From a1b2bfff467d114365d5b9cd17a798de9201651e Mon Sep 17 00:00:00 2001
From: Dave Rodgman <dave.rodgman@arm.com>
Date: Mon, 20 Feb 2023 14:45:09 +0000
Subject: [PATCH] Add clarifying comments

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
---
 library/pkcs7.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/library/pkcs7.c b/library/pkcs7.c
index ba43f4971..010d7066e 100644
--- a/library/pkcs7.c
+++ b/library/pkcs7.c
@@ -607,13 +607,16 @@ int mbedtls_pkcs7_parse_der(mbedtls_pkcs7 *pkcs7, const unsigned char *buf,
     }
 
     if (MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_PKCS7_SIGNED_DATA, p, len)) {
+        /* OID is not MBEDTLS_OID_PKCS7_SIGNED_DATA, which is the only supported feature */
         if (!MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_PKCS7_DATA, p, len)
             || !MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_PKCS7_ENCRYPTED_DATA, p, len)
             || !MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_PKCS7_ENVELOPED_DATA, p, len)
             || !MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_PKCS7_SIGNED_AND_ENVELOPED_DATA, p, len)
             || !MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_PKCS7_DIGESTED_DATA, p, len)) {
+            /* OID is valid according to the spec, but unsupported */
             ret =  MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE;
         } else {
+            /* OID is invalid according to the spec */
             ret = MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA;
         }
         goto out;