Clarify mbedtls_pk_can_do_ext() return documentation amd add warning on future addition of allowed algs & usage flags
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index 6c4ca38..207aed0 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -428,12 +428,16 @@
* PSA_KEY_USAGE_DERIVE.
* Context key must match all passed usage flags.
*
+ * \warning Since the set of allowed algorithms and usage flags may be
+ * expanded in the future, the return value \c 0 should not
+ * be taken in account for non-allowed algorithms and usage
+ * flags.
+ *
* \return 1 if the context can do operations on the given type.
* \return 0 if the context cannot do the operations on the given
- * type, or for non-allowed algorithms and usage flags.
- * This is always the case for a context that has
- * been initialized but not set up, or that has been
- * cleared with mbedtls_pk_free().
+ * type, for non-allowed algorithms and usage flags, or
+ * for a context that has been initialized but not set up
+ * or that has been cleared with mbedtls_pk_free().
*/
int mbedtls_pk_can_do_ext( const mbedtls_pk_context *ctx, psa_algorithm_t alg,
psa_key_usage_t usage );