Add comments when can_do() is safe to use Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

commit: 06e1fcdb45872a410165a9b4ab4c16bf41dced6a [log] [tgz]
author: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Thu Jun 16 10:48:06 2022 +0200
committer: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Jun 20 21:04:31 2022 +0200
tree: f36c1e6c637091389ba961838eadbf984d52817e
parent: 8641102bc16a8193d93721f222729e5a07252fc3 [diff] [blame]
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index eeb55c3..1140d9e 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c

@@ -3000,6 +3000,8 @@
     peer_pk = &ssl->session_negotiate->peer_cert->pk;
 #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 
+    /* This is a public key, so it can't be opaque, so can_do() is a good
+     * enough check to ensure pk_ec() is safe to use below. */
     if( ! mbedtls_pk_can_do( peer_pk, MBEDTLS_PK_ECKEY ) )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "server key not ECDH capable" ) );
commit	06e1fcdb45872a410165a9b4ab4c16bf41dced6a	[log] [tgz]
author	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Thu Jun 16 10:48:06 2022 +0200
committer	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Mon Jun 20 21:04:31 2022 +0200
tree	f36c1e6c637091389ba961838eadbf984d52817e
parent	8641102bc16a8193d93721f222729e5a07252fc3 [diff] [blame]