mbedtls_x509_crt_ext_cb_t definition changed

As suggested in #3243 (comment) Co-authored-by: Gilles Peskine <[email protected]> Signed-off-by: Nicola Di Lieto <[email protected]>
Mbed-TLS · May 28, 2020 · 4c3cb7a · 4c3cb7a
1 parent c7290c0
commit 4c3cb7a
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 6 deletions.
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
@@ -313,11 +313,8 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain,
  * \param crt      The certificate being parsed.
  * \param oid      The OID of the extension.
  * \param critical Whether the extension is critical.
- * \param p        On entry, \c *p points to the start of the extension value
+ * \param p        Pointer to the start of the extension value
  *                 (the content of the OCTET STRING).
- *                 On successful completion, \c *p must point to the
- *                 first byte after the extension value.
- *                 On error, the value of \c *p is not undefined.
  * \param end      End of extension value.
   *
  * \note           The callback must fail and return a negative error code if
@@ -329,7 +326,7 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain,
 typedef int (*mbedtls_x509_crt_ext_cb_t)( mbedtls_x509_crt const *crt,
                                           mbedtls_x509_buf const *oid,
                                           int critical,
-                                          unsigned char **p,
+                                          const unsigned char *p,
                                           const unsigned char *end );
 
 /**

diff --git a/library/x509_crt.c b/library/x509_crt.c
@@ -957,8 +957,13 @@ static int x509_get_crt_ext( unsigned char **p,
         if( ret != 0 )
         {
             /* Give the callback (if any) a chance to handle the extension */
-            if( cb != NULL && cb( crt, &extn_oid, is_critical, p, end_ext_octet ) == 0 )
+            if( cb != NULL ) {
+                ret = cb( crt, &extn_oid, is_critical, *p, end_ext_octet );
+                if ( ret != 0 )
+                    return ( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
+                *p = end_ext_octet;
                 continue;
+            }
 
             /* No parser found, skip extension */
             *p = end_ext_octet;