Improve documentation of mbedtls_x509_get_ext()

- Explain the use of explicit ASN.1 tagging for the extensions structuree - Remove misleading comment which suggests that mbedtls_x509_get_ext() also parsed the header of the first extension, which is not the case.
Mbed-TLS · Jun 4, 2019 · 3a4211c · 3a4211c
1 parent 5bf7a6d
commit 3a4211c
Showing 1 changed file with 3 additions and 5 deletions.
diff --git a/library/x509.c b/library/x509.c
@@ -713,6 +713,9 @@ int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
     int ret;
     size_t len;
 
+    /* Extension structure use EXPLICIT tagging. That is, the actual
+     * `Extensions` structure is wrapped by a tag-length pair using
+     * the respective context-specific tag. */
     ret = mbedtls_asn1_get_tag( p, end, &ext->len,
               MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag );
     if( ret != 0 )
@@ -724,11 +727,6 @@ int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
 
     /*
      * Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension
-     *
-     * Extension  ::=  SEQUENCE  {
-     *      extnID      OBJECT IDENTIFIER,
-     *      critical    BOOLEAN DEFAULT FALSE,
-     *      extnValue   OCTET STRING  }
      */
     if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )