Expand the XTS documentation

author Matt Caswell <matt@openssl.org>

Thu, 2 Apr 2020 08:58:59 +0000 (09:58 +0100)

committer Matt Caswell <matt@openssl.org>

Fri, 3 Apr 2020 10:13:50 +0000 (11:13 +0100)
author Matt Caswell <matt@openssl.org>
Thu, 2 Apr 2020 08:58:59 +0000 (09:58 +0100)
committer Matt Caswell <matt@openssl.org>
Fri, 3 Apr 2020 10:13:50 +0000 (11:13 +0100)
diff --git a/doc/man3/EVP_aes.pod b/doc/man3/EVP_aes.pod

index 4192a9ec369f90a4fcd33b445285dfa5ab33e62b..7db48a427ffecf2443613ae463bf787be31c8c3b 100644 (file)
--- a/doc/man3/EVP_aes.pod
+++ b/doc/man3/EVP_aes.pod
@@ -160,6 +160,13 @@ In particular, XTS-AES-128 (B<EVP_aes_128_xts>) takes input of a 256-bit key to
  achieve AES 128-bit security, and XTS-AES-256 (B<EVP_aes_256_xts>) takes input
  of a 512-bit key to achieve AES 256-bit security.
  
+The XTS implementation in OpenSSL does not support streaming. That is there must
+only be one L<EVP_EncryptUpdate(3)> call per L<EVP_EncryptInit_ex(3)> call (and
+similarly with the "Decrypt" functions).
+
+The I<iv> parameter to L<EVP_EncryptInit_ex(3)> or L<EVP_DecryptInit_ex(3)> is
+the XTS "tweak" value.
+
  =back
  
  =head1 RETURN VALUES
author	Matt Caswell <matt@openssl.org>
	Thu, 2 Apr 2020 08:58:59 +0000 (09:58 +0100)
committer	Matt Caswell <matt@openssl.org>
	Fri, 3 Apr 2020 10:13:50 +0000 (11:13 +0100)