Expand the XTS documentation

Explain that XTS does not support streaming, and that the IV value is the tweak. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11461) (cherry picked from commit 70d80ef9898ddbe03841efd2df2f526b71829d7f)
author: Matt Caswell <matt@openssl.org> 2020-04-02 09:58:59 +0100
committer: Matt Caswell <matt@openssl.org> 2020-04-03 11:13:50 +0100
commit: d251c4ecc11c19628fe86d82b4b4c47cfea97c17 (patch)
tree: c3bcb6b59450ac29b9d463f0c5e3e707cd6aa7d1 /doc
parent: d0771a9fdb93bdff992a079f596829139b8b12c0 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/doc/man3/EVP_aes.pod b/doc/man3/EVP_aes.pod
index 4192a9ec36..7db48a427f 100644
--- a/doc/man3/EVP_aes.pod
+++ b/doc/man3/EVP_aes.pod
@@ -160,6 +160,13 @@ In particular, XTS-AES-128 (B<EVP_aes_128_xts>) takes input of a 256-bit key to
 achieve AES 128-bit security, and XTS-AES-256 (B<EVP_aes_256_xts>) takes input
 of a 512-bit key to achieve AES 256-bit security.
 
+The XTS implementation in OpenSSL does not support streaming. That is there must
+only be one L<EVP_EncryptUpdate(3)> call per L<EVP_EncryptInit_ex(3)> call (and
+similarly with the "Decrypt" functions).
+
+The I<iv> parameter to L<EVP_EncryptInit_ex(3)> or L<EVP_DecryptInit_ex(3)> is
+the XTS "tweak" value.
+
 =back
 
 =head1 RETURN VALUES
author	Matt Caswell <matt@openssl.org>	2020-04-02 09:58:59 +0100
committer	Matt Caswell <matt@openssl.org>	2020-04-03 11:13:50 +0100
commit	d251c4ecc11c19628fe86d82b4b4c47cfea97c17 (patch)
tree	c3bcb6b59450ac29b9d463f0c5e3e707cd6aa7d1 /doc
parent	d0771a9fdb93bdff992a079f596829139b8b12c0 (diff)