Improve documentation of mbedtls_ssl_transform
diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 60b5133..5797136 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -499,8 +499,8 @@
* - The (static) encryption/decryption keys for the cipher.
* - For stream/CBC, the type of message digest to be used.
* - For stream/CBC, (static) encryption/decryption keys for the digest.
- * - For AEAD transformations, the size (potentially 0) of an explicit
- * initialization vector placed in encrypted records.
+ * - For AEAD transformations, the size (potentially 0) of an explicit,
+ * random initialization vector placed in encrypted records.
* - For some transformations (currently AEAD and CBC in SSL3 and TLS 1.0)
* an implicit IV. It may be static (e.g. AEAD) or dynamic (e.g. CBC)
* and (if present) is combined with the explicit IV in a transformation-
@@ -509,6 +509,11 @@
* - The details of the transformation depend on the SSL/TLS version.
* - The length of the authentication tag.
*
+ * Note: Except for CBC in SSL3 and TLS 1.0, these parameters are
+ * constant across multiple encryption/decryption operations.
+ * For CBC, the implicit IV needs to be updated after each
+ * operation.
+ *
* The struct below refines this abstract view as follows:
* - The cipher underlying the transformation is managed in
* cipher contexts cipher_ctx_{enc/dec}, which must have the