From 2fefa4845d0586ca1d797ebcb9d8faed5d3a604d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 28 Feb 2019 14:03:46 +0000 Subject: [PATCH] Make use of acquire/release in ssl_parse_server_key_exchange() --- library/ssl_cli.c | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 36b4c3415..07e15c4cd 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2817,7 +2817,15 @@ start_processing: MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } - peer_pk = &ssl->session_negotiate->peer_cert->pk; + + ret = mbedtls_x509_crt_pk_acquire( ssl->session_negotiate->peer_cert, + &peer_pk ); + if( ret != 0 ) + { + /* Should never happen */ + MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ /* @@ -2828,6 +2836,10 @@ start_processing: MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); +#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) + mbedtls_x509_crt_pk_release( ssl->session_negotiate->peer_cert, + peer_pk ); +#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH ); } @@ -2849,6 +2861,10 @@ start_processing: if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; #endif +#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) + mbedtls_x509_crt_pk_release( ssl->session_negotiate->peer_cert, + peer_pk ); +#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ return( ret ); } @@ -2857,7 +2873,10 @@ start_processing: * so that more RAM is available for upcoming expensive * operations like ECDHE. */ mbedtls_pk_free( peer_pk ); -#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ +#else + mbedtls_x509_crt_pk_release( ssl->session_negotiate->peer_cert, + peer_pk ); +#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ } #endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */