mbedtls_x509_crt_ext_cb_t definition changed
As suggested in
https://github.com/ARMmbed/mbedtls/pull/3243#discussion_r431238005
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 96129be..28dfa51 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -313,11 +313,8 @@
* \param crt The certificate being parsed.
* \param oid The OID of the extension.
* \param critical Whether the extension is critical.
- * \param p On entry, \c *p points to the start of the extension value
+ * \param p Pointer to the start of the extension value
* (the content of the OCTET STRING).
- * On successful completion, \c *p must point to the
- * first byte after the extension value.
- * On error, the value of \c *p is not undefined.
* \param end End of extension value.
*
* \note The callback must fail and return a negative error code if
@@ -329,7 +326,7 @@
typedef int (*mbedtls_x509_crt_ext_cb_t)( mbedtls_x509_crt const *crt,
mbedtls_x509_buf const *oid,
int critical,
- unsigned char **p,
+ const unsigned char *p,
const unsigned char *end );
/**
diff --git a/library/x509_crt.c b/library/x509_crt.c
index bf06872..6fdee95 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -957,8 +957,13 @@
if( ret != 0 )
{
/* Give the callback (if any) a chance to handle the extension */
- if( cb != NULL && cb( crt, &extn_oid, is_critical, p, end_ext_octet ) == 0 )
+ if( cb != NULL ) {
+ ret = cb( crt, &extn_oid, is_critical, *p, end_ext_octet );
+ if ( ret != 0 )
+ return ( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
+ *p = end_ext_octet;
continue;
+ }
/* No parser found, skip extension */
*p = end_ext_octet;