Don't allow change of CRT frame returned by x509_crt_frame_acquire()

This commit is contained in:
Hanno Becker 2019-05-20 16:26:34 +01:00
parent 9219f9e7b8
commit 5f268b3cf6
4 changed files with 16 additions and 16 deletions

View file

@ -792,7 +792,7 @@ int mbedtls_x509_crt_get_ext_key_usage( mbedtls_x509_crt const *crt,
int mbedtls_x509_crt_flush_cache( mbedtls_x509_crt const *crt );
static inline int mbedtls_x509_crt_frame_acquire( mbedtls_x509_crt const *crt,
mbedtls_x509_crt_frame **frame_ptr )
mbedtls_x509_crt_frame const **frame_ptr )
{
int ret;
#if defined(MBEDTLS_THREADING_C)

View file

@ -874,7 +874,7 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl,
mbedtls_md_type_t sig_md;
{
int ret;
mbedtls_x509_crt_frame *frame;
mbedtls_x509_crt_frame const *frame;
ret = mbedtls_x509_crt_frame_acquire( cur->cert, &frame );
if( ret != 0 )
return( ret );
@ -2996,7 +2996,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
while( crt != NULL && crt->raw.p != NULL )
{
mbedtls_x509_crt_frame *frame;
mbedtls_x509_crt_frame const *frame;
ret = mbedtls_x509_crt_frame_acquire( crt, &frame );
if( ret != 0 )
return( ret );

View file

@ -288,7 +288,7 @@ int mbedtls_x509_crt_get_subject_alt_names( mbedtls_x509_crt const *crt,
mbedtls_x509_sequence **subj_alt )
{
int ret;
mbedtls_x509_crt_frame *frame;
mbedtls_x509_crt_frame const *frame;
mbedtls_x509_sequence *seq;
ret = mbedtls_x509_crt_frame_acquire( crt, &frame );
@ -311,7 +311,7 @@ int mbedtls_x509_crt_get_ext_key_usage( mbedtls_x509_crt const *crt,
mbedtls_x509_sequence **ext_key_usage )
{
int ret;
mbedtls_x509_crt_frame *frame;
mbedtls_x509_crt_frame const *frame;
mbedtls_x509_sequence *seq;
ret = mbedtls_x509_crt_frame_acquire( crt, &frame );
@ -334,7 +334,7 @@ int mbedtls_x509_crt_get_subject( mbedtls_x509_crt const *crt,
mbedtls_x509_name **subject )
{
int ret;
mbedtls_x509_crt_frame *frame;
mbedtls_x509_crt_frame const *frame;
mbedtls_x509_name *name;
ret = mbedtls_x509_crt_frame_acquire( crt, &frame );
@ -357,7 +357,7 @@ int mbedtls_x509_crt_get_issuer( mbedtls_x509_crt const *crt,
mbedtls_x509_name **issuer )
{
int ret;
mbedtls_x509_crt_frame *frame;
mbedtls_x509_crt_frame const *frame;
mbedtls_x509_name *name;
ret = mbedtls_x509_crt_frame_acquire( crt, &frame );
@ -380,7 +380,7 @@ int mbedtls_x509_crt_get_frame( mbedtls_x509_crt const *crt,
mbedtls_x509_crt_frame *dst )
{
int ret;
mbedtls_x509_crt_frame *frame;
mbedtls_x509_crt_frame const *frame;
ret = mbedtls_x509_crt_frame_acquire( crt, &frame );
if( ret != 0 )
return( ret );
@ -2426,7 +2426,7 @@ int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt,
unsigned int usage )
{
int ret;
mbedtls_x509_crt_frame *frame;
mbedtls_x509_crt_frame const *frame;
ret = mbedtls_x509_crt_frame_acquire( crt, &frame );
if( ret != 0 )
return( MBEDTLS_ERR_X509_FATAL_ERROR );
@ -2474,7 +2474,7 @@ int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt,
size_t usage_len )
{
int ret;
mbedtls_x509_crt_frame *frame;
mbedtls_x509_crt_frame const *frame;
unsigned ext_types;
unsigned char *p, *end;
x509_crt_check_ext_key_usage_cb_ctx_t cb_ctx = { usage_oid, usage_len };
@ -2534,7 +2534,7 @@ int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt,
const mbedtls_x509_crl *crl )
{
int ret;
mbedtls_x509_crt_frame *frame;
mbedtls_x509_crt_frame const *frame;
ret = mbedtls_x509_crt_frame_acquire( crt, &frame );
if( ret != 0 )
@ -2569,7 +2569,7 @@ static int x509_crt_verifycrl( unsigned char *crt_serial,
return( flags );
{
mbedtls_x509_crt_frame *ca;
mbedtls_x509_crt_frame const *ca;
ret = mbedtls_x509_crt_frame_acquire( ca_crt, &ca );
if( ret != 0 )
return( MBEDTLS_X509_BADCRL_NOT_TRUSTED );
@ -2846,7 +2846,7 @@ check_signature:
parent_valid = parent_match = path_len_ok = 0;
{
mbedtls_x509_crt_frame *parent;
mbedtls_x509_crt_frame const *parent;
ret = mbedtls_x509_crt_frame_acquire( parent_crt, &parent );
if( ret != 0 )
@ -3139,7 +3139,7 @@ find_parent:
{
mbedtls_x509_crt_sig_info child_sig;
{
mbedtls_x509_crt_frame *child;
mbedtls_x509_crt_frame const *child;
ret = mbedtls_x509_crt_frame_acquire( child_crt, &child );
if( ret != 0 )
@ -3340,7 +3340,7 @@ static int x509_crt_verify_name( const mbedtls_x509_crt *crt,
uint32_t *flags )
{
int ret;
mbedtls_x509_crt_frame *frame;
mbedtls_x509_crt_frame const *frame;
ret = mbedtls_x509_crt_frame_acquire( crt, &frame );
if( ret != 0 )

View file

@ -143,7 +143,7 @@ int verify_print( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint
verify_print_context *ctx = (verify_print_context *) data;
char *p = ctx->p;
size_t n = ctx->buf + sizeof( ctx->buf ) - ctx->p;
mbedtls_x509_crt_frame *frame;
mbedtls_x509_crt_frame const *frame;
mbedtls_x509_name *subject;
((void) flags);