mbedtls_x509_crt_ext_cb_t definition changed

As suggested in https://github.com/ARMmbed/mbedtls/pull/3243#discussion_r431238005 Co-authored-by: Gilles Peskine <gilles.peskine@arm.com> Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
2025-01-26 12:35:20 +00:00 · 2020-05-28 08:55:08 +02:00 · 2020-05-28 08:55:08 +02:00 · fae25a13d9
commit fae25a13d9
parent fde98f7773
2 changed files with 8 additions and 6 deletions
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@ -313,11 +313,8 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain,
 * \param crt      The certificate being parsed.
 * \param oid      The OID of the extension.
 * \param critical Whether the extension is critical.
- * \param p        On entry, \c *p points to the start of the extension value
+ * \param p        Pointer to the start of the extension value
 *                 (the content of the OCTET STRING).
- *                 On successful completion, \c *p must point to the
- *                 first byte after the extension value.
- *                 On error, the value of \c *p is not undefined.
 * \param end      End of extension value.
  *
 * \note           The callback must fail and return a negative error code if
@ -329,7 +326,7 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain,
 typedef int (*mbedtls_x509_crt_ext_cb_t)( mbedtls_x509_crt const *crt,
                                          mbedtls_x509_buf const *oid,
                                          int critical,
-                                          unsigned char **p,
+                                          const unsigned char *p,
                                          const unsigned char *end );

 /**
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@ -957,8 +957,13 @@ static int x509_get_crt_ext( unsigned char **p,
        if( ret != 0 )
        {
            /* Give the callback (if any) a chance to handle the extension */
-            if( cb != NULL && cb( crt, &extn_oid, is_critical, p, end_ext_octet ) == 0 )
+            if( cb != NULL ) {
+                ret = cb( crt, &extn_oid, is_critical, *p, end_ext_octet );
+                if ( ret != 0 )
+                    return ( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
+                *p = end_ext_octet;
                continue;
+            }

            /* No parser found, skip extension */
            *p = end_ext_octet;