mbedtls_x509_crt_parse_der_with_ext_cb enhancement
added make_copy parameter as suggested in
https://github.com/ARMmbed/mbedtls/pull/3243#discussion_r431233555
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 28dfa51..fb91af2 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -330,30 +330,39 @@
const unsigned char *end );
/**
- * \brief Parse a single DER formatted certificate and add it
- * to the end of the provided chained list.
+ * \brief Parse a single DER formatted certificate and add it
+ * to the end of the provided chained list.
*
- * \param chain The pointer to the start of the CRT chain to attach to.
- * When parsing the first CRT in a chain, this should point
- * to an instance of ::mbedtls_x509_crt initialized through
- * mbedtls_x509_crt_init().
- * \param buf The buffer holding the DER encoded certificate.
- * \param buflen The size in Bytes of \p buf.
- * \param cb A callback invoked for every unsupported certificate
- * extension.
+ * \param chain The pointer to the start of the CRT chain to attach to.
+ * When parsing the first CRT in a chain, this should point
+ * to an instance of ::mbedtls_x509_crt initialized through
+ * mbedtls_x509_crt_init().
+ * \param buf The buffer holding the DER encoded certificate.
+ * \param buflen The size in Bytes of \p buf.
+ * \param make_copy When not zero this function makes an internal copy of the
+ * CRT buffer \p buf. In particular, \p buf may be destroyed
+ * or reused after this call returns.
+ * When zero this function avoids duplicating the CRT buffer
+ * by taking temporary ownership thereof until the CRT
+ * is destroyed (like mbedtls_x509_crt_parse_der_nocopy())
+ * \param cb A callback invoked for every unsupported certificate
+ * extension.
*
- * \note This call is functionally equivalent to
- * mbedtls_x509_crt_parse_der(), but it calls the callback
- * with every unsupported certificate extension.
- * The callback must return a negative error code if it
- * does not know how to handle such an extension.
+ * \note This call is functionally equivalent to
+ * mbedtls_x509_crt_parse_der(), and/or
+ * mbedtls_x509_crt_parse_der_nocopy()
+ * but it calls the callback with every unsupported
+ * certificate extension.
+ * The callback must return a negative error code if it
+ * does not know how to handle such an extension.
*
- * \return \c 0 if successful.
- * \return A negative error code on failure.
+ * \return \c 0 if successful.
+ * \return A negative error code on failure.
*/
int mbedtls_x509_crt_parse_der_with_ext_cb( mbedtls_x509_crt *chain,
const unsigned char *buf,
size_t buflen,
+ int no_copy,
mbedtls_x509_crt_ext_cb_t cb );
/**
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 6fdee95..2e2fb24 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1392,9 +1392,10 @@
int mbedtls_x509_crt_parse_der_with_ext_cb( mbedtls_x509_crt *chain,
const unsigned char *buf,
size_t buflen,
+ int make_copy,
mbedtls_x509_crt_ext_cb_t cb )
{
- return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 1, cb ) );
+ return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, make_copy, cb ) );
}
int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain,