From 2eba3d213e676fbe71fde310d6dde3f792600892 Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Wed, 14 Jun 2023 12:23:42 -0400
Subject: [PATCH] llcrypto: add another warning to ct_lookup.

---
 crates/tor-llcrypto/src/util/ct.rs | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/crates/tor-llcrypto/src/util/ct.rs b/crates/tor-llcrypto/src/util/ct.rs
index c61388162..1c8a764d8 100644
--- a/crates/tor-llcrypto/src/util/ct.rs
+++ b/crates/tor-llcrypto/src/util/ct.rs
@@ -97,10 +97,11 @@ impl<const N: usize> AsMut<[u8; N]> for CtByteArray<N> {
 /// Otherwise, this function returns none.
 ///
 /// We evaluate `matches` on every item of the array, and try not to
-/// leak by timing which element (if any) matched.
+/// leak by timing which element (if any) matched.  Note that if
+/// `matches` itself has side channels, this function can't hide them.
 ///
 /// Note that this doesn't necessarily do a constant-time comparison,
-/// and that it is not constant-time for found/not-found case.
+/// and that it is not constant-time for the found/not-found case.
 pub fn ct_lookup<T, F>(array: &[T], matches: F) -> Option<&T>
 where
     F: Fn(&T) -> Choice,