Remove frame/pk parameter from mbedtls_x509_crt_xxx_release()

This commit is contained in:
Hanno Becker 2019-03-05 13:50:56 +00:00
parent 7dbf49a518
commit c6d1c3ed1c
8 changed files with 36 additions and 46 deletions

View file

@ -864,11 +864,8 @@ static inline int mbedtls_x509_crt_frame_acquire( mbedtls_x509_crt const *crt,
return( 0 );
}
static inline void mbedtls_x509_crt_frame_release(
mbedtls_x509_crt const *crt,
mbedtls_x509_crt_frame *frame )
static inline void mbedtls_x509_crt_frame_release( mbedtls_x509_crt const *crt )
{
((void) frame);
((void) crt);
#if defined(MBEDTLS_THREADING_C)
@ -902,10 +899,8 @@ static inline int mbedtls_x509_crt_pk_acquire( mbedtls_x509_crt const *crt,
return( 0 );
}
static inline void mbedtls_x509_crt_pk_release( mbedtls_x509_crt const *crt,
mbedtls_pk_context *pk )
static inline void mbedtls_x509_crt_pk_release( mbedtls_x509_crt const *crt )
{
((void) pk);
((void) crt);
#if defined(MBEDTLS_THREADING_C)

View file

@ -402,7 +402,7 @@ void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level,
return;
}
debug_print_pk( ssl, level, file, line, "crt->", pk );
mbedtls_x509_crt_pk_release( crt, pk );
mbedtls_x509_crt_pk_release( crt );
crt = crt->next;
}

View file

@ -2378,7 +2378,7 @@ cleanup:
/* We don't need the peer's public key anymore. Free it. */
mbedtls_pk_free( peer_pk );
#else
mbedtls_x509_crt_pk_release( ssl->session_negotiate->peer_cert, peer_pk );
mbedtls_x509_crt_pk_release( ssl->session_negotiate->peer_cert );
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
return( ret );
@ -2509,7 +2509,7 @@ cleanup:
* operations like ECDHE. */
mbedtls_pk_free( peer_pk );
#else
mbedtls_x509_crt_pk_release( ssl->session_negotiate->peer_cert, peer_pk );
mbedtls_x509_crt_pk_release( ssl->session_negotiate->peer_cert );
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
return( ret );
@ -2837,8 +2837,7 @@ start_processing:
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
mbedtls_x509_crt_pk_release( ssl->session_negotiate->peer_cert,
peer_pk );
mbedtls_x509_crt_pk_release( ssl->session_negotiate->peer_cert );
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH );
}
@ -2862,8 +2861,7 @@ start_processing:
ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
#endif
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
mbedtls_x509_crt_pk_release( ssl->session_negotiate->peer_cert,
peer_pk );
mbedtls_x509_crt_pk_release( ssl->session_negotiate->peer_cert );
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
return( ret );
}
@ -2874,8 +2872,7 @@ start_processing:
* operations like ECDHE. */
mbedtls_pk_free( peer_pk );
#else
mbedtls_x509_crt_pk_release( ssl->session_negotiate->peer_cert,
peer_pk );
mbedtls_x509_crt_pk_release( ssl->session_negotiate->peer_cert );
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
}
#endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */

View file

@ -840,7 +840,7 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl,
#endif
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
mbedtls_x509_crt_pk_release( cur->cert, pk );
mbedtls_x509_crt_pk_release( cur->cert );
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
if( match == 0 )
@ -879,7 +879,7 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl,
if( ret != 0 )
return( ret );
sig_md = frame->sig_md;
mbedtls_x509_crt_frame_release( cur->cert, frame );
mbedtls_x509_crt_frame_release( cur->cert );
}
if( sig_md != MBEDTLS_MD_SHA1 )
@ -3008,7 +3008,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
(size_t)( end - p ) < 2 + dn_size )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "skipping CAs: buffer too short" ) );
mbedtls_x509_crt_frame_release( crt, frame );
mbedtls_x509_crt_frame_release( crt );
break;
}
@ -3021,7 +3021,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
total_dn_size += 2 + dn_size;
mbedtls_x509_crt_frame_release( crt, frame );
mbedtls_x509_crt_frame_release( crt );
crt = crt->next;
}
@ -4407,8 +4407,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
exit:
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
mbedtls_x509_crt_pk_release( ssl->session_negotiate->peer_cert,
peer_pk );
mbedtls_x509_crt_pk_release( ssl->session_negotiate->peer_cert );
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
return( ret );

