From 91537eb09d9d01a60e4e6a97ce1c46a12d82958a Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 12 Aug 2024 17:26:24 +0100 Subject: [PATCH] Improve documentation of MBEDTLS_MPI_IS_PUBLIC Signed-off-by: Janos Follath --- tf-psa-crypto/drivers/builtin/include/mbedtls/bignum.h | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/bignum.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/bignum.h index bb96f4fb89..cd7e2f6c66 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/bignum.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/bignum.h @@ -44,7 +44,12 @@ goto cleanup; \ } while (0) -/* Constants to identify whether a value is public or secret. +/* Constants to identify whether a value is public or secret. If a parameter is marked as secret by + * this constant, the function must be constant time with respect to the parameter. + * + * This is only needed for functions with the _optionally_safe postfix. All other functions have + * fixed behavior that can't be changed at runtime and are constant time with respect to their + * parameters as prescribed by their documentation or by conventions in their module's documentation. * * Parameters should be named X_public where X is the name of the * corresponding input parameter.