Document the domain_parameters_size==SIZE_MAX hack
It was introduced in https://github.com/Mbed-TLS/mbedtls/pull/8616 but not
documented.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index 5639ad0..1eb2463 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -254,6 +254,18 @@
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
psa_key_slot_number_t MBEDTLS_PRIVATE(slot_number);
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+ /* Unlike normal buffers, there are three cases for domain_parameters
+ * and domain_parameters_size:
+ * - domain_parameters_size == SIZE_MAX && domain_parameters == NULL:
+ * Access to domain parameters is not supported for this key.
+ * This is a hack which should not exist, intended for keys managed
+ * by a driver that doesn't support domain parameters.
+ * - domain_parameters_size == 0 && domain_parameters == NULL:
+ * The domain parameters are empty.
+ * - domain_parameters_size > 0 &&
+ * domain_parameters == valid pointer to domain_parameters_size bytes:
+ * The domain parameters are non-empty.
+ */
void *MBEDTLS_PRIVATE(domain_parameters);
size_t MBEDTLS_PRIVATE(domain_parameters_size);
};