From c24e0195138a8f617b0ca84eaa422b82dca21d04 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 11 Feb 2019 14:33:36 +0000
Subject: [PATCH] Improve documentation of mbedtls_x509_get_ext()

- Explain the use of explicit ASN.1 tagging for the extensions structuree
- Remove misleading comment which suggests that mbedtls_x509_get_ext()
  also parsed the header of the first extension, which is not the case.
---
 library/x509.c | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/library/x509.c b/library/x509.c
index 1fbce91fb..59b6ba3bd 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -709,6 +709,9 @@ int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
     int ret;
     size_t len;
 
+    /* Extension structure use EXPLICIT tagging. That is, the actual
+     * `Extensions` structure is wrapped by a tag-length pair using
+     * the respective context-specific tag. */
     ret = mbedtls_asn1_get_tag( p, end, &ext->len,
               MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag );
     if( ret != 0 )
@@ -720,11 +723,6 @@ int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
 
     /*
      * Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension
-     *
-     * Extension  ::=  SEQUENCE  {
-     *      extnID      OBJECT IDENTIFIER,
-     *      critical    BOOLEAN DEFAULT FALSE,
-     *      extnValue   OCTET STRING  }
      */
     if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )