Fix and improve documentation, comments and logs

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-02-21 08:53:33 +01:00 · 2023-02-21 08:53:33 +01:00 · d89360b87b
commit d89360b87b
parent 675d97d42e
3 changed files with 13 additions and 4 deletions
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@ -1371,6 +1371,11 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
        uint16_t cipher_suite;
        const mbedtls_ssl_ciphersuite_t *ciphersuite_info;

+        /*
+         * "cipher_suite_end - p is even" is an invariant of the loop. As
+         * cipher_suites_end - p > 0, we have cipher_suites_end - p >= 2 and
+         * it is thus safe to read two bytes.
+         */
        cipher_suite = MBEDTLS_GET_UINT16_BE(p, 0);
        ciphersuite_info = ssl_tls13_validate_peer_ciphersuite(
            ssl, cipher_suite);