Document ASN1_item_sign's order of operations a bit

Every time I touch this function, I forget that the algorithm update
actually impacts the serialization.

Change-Id: I8d484f9616d01a6ddd1ad428b01ac4bc922800ab
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/81749
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>

include/openssl/x509.h

diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 837c0d7..cc71f84 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -4535,6 +4535,9 @@
 // |md|, or |pkey|'s default if NULL. Other signing parameters use |pkey|'s
 // defaults. To customize them, use |ASN1_item_sign_ctx|.
 //
+// |algor1| and |algor2| may point into part of |asn| and will be updated before
+// |asn| is serialized.
+//
 // WARNING: |data| must be a pointer with the same type as |it|'s corresponding
 // C type. Using the wrong type is a potentially exploitable memory error.
 OPENSSL_EXPORT int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1,
@@ -4550,6 +4553,9 @@
 // On success or failure, this function mutates |ctx| and resets it to the empty
 // state. Caller should not rely on its contents after the function returns.
 //
+// |algor1| and |algor2| may point into part of |asn| and will be updated before
+// |asn| is serialized.
+//
 // WARNING: |data| must be a pointer with the same type as |it|'s corresponding
 // C type. Using the wrong type is a potentially exploitable memory error.
 OPENSSL_EXPORT int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1,