diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h
index a73a7b0eaf..67a5bd6ce0 100644
--- a/include/mbedtls/md.h
+++ b/include/mbedtls/md.h
@@ -161,6 +161,14 @@ typedef enum {
     MBEDTLS_MD_SHA3_512,    /**< The SHA3-512 message digest. */
 } mbedtls_md_type_t;
 
+/* Note: this should always be >= PSA_HASH_MAX_SIZE
+ * in all builds with both CRYPTO_C and MD_LIGHT.
+ *
+ * This is to make things easier for modules such as TLS that may define a
+ * buffer size using MD_MAX_SIZE in a part of the code that's common to PSA
+ * and legacy, then assume the buffer's size is PSA_HASH_MAX_SIZE in another
+ * part of the code based on PSA.
+ */
 #if defined(MBEDTLS_MD_CAN_SHA512) || defined(MBEDTLS_SHA3_C)
 #define MBEDTLS_MD_MAX_SIZE         64  /* longest known is SHA512 */
 #elif defined(MBEDTLS_MD_CAN_SHA384)