From f832343c1d65d8304af9c0cf003c6ba56111fa3a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 4 Apr 2019 16:29:48 +0100 Subject: [PATCH] Improve documentation of mbedtls_record --- include/mbedtls/ssl_internal.h | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index cf03162fb..17e5f6369 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -578,8 +578,11 @@ struct mbedtls_ssl_transform * (1) Encrypted * These always have data_offset = 0 * (2) Unencrypted - * These have data_offset set to the length of the - * fixed part of the IV used for encryption. + * These have data_offset set to the amount of + * pre-expansion during record protection. Concretely, + * this is the length of the fixed part of the explicit IV + * used for encryption, or 0 if no explicit IV is used + * (e.g. for CBC in TLS 1.0, or stream ciphers). * * The reason for the data_offset in the unencrypted case * is to allow for in-place conversion of an unencrypted to