View file

@ -6513,7 +6513,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl,
if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) )
ret = mbedtls_ssl_check_curve( ssl, mbedtls_pk_ec( *pk )->grp.id );
mbedtls_x509_crt_pk_release( chain, pk );
mbedtls_x509_crt_pk_release( chain );
if( ret != 0 )
{

View file

@ -260,7 +260,7 @@ int mbedtls_x509_crt_get_subject_alt_names( mbedtls_x509_crt const *crt,
else
ret = x509_crt_subject_alt_from_frame( frame, seq );
mbedtls_x509_crt_frame_release( crt, frame );
mbedtls_x509_crt_frame_release( crt );
*subj_alt = seq;
return( ret );
@ -283,7 +283,7 @@ int mbedtls_x509_crt_get_ext_key_usage( mbedtls_x509_crt const *crt,
else
ret = x509_crt_ext_key_usage_from_frame( frame, seq );
mbedtls_x509_crt_frame_release( crt, frame );
mbedtls_x509_crt_frame_release( crt );
*ext_key_usage = seq;
return( ret );
@ -306,7 +306,7 @@ int mbedtls_x509_crt_get_subject( mbedtls_x509_crt const *crt,
else
ret = x509_crt_subject_from_frame( frame, name );
mbedtls_x509_crt_frame_release( crt, frame );
mbedtls_x509_crt_frame_release( crt );
*subject = name;
return( ret );
@ -329,7 +329,7 @@ int mbedtls_x509_crt_get_issuer( mbedtls_x509_crt const *crt,
else
ret = x509_crt_issuer_from_frame( frame, name );
mbedtls_x509_crt_frame_release( crt, frame );
mbedtls_x509_crt_frame_release( crt );
*issuer = name;
return( ret );
@ -344,7 +344,7 @@ int mbedtls_x509_crt_get_frame( mbedtls_x509_crt const *crt,
if( ret != 0 )
return( ret );
*dst = *frame;
mbedtls_x509_crt_frame_release( crt, frame );
mbedtls_x509_crt_frame_release( crt );
return( 0 );
}
@ -369,7 +369,7 @@ int mbedtls_x509_crt_get_pk( mbedtls_x509_crt const *crt,
mbedtls_free( crt->cache->pk );
crt->cache->pk = NULL;
mbedtls_x509_crt_pk_release( crt, pk );
mbedtls_x509_crt_pk_release( crt );
return( 0 );
#endif /* MBEDTLS_X509_ON_DEMAND_PARSING */
}
@ -2379,13 +2379,12 @@ int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt,
{
int ret;
mbedtls_x509_crt_frame *frame;
ret = mbedtls_x509_crt_frame_acquire( crt,
(mbedtls_x509_crt_frame**) &frame );
ret = mbedtls_x509_crt_frame_acquire( crt, &frame );
if( ret != 0 )
return( MBEDTLS_ERR_X509_FATAL_ERROR );
ret = x509_crt_check_key_usage_frame( frame, usage );
mbedtls_x509_crt_frame_release( crt, (mbedtls_x509_crt_frame*) frame );
mbedtls_x509_crt_frame_release( crt );
return( ret );
}
@ -2453,7 +2452,7 @@ int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt,
ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA;
}
mbedtls_x509_crt_frame_release( crt, frame );
mbedtls_x509_crt_frame_release( crt );
return( ret );
}
#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
@ -2496,7 +2495,7 @@ int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt,
ret = x509_serial_is_revoked( frame->serial.p,
frame->serial.len,
crl );
mbedtls_x509_crt_frame_release( crt, frame );
mbedtls_x509_crt_frame_release( crt );
return( ret );
}
@ -2536,7 +2535,7 @@ static int x509_crt_verifycrl( unsigned char *crt_serial,
can_sign = 1;
}
