..17e5f63 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h

@@ -578,8 +578,11 @@
  * (1) Encrypted
  *     These always have data_offset = 0
  * (2) Unencrypted
- *     These have data_offset set to the length of the
- *     fixed part of the IV used for encryption.
+ *     These have data_offset set to the amount of
+ *     pre-expansion during record protection. Concretely,
+ *     this is the length of the fixed part of the explicit IV
+ *     used for encryption, or 0 if no explicit IV is used
+ *     (e.g. for CBC in TLS 1.0, or stream ciphers).
  *
  * The reason for the data_offset in the unencrypted case
  * is to allow for in-place conversion of an unencrypted to
commit	f832343c1d65d8304af9c0cf003c6ba56111fa3a	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Thu Apr 04 16:29:48 2019 +0100
committer	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Mon Apr 29 12:19:07 2019 +0200
tree	abaff8c9845ba5dd2d3bf557eb81cbcbdab70f5c
parent	c5aee96855fdb3d40e81f931bc8d3d4738d8bc9b [diff] [blame]