From 872333683119fdbaaedf451b34d6cb7175c5dcb5 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 25 Feb 2019 18:15:33 +0000 Subject: [PATCH] Make use of CRT acquire/release in x509_crt_verify_restartable --- library/x509_crt.c | 30 ++++++++++++++++++++++-------- 1 file changed, 22 insertions(+), 8 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 6dba6a1c9..bf62f65d9 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -3156,7 +3156,6 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, mbedtls_x509_crt_restart_ctx *rs_ctx ) { int ret; - mbedtls_pk_type_t pk_type; mbedtls_x509_crt_verify_chain ver_chain; uint32_t ee_flags; @@ -3172,16 +3171,31 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, /* check name if requested */ if( cn != NULL ) - x509_crt_verify_name( crt, cn, &ee_flags ); + { + ret = x509_crt_verify_name( crt, cn, &ee_flags ); + if( ret != 0 ) + return( ret ); + } - /* Check the type and size of the key */ - pk_type = mbedtls_pk_get_type( &crt->pk ); + { + mbedtls_pk_context *pk; + mbedtls_pk_type_t pk_type; - if( x509_profile_check_pk_alg( profile, pk_type ) != 0 ) - ee_flags |= MBEDTLS_X509_BADCERT_BAD_PK; + ret = x509_crt_pk_acquire( crt, &pk ); + if( ret != 0 ) + return( MBEDTLS_ERR_X509_FATAL_ERROR ); - if( x509_profile_check_key( profile, &crt->pk ) != 0 ) - ee_flags |= MBEDTLS_X509_BADCERT_BAD_KEY; + /* Check the type and size of the key */ + pk_type = mbedtls_pk_get_type( pk ); + + if( x509_profile_check_pk_alg( profile, pk_type ) != 0 ) + ee_flags |= MBEDTLS_X509_BADCERT_BAD_PK; + + if( x509_profile_check_key( profile, pk ) != 0 ) + ee_flags |= MBEDTLS_X509_BADCERT_BAD_KEY; + + x509_crt_pk_release( crt, pk ); + } /* Check the chain */ ret = x509_crt_verify_chain( crt, trust_ca, ca_crl, profile,