Clarify mbedtls_pk_can_do_ext() return documentation amd add warning on future addition of allowed algs & usage flags

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 12:00:56 +02:00 · 2022-05-20 12:00:56 +02:00 · b2f2b027c2
commit b2f2b027c2
parent c661ff51c9
1 changed files with 8 additions and 4 deletions
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@ -428,12 +428,16 @@ int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type );
 *                  PSA_KEY_USAGE_DERIVE.
 *                  Context key must match all passed usage flags.
 *
+ * \warning         Since the set of allowed algorithms and usage flags may be
+ *                  expanded in the future, the return value \c 0 should not
+ *                  be taken in account for non-allowed algorithms and usage
+ *                  flags.
+ *
 * \return          1 if the context can do operations on the given type.
 * \return          0 if the context cannot do the operations on the given
- *                  type, or for non-allowed algorithms and usage flags.
- *                  This is always the case for a context that has
- *                  been initialized but not set up, or that has been
- *                  cleared with mbedtls_pk_free().
+ *                  type, for non-allowed algorithms and usage flags, or
+ *                  for a context that has been initialized but not set up
+ *                  or that has been cleared with mbedtls_pk_free().
 */
 int mbedtls_pk_can_do_ext( const mbedtls_pk_context *ctx, psa_algorithm_t alg,
                           psa_key_usage_t usage );