Improve a comment. ECDSA keys work with mbedtls_pk_ec() too, but we don't want to accept them here, so the comment should reflect that the check is not just about ensuring pk_ec() works. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

commit: b9c7ea459e518eac4cdf8c0d79977f2571b4dcd7 [log] [tgz]
author: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Tue Jun 14 09:25:17 2022 +0200
committer: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Jun 20 21:04:31 2022 +0200
tree: 1b08a8c87577ebcf40add0322da3d930fe58bcae
parent: a4a4aab54294e47f10f2e742c3eb13851473e7ea [diff] [blame]
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index f2fca12..705a632 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c

@@ -3241,7 +3241,8 @@
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_pk_context *own_key = mbedtls_ssl_own_key( ssl );
 
-    /* We want to call mbedtls_pk_ec(), which only works on those types. */
+    /* Check if the key is a transparent ECDH key.
+     * This also ensures that it is safe to call mbedtls_pk_ec(). */
     if( mbedtls_pk_get_type( own_key ) != MBEDTLS_PK_ECKEY &&
         mbedtls_pk_get_type( own_key ) != MBEDTLS_PK_ECKEY_DH )
     {
commit	b9c7ea459e518eac4cdf8c0d79977f2571b4dcd7	[log] [tgz]
author	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Tue Jun 14 09:25:17 2022 +0200
committer	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Mon Jun 20 21:04:31 2022 +0200
tree	1b08a8c87577ebcf40add0322da3d930fe58bcae
parent	a4a4aab54294e47f10f2e742c3eb13851473e7ea [diff] [blame]