Make use of CRT acquire/release in x509_crt_verify_restartable

This commit is contained in:
Hanno Becker 2019-02-25 18:15:33 +00:00
parent 082435c011
commit 8723336831

View file

@ -3156,7 +3156,6 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt,
mbedtls_x509_crt_restart_ctx *rs_ctx )
{
int ret;
mbedtls_pk_type_t pk_type;
mbedtls_x509_crt_verify_chain ver_chain;
uint32_t ee_flags;
@ -3172,16 +3171,31 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt,
/* check name if requested */
if( cn != NULL )
x509_crt_verify_name( crt, cn, &ee_flags );
{
ret = x509_crt_verify_name( crt, cn, &ee_flags );
if( ret != 0 )
return( ret );
}
/* Check the type and size of the key */
pk_type = mbedtls_pk_get_type( &crt->pk );
{
mbedtls_pk_context *pk;
mbedtls_pk_type_t pk_type;
if( x509_profile_check_pk_alg( profile, pk_type ) != 0 )
ee_flags |= MBEDTLS_X509_BADCERT_BAD_PK;
ret = x509_crt_pk_acquire( crt, &pk );
if( ret != 0 )
return( MBEDTLS_ERR_X509_FATAL_ERROR );
if( x509_profile_check_key( profile, &crt->pk ) != 0 )
ee_flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
/* Check the type and size of the key */
pk_type = mbedtls_pk_get_type( pk );
if( x509_profile_check_pk_alg( profile, pk_type ) != 0 )
ee_flags |= MBEDTLS_X509_BADCERT_BAD_PK;
if( x509_profile_check_key( profile, pk ) != 0 )
ee_flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
x509_crt_pk_release( crt, pk );
}
/* Check the chain */
ret = x509_crt_verify_chain( crt, trust_ca, ca_crl, profile,