Add comment Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>

commit: c0633bc7779a96d4a746d425b0edb47fee276516 [log] [tgz]
author: Dave Rodgman <dave.rodgman@arm.com> Fri Sep 22 10:54:43 2023 +0100
committer: Dave Rodgman <dave.rodgman@arm.com> Fri Sep 22 10:54:43 2023 +0100
tree: 00298ee9c47ea54d56238879034a77ca577565f1
parent: d03f483dbe0b4ac13d77ad26362772082fad80d1 [diff] [blame]
diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h
index d275085..4246d2d 100644
--- a/library/constant_time_impl.h
+++ b/library/constant_time_impl.h

@@ -398,6 +398,12 @@
 
 static inline int mbedtls_ct_error_if(mbedtls_ct_condition_t condition, int if1, int if0)
 {
+    /* Coverting int -> uint -> int here is safe, because we require if1 and if0 to be
+     * in the range -32767..0, and we require 32-bit int and uint types.
+     *
+     * This means that (0 <= -if0 < INT_MAX), so negating if0 is safe, and similarly for
+     * converting back to int.
+     */
     return -((int) mbedtls_ct_if(condition, (mbedtls_ct_uint_t) (-if1),
                                  (mbedtls_ct_uint_t) (-if0)));
 }
commit	c0633bc7779a96d4a746d425b0edb47fee276516	[log] [tgz]
author	Dave Rodgman <dave.rodgman@arm.com>	Fri Sep 22 10:54:43 2023 +0100
committer	Dave Rodgman <dave.rodgman@arm.com>	Fri Sep 22 10:54:43 2023 +0100
tree	00298ee9c47ea54d56238879034a77ca577565f1
parent	d03f483dbe0b4ac13d77ad26362772082fad80d1 [diff] [blame]