diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 7a359b1c6..7b369bb87 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -39,26 +39,36 @@ static int x509_crt_verifycsr( const unsigned char *buf, size_t buflen ) unsigned char hash[MBEDTLS_MD_MAX_SIZE]; const mbedtls_md_info_t *md_info; mbedtls_x509_csr csr; + int ret = 0; + + mbedtls_x509_csr_init( &csr ); if( mbedtls_x509_csr_parse( &csr, buf, buflen ) != 0 ) - return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); + { + ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA; + goto cleanup; + } md_info = mbedtls_md_info_from_type( csr.sig_md ); if( mbedtls_md( md_info, csr.cri.p, csr.cri.len, hash ) != 0 ) { /* Note: this can't happen except after an internal error */ - return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); + ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA; + goto cleanup; } if( mbedtls_pk_verify_ext( csr.sig_pk, csr.sig_opts, &csr.pk, csr.sig_md, hash, mbedtls_md_get_size( md_info ), csr.sig.p, csr.sig.len ) != 0 ) { - return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ); + ret = MBEDTLS_ERR_X509_CERT_VERIFY_FAILED; + goto cleanup; } +cleanup: + mbedtls_x509_csr_free( &csr ); - return( 0 ); + return( ret ); } #endif /* MBEDTLS_USE_PSA_CRYPTO */