mirror of
https://github.com/ARMmbed/mbedtls.git
synced 2025-10-25 04:35:59 +08:00
Add comments when can_do() is safe to use
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:

committed by
Manuel Pégourié-Gonnard

parent
8641102bc1
commit
06e1fcdb45
@@ -3000,6 +3000,8 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
|
|||||||
peer_pk = &ssl->session_negotiate->peer_cert->pk;
|
peer_pk = &ssl->session_negotiate->peer_cert->pk;
|
||||||
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
|
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
|
||||||
|
|
||||||
|
/* This is a public key, so it can't be opaque, so can_do() is a good
|
||||||
|
* enough check to ensure pk_ec() is safe to use below. */
|
||||||
if( ! mbedtls_pk_can_do( peer_pk, MBEDTLS_PK_ECKEY ) )
|
if( ! mbedtls_pk_can_do( peer_pk, MBEDTLS_PK_ECKEY ) )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "server key not ECDH capable" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "server key not ECDH capable" ) );
|
||||||
|
@@ -2697,7 +2697,9 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl,
|
|||||||
{
|
{
|
||||||
const mbedtls_pk_context *pk = &chain->pk;
|
const mbedtls_pk_context *pk = &chain->pk;
|
||||||
|
|
||||||
/* If certificate uses an EC key, make sure the curve is OK */
|
/* If certificate uses an EC key, make sure the curve is OK.
|
||||||
|
* This is a public key, so it can't be opaque, so can_do() is a good
|
||||||
|
* enough check to ensure pk_ec() is safe to use here. */
|
||||||
if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) &&
|
if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) &&
|
||||||
mbedtls_ssl_check_curve( ssl, mbedtls_pk_ec( *pk )->grp.id ) != 0 )
|
mbedtls_ssl_check_curve( ssl, mbedtls_pk_ec( *pk )->grp.id ) != 0 )
|
||||||
{
|
{
|
||||||
|
Reference in New Issue
Block a user