Add comment on macros that should be kept in sync Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

commit: c9d98295339752a1e547d1eeb6933dcccbccc224 [log] [tgz]
author: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Wed May 24 12:28:38 2023 +0200
committer: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Tue Jun 06 10:33:54 2023 +0200
tree: 9d7cdeffd7b22408591c4afa0260e5eba9fb2224
parent: f76c2208f6f3a3abd6044d9e47180a3e244717d9 [diff]
diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h
index 657b5cc..44b76f4 100644
--- a/include/mbedtls/md.h
+++ b/include/mbedtls/md.h

@@ -151,7 +151,16 @@
     MBEDTLS_MD_RIPEMD160, /**< The RIPEMD-160 message digest. */
 } mbedtls_md_type_t;
 
-/* Note: this should be kept in sync with PSA_HASH_MAX_SIZE */
+/* Note: this should always be >= PSA_HASH_MAX_SIZE
+ * in all builds with both CRYPTO_C and MD_LIGHT.
+ *
+ * This is to make things easier for modules such as TLS that may define a
+ * buffer size using MD_MAX_SIZE in a part of the code that's common to PSA
+ * and legacy, then assume the buffer's size is PSA_HASH_MAX_SIZE in another
+ * part of the code based on PSA.
+ *
+ * Currently both macros have the same value, avoiding such issues.
+ */
 #if defined(MBEDTLS_MD_CAN_SHA512)
 #define MBEDTLS_MD_MAX_SIZE         64  /* longest known is SHA512 */
 #elif defined(MBEDTLS_MD_CAN_SHA384)
commit	c9d98295339752a1e547d1eeb6933dcccbccc224	[log] [tgz]
author	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Wed May 24 12:28:38 2023 +0200
committer	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Tue Jun 06 10:33:54 2023 +0200
tree	9d7cdeffd7b22408591c4afa0260e5eba9fb2224
parent	f76c2208f6f3a3abd6044d9e47180a3e244717d9 [diff]