From 2f1754916c7a478f44aa430d086412925fd6b35e Mon Sep 17 00:00:00 2001
From: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Date: Mon, 9 Aug 2021 16:05:14 +0200
Subject: [PATCH] Improve comment on local_output.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
---
 library/ccm.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/library/ccm.c b/library/ccm.c
index b7c8f6d4d..1e88f9067 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -387,7 +387,10 @@ int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
         if( ctx->mode == MBEDTLS_CCM_DECRYPT || \
             ctx->mode == MBEDTLS_CCM_STAR_DECRYPT )
         {
-            /* Write decrypted data to local_output to avoid using output variable as
+            /* Since output may be in shared memory, we cannot be sure that
+             * it will contain what we wrote to it. Therefore, we should avoid using
+             * it as input to any operations.
+             * Write decrypted data to local_output to avoid using output variable as
              * input in the XOR operation for Y.
              */
             ret = mbedtls_ccm_crypt( ctx, offset, use_len, input, local_output );