From 918aa9f21148dd7937650d344294404a46fcf21f Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Sun, 21 Jan 2018 12:25:10 +0100
Subject: dh: document why BER decoding rules are allows

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
---
 lib/dh.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/dh.c b/lib/dh.c
index c8e84680f9..e265d1e3d0 100644
--- a/lib/dh.c
+++ b/lib/dh.c
@@ -465,6 +465,8 @@ gnutls_dh_params_import_pkcs3(gnutls_dh_params_t params,
 		return _gnutls_asn2err(result);
 	}
 
+	/* PKCS#3 doesn't specify whether DHParameter is encoded as
+	 * BER or DER, thus we don't restrict libtasn1 to DER subset */
 	result = asn1_der_decoding(&c2, _params.data, _params.size, NULL);
 
 	if (need_free != 0) {
-- 
cgit v1.2.1