mbedtls_x509_crt_frame_release( ca_crt, ca );
mbedtls_x509_crt_frame_release( ca_crt );
}
ret = mbedtls_x509_crt_pk_acquire( ca_crt, &pk );
@ -2614,7 +2613,7 @@ static int x509_crt_verifycrl( unsigned char *crt_serial,
crl_list = crl_list->next;
}
mbedtls_x509_crt_pk_release( ca_crt, pk );
mbedtls_x509_crt_pk_release( ca_crt );
return( flags );
}
#endif /* MBEDTLS_X509_CRL_PARSE_C */
@ -2663,7 +2662,7 @@ static int x509_crt_check_signature( const mbedtls_x509_crt_sig_info *sig_info,
}
exit:
mbedtls_x509_crt_pk_release( parent, pk );
mbedtls_x509_crt_pk_release( parent );
return( ret );
}
@ -2823,7 +2822,7 @@ check_signature:
path_len_ok = 1;
}
mbedtls_x509_crt_frame_release( parent_crt, parent );
mbedtls_x509_crt_frame_release( parent_crt );
}
if( parent_match == 0 || path_len_ok == 0 )
@ -3107,7 +3106,7 @@ find_parent:
/* Stop here for trusted roots (but not for trusted EE certs) */
if( child_is_trusted )
{
mbedtls_x509_crt_frame_release( child_crt, child );
mbedtls_x509_crt_frame_release( child_crt );
return( 0 );
}
@ -3130,7 +3129,7 @@ find_parent:
if( ver_chain->len == 1 && self_issued &&
x509_crt_check_ee_locally_trusted( child, trust_ca ) == 0 )
{
mbedtls_x509_crt_frame_release( child_crt, child );
mbedtls_x509_crt_frame_release( child_crt );
return( 0 );
}
@ -3139,7 +3138,7 @@ find_parent:
#endif /* MBEDTLS_X509_CRL_PARSE_C */
ret = x509_crt_get_sig_info( child, &child_sig );
mbedtls_x509_crt_frame_release( child_crt, child );
mbedtls_x509_crt_frame_release( child_crt );
if( ret != 0 )
return( MBEDTLS_ERR_X509_FATAL_ERROR );
@ -3203,7 +3202,7 @@ find_parent:
if( x509_profile_check_key( profile, parent_pk ) != 0 )
*flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
mbedtls_x509_crt_pk_release( parent_crt, parent_pk );
mbedtls_x509_crt_pk_release( parent_crt );
}
#if defined(MBEDTLS_X509_CRL_PARSE_C)
@ -3321,7 +3320,7 @@ static int x509_crt_verify_name( const mbedtls_x509_crt *crt,
x509_crt_check_name, (void*) cn );
}
mbedtls_x509_crt_frame_release( crt, frame );
mbedtls_x509_crt_frame_release( crt );
/* x509_crt_check_name() and x509_crt_subject_alt_check_name()
* return 1 when finding a name component matching `cn`. */
@ -3452,7 +3451,7 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt,
if( x509_profile_check_key( profile, pk ) != 0 )
ee_flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
mbedtls_x509_crt_pk_release( crt, pk );
mbedtls_x509_crt_pk_release( crt );
}
/* Check the chain */

View file

@ -1099,7 +1099,7 @@ static int ssl_async_start( mbedtls_ssl_context *ssl,
if( ret != 0 )
return( ret );
match = mbedtls_pk_check_pair( pk, config_data->slots[slot].pk );
mbedtls_x509_crt_pk_release( cert, pk );
mbedtls_x509_crt_pk_release( cert );
if( match == 0 )
break;
}

View file

@ -179,7 +179,7 @@ int verify_print( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint
cleanup:
mbedtls_x509_name_free( subject );
mbedtls_x509_crt_frame_release( crt, frame );
mbedtls_x509_crt_frame_release( crt );
if( ret < 0 )
return( ret );