Fix and improve documentation, comments and logs Signed-off-by: Ronald Cron <ronald.cron@arm.com>

commit: d89360b87bb5bcf09a21c74a799056c49260b260 [log] [tgz]
author: Ronald Cron <ronald.cron@arm.com> Tue Feb 21 08:53:33 2023 +0100
committer: Ronald Cron <ronald.cron@arm.com> Tue Feb 21 14:57:25 2023 +0100
tree: 9808a3e9cb98434aa05e50edac34748454c9a475
parent: 675d97d42e16fa4e55d80d76596b36c56730589b [diff] [blame]
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 8aff191..005a1d7 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c

@@ -1371,6 +1371,11 @@
         uint16_t cipher_suite;
         const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
 
+        /*
+         * "cipher_suite_end - p is even" is an invariant of the loop. As
+         * cipher_suites_end - p > 0, we have cipher_suites_end - p >= 2 and
+         * it is thus safe to read two bytes.
+         */
         cipher_suite = MBEDTLS_GET_UINT16_BE(p, 0);
         ciphersuite_info = ssl_tls13_validate_peer_ciphersuite(
             ssl, cipher_suite);
commit	d89360b87bb5bcf09a21c74a799056c49260b260	[log] [tgz]
author	Ronald Cron <ronald.cron@arm.com>	Tue Feb 21 08:53:33 2023 +0100
committer	Ronald Cron <ronald.cron@arm.com>	Tue Feb 21 14:57:25 2023 +0100
tree	9808a3e9cb98434aa05e50edac34748454c9a475
parent	675d97d42e16fa4e55d80d76596b36c56730589b [diff] [blame]