From 15952814d837cc5687230861d1defed0458ce0aa Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 4 Jun 2020 13:31:46 +0100
Subject: [PATCH] Improve documentation of nonce-generating function in
 ssl_msg.c

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 library/ssl_msg.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 65eab4b40..32bbc97be 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -557,8 +557,14 @@ static int ssl_transform_aead_dynamic_iv_is_explicit(
  * a) Fixed and dynamic IV lengths add up to total IV length, giving
  *       IV = fixed_iv || dynamic_iv
  *
+ *    This variant is used in TLS 1.2 when used with GCM or CCM.
+ *
  * b) Fixed IV lengths matches total IV length, giving
  *       IV = fixed_iv XOR ( 0 || dynamic_iv )
+ *
+ *    This variant occurs in TLS 1.3 and for TLS 1.2 when using ChaChaPoly.
+ *
+ * See also the documentation of mbedtls_ssl_transform.
  */
 static void ssl_build_record_nonce( unsigned char *dst_iv,
                                     size_t dst_iv_len,