diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index fd6b90d2c..83e7f252c 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -3460,6 +3460,11 @@ static int ssl_out_client_key_exchange_prepare( mbedtls_ssl_context *ssl )
     return( 0 );
 }
 
+/* Warning: Despite accepting a length argument, this function is currently
+ * still lacking some bounds checks and assumes that `buf` has length
+ * `MBEDTLS_SSL_OUT_CONTENT_LEN`. Eventually, it should be rewritten to work
+ * with any buffer + length pair, returning MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL
+ * on insufficient writing space. */
 static int ssl_out_client_key_exchange_write( mbedtls_ssl_context *ssl,
                                           unsigned char *buf,
                                           size_t buflen,
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 7aaea95d0..8ffbf7c0b 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -4105,6 +4105,11 @@ cleanup:
     return( ret );
 }
 
+/* Warning: Despite accepting a length argument, this function is currently
+ * still lacking some bounds checks and assumes that `buf` has length
+ * `MBEDTLS_SSL_IN_CONTENT_LEN`. Eventually, it should be rewritten to work
+ * with any buffer + length pair, returning MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL
+ * on insufficient parsing space. */
 static int ssl_in_client_key_exchange_parse( mbedtls_ssl_context *ssl,
                                           unsigned char *buf,
                                           size_t buflen )