Give x509_{sequence|name}_free() external linkage

With the introduction of `mbedtls_x509_crt_get_{issuer|name}()`,
users need an easy way of freeing the dynamic name structures these
functions return.

To that end, this commit renames `x509_{sequence|name}_free()`
to `mbedtls_x509_{sequence|name}_free()` and gives them external linkage.

include/mbedtls/x509.h

@@ -278,6 +278,26 @@ int mbedtls_x509_time_is_past( const mbedtls_x509_time *to );
  */
 int mbedtls_x509_time_is_future( const mbedtls_x509_time *from );
 
+/**
+ * \brief          Free a dynamic linked list presentation of an X.509 name
+ *                 as returned e.g. by mbedtls_x509_crt_get_subject().
+ *
+ * \param name     The address of the first name component. This may
+ *                 be \c NULL, in which case this functions returns
+ *                 immediately.
+ */
+void mbedtls_x509_name_free( mbedtls_x509_name *name );
+
+/**
+ * \brief          Free a dynamic linked list presentation of an X.509 sequence
+ *                 as returned e.g. by mbedtls_x509_crt_get_subject_alt_name().
+ *
+ * \param seq      The address of the first sequence component. This may
+ *                 be \c NULL, in which case this functions returns
+ *                 immediately.
+ */
+void mbedtls_x509_sequence_free( mbedtls_x509_sequence *seq );
+
 #if defined(MBEDTLS_SELF_TEST)
 
 /**

include/mbedtls/x509_crt.h

@@ -720,7 +720,8 @@ int mbedtls_x509_crt_get_pk( mbedtls_x509_crt const *crt,
  *
  * \return          \c 0 on success. In this case, the user takes ownership
  *                  of the name context, and is responsible for freeing it
- *                  once it's no longer needed.
+ *                  through a call to mbedtls_x509_name_free() once it's no
+ *                  longer needed.
  * \return          A negative error code on failure.
  */
 int mbedtls_x509_crt_get_subject( mbedtls_x509_crt const *crt,
@@ -744,7 +745,8 @@ int mbedtls_x509_crt_get_subject( mbedtls_x509_crt const *crt,
  *
  * \return          \c 0 on success. In this case, the user takes ownership
  *                  of the name context, and is responsible for freeing it
- *                  once it's no longer needed.
+ *                  through a call to mbedtls_x509_name_free() once it's no
+ *                  longer needed.
  * \return          A negative error code on failure.
  */
 int mbedtls_x509_crt_get_issuer( mbedtls_x509_crt const *crt,

library/x509.c

@@ -1194,6 +1194,28 @@ int mbedtls_x509_time_is_future( const mbedtls_x509_time *from )
 }
 #endif /* MBEDTLS_HAVE_TIME_DATE */
 
+void mbedtls_x509_name_free( mbedtls_x509_name *name )
+{
+    while( name != NULL )
+    {
+        mbedtls_x509_name *next = name->next;
+        mbedtls_platform_zeroize( name, sizeof( *name ) );
+        mbedtls_free( name );
+        name = next;
+    }
+}
+
+void mbedtls_x509_sequence_free( mbedtls_x509_sequence *seq )
+{
+    while( seq != NULL )
+    {
+        mbedtls_x509_sequence *next = seq->next;
+        mbedtls_platform_zeroize( seq, sizeof( *seq ) );
+        mbedtls_free( seq );
+        seq = next;
+    }
+}
+
 #if defined(MBEDTLS_SELF_TEST)
 
 #include "mbedtls/x509_crt.h"

library/x509_crt.c

@@ -90,9 +90,6 @@ static int x509_crt_subject_alt_from_frame( mbedtls_x509_crt_frame *frame,
 static int x509_crt_ext_key_usage_from_frame( mbedtls_x509_crt_frame *frame,
                                         mbedtls_x509_sequence *ext_key_usage );
 
-static void x509_free_sequence( mbedtls_x509_sequence *seq );
-static void x509_free_name( mbedtls_x509_name *name );
-
 int mbedtls_x509_crt_cache_provide_frame( mbedtls_x509_crt const *crt )
 {
     mbedtls_x509_crt_cache *cache = crt->cache;
@@ -2225,10 +2222,10 @@ cleanup:
     mbedtls_x509_crt_pk_release( (mbedtls_x509_crt*) crt_raw, pk );
 
     x509_crt_free_sig_info( &sig_info );
-    x509_free_name( issuer.next );
-    x509_free_name( subject.next );
-    x509_free_sequence( ext_key_usage.next );
-    x509_free_sequence( subject_alt_names.next );
+    mbedtls_x509_name_free( issuer.next );
+    mbedtls_x509_name_free( subject.next );
+    mbedtls_x509_sequence_free( ext_key_usage.next );
+    mbedtls_x509_sequence_free( subject_alt_names.next );
 
     return( ret );
 }
@@ -3445,28 +3442,6 @@ void mbedtls_x509_crt_init( mbedtls_x509_crt *crt )
  * Unallocate all certificate data
  */
 
-static void x509_free_sequence( mbedtls_x509_sequence *seq )
-{
-    while( seq != NULL )
-    {
-        mbedtls_x509_sequence *next = seq->next;
-        mbedtls_platform_zeroize( seq, sizeof( *seq ) );
-        mbedtls_free( seq );
-        seq = next;
-    }
-}
-
-static void x509_free_name( mbedtls_x509_name *name )
-{
-    while( name != NULL )
-    {
-        mbedtls_x509_name *next = name->next;
-        mbedtls_platform_zeroize( name, sizeof( *name ) );
-        mbedtls_free( name );
-        name = next;
-    }
-}
-
 void mbedtls_x509_crt_free( mbedtls_x509_crt *crt )
 {
     mbedtls_x509_crt *cert_cur = crt;
@@ -3487,10 +3462,10 @@ void mbedtls_x509_crt_free( mbedtls_x509_crt *crt )
         mbedtls_free( cert_cur->sig_opts );
 #endif
 
-        x509_free_name( cert_cur->issuer.next );
-        x509_free_name( cert_cur->subject.next );
-        x509_free_sequence( cert_cur->ext_key_usage.next );
-        x509_free_sequence( cert_cur->subject_alt_names.next );
+        mbedtls_x509_name_free( cert_cur->issuer.next );
+        mbedtls_x509_name_free( cert_cur->subject.next );
+        mbedtls_x509_sequence_free( cert_cur->ext_key_usage.next );
+        mbedtls_x509_sequence_free( cert_cur->subject_alt_names.next );
 #endif /* !MBEDTLS_X509_ON_DEMAND_PARSING */
 
         if( cert_cur->raw.p != NULL && cert_cur->own_buffer )