Skip to content

Commit

Permalink
mbedtls_x509_crt_parse_der_with_ext_cb enhancement
Browse files Browse the repository at this point in the history 
added make_copy parameter as suggested in
#3243 (comment)

Co-authored-by: Gilles Peskine <[email protected]>
Signed-off-by: Nicola Di Lieto <[email protected]>
  • Loading branch information
@ndilieto @gilles-peskine-arm
ndilieto and gilles-peskine-arm committed May 28, 2020
1 parent 4c3cb7a commit 7717e4f
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 21 deletions.
49 changes: 29 additions & 20 deletions include/mbedtls/x509_crt.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -330,30 +330,39 @@ typedef int (*mbedtls_x509_crt_ext_cb_t)( mbedtls_x509_crt const *crt,
const unsigned char *end );

/**
* \brief Parse a single DER formatted certificate and add it
* to the end of the provided chained list.
*
* \param chain The pointer to the start of the CRT chain to attach to.
* When parsing the first CRT in a chain, this should point
* to an instance of ::mbedtls_x509_crt initialized through
* mbedtls_x509_crt_init().
* \param buf The buffer holding the DER encoded certificate.
* \param buflen The size in Bytes of \p buf.
* \param cb A callback invoked for every unsupported certificate
* extension.
*
* \note This call is functionally equivalent to
* mbedtls_x509_crt_parse_der(), but it calls the callback
* with every unsupported certificate extension.
* The callback must return a negative error code if it
* does not know how to handle such an extension.
*
* \return \c 0 if successful.
* \return A negative error code on failure.
* \brief Parse a single DER formatted certificate and add it
* to the end of the provided chained list.
*
* \param chain The pointer to the start of the CRT chain to attach to.
* When parsing the first CRT in a chain, this should point
* to an instance of ::mbedtls_x509_crt initialized through
* mbedtls_x509_crt_init().
* \param buf The buffer holding the DER encoded certificate.
* \param buflen The size in Bytes of \p buf.
* \param make_copy When not zero this function makes an internal copy of the
* CRT buffer \p buf. In particular, \p buf may be destroyed
* or reused after this call returns.
* When zero this function avoids duplicating the CRT buffer
* by taking temporary ownership thereof until the CRT
* is destroyed (like mbedtls_x509_crt_parse_der_nocopy())
* \param cb A callback invoked for every unsupported certificate
* extension.
*
* \note This call is functionally equivalent to
* mbedtls_x509_crt_parse_der(), and/or
* mbedtls_x509_crt_parse_der_nocopy()
* but it calls the callback with every unsupported
* certificate extension.
* The callback must return a negative error code if it
* does not know how to handle such an extension.
*
* \return \c 0 if successful.
* \return A negative error code on failure.
*/
int mbedtls_x509_crt_parse_der_with_ext_cb( mbedtls_x509_crt *chain,
const unsigned char *buf,
size_t buflen,
int no_copy,
mbedtls_x509_crt_ext_cb_t cb );

/**
Expand Down
3 changes: 2 additions & 1 deletion library/x509_crt.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1392,9 +1392,10 @@ int mbedtls_x509_crt_parse_der_nocopy( mbedtls_x509_crt *chain,
int mbedtls_x509_crt_parse_der_with_ext_cb( mbedtls_x509_crt *chain,
const unsigned char *buf,
size_t buflen,
int make_copy,
mbedtls_x509_crt_ext_cb_t cb )
{
return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 1, cb ) );
return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, make_copy, cb ) );
}

int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain,
Expand Down

0 comments on commit 7717e4f

Please sign in to comment.