Document ASN1_item_sign's order of operations a bit

Every time I touch this function, I forget that the algorithm update actually impacts the serialization. Change-Id: I8d484f9616d01a6ddd1ad428b01ac4bc922800ab Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/81749 Auto-Submit: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com>
2025-08-30 11:19:22 -04:00
parent 28e46225a7
commit 087d397a93
1 changed files with 6 additions and 0 deletions
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -4535,6 +4535,9 @@ OPENSSL_EXPORT int ASN1_item_verify(const ASN1_ITEM *it,
 // |md|, or |pkey|'s default if NULL. Other signing parameters use |pkey|'s
 // defaults. To customize them, use |ASN1_item_sign_ctx|.
 //
+// |algor1| and |algor2| may point into part of |asn| and will be updated before
+// |asn| is serialized.
+//
 // WARNING: |data| must be a pointer with the same type as |it|'s corresponding
 // C type. Using the wrong type is a potentially exploitable memory error.
 OPENSSL_EXPORT int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1,
@@ -4550,6 +4553,9 @@ OPENSSL_EXPORT int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1,
 // On success or failure, this function mutates |ctx| and resets it to the empty
 // state. Caller should not rely on its contents after the function returns.
 //
+// |algor1| and |algor2| may point into part of |asn| and will be updated before
+// |asn| is serialized.
+//
 // WARNING: |data| must be a pointer with the same type as |it|'s corresponding
 // C type. Using the wrong type is a potentially exploitable memory error.
 OPENSSL_EXPORT int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1,