Add comments when can_do() is safe to use Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

commit: 06e1fcdb45872a410165a9b4ab4c16bf41dced6a [log] [tgz]
author: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Thu Jun 16 10:48:06 2022 +0200
committer: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Jun 20 21:04:31 2022 +0200
tree: f36c1e6c637091389ba961838eadbf984d52817e
parent: 8641102bc16a8193d93721f222729e5a07252fc3 [diff] [blame]
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index b0379cd..0099b43 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -2697,7 +2697,9 @@
     {
         const mbedtls_pk_context *pk = &chain->pk;
 
-        /* If certificate uses an EC key, make sure the curve is OK */
+        /* If certificate uses an EC key, make sure the curve is OK.
+         * This is a public key, so it can't be opaque, so can_do() is a good
+         * enough check to ensure pk_ec() is safe to use here. */
         if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) &&
             mbedtls_ssl_check_curve( ssl, mbedtls_pk_ec( *pk )->grp.id ) != 0 )
         {
commit	06e1fcdb45872a410165a9b4ab4c16bf41dced6a	[log] [tgz]
author	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Thu Jun 16 10:48:06 2022 +0200
committer	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Mon Jun 20 21:04:31 2022 +0200
tree	f36c1e6c637091389ba961838eadbf984d52817e
parent	8641102bc16a8193d93721f222729e5a07252fc3 [diff] [blame]