From c6d1c3ed1c39a4ce002bcc99fcaa0fbc941a38f0 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 5 Mar 2019 13:50:56 +0000 Subject: [PATCH] Remove frame/pk parameter from mbedtls_x509_crt_xxx_release() --- include/mbedtls/x509_crt.h | 9 ++--- library/debug.c | 2 +- library/ssl_cli.c | 13 +++---- library/ssl_srv.c | 11 +++--- library/ssl_tls.c | 2 +- library/x509_crt.c | 41 +++++++++++----------- programs/ssl/ssl_server2.c | 2 +- tests/suites/test_suite_x509parse.function | 2 +- 8 files changed, 36 insertions(+), 46 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index e4b888259..c3ef4380a 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -864,11 +864,8 @@ static inline int mbedtls_x509_crt_frame_acquire( mbedtls_x509_crt const *crt, return( 0 ); } -static inline void mbedtls_x509_crt_frame_release( - mbedtls_x509_crt const *crt, - mbedtls_x509_crt_frame *frame ) +static inline void mbedtls_x509_crt_frame_release( mbedtls_x509_crt const *crt ) { - ((void) frame); ((void) crt); #if defined(MBEDTLS_THREADING_C) @@ -902,10 +899,8 @@ static inline int mbedtls_x509_crt_pk_acquire( mbedtls_x509_crt const *crt, return( 0 ); } -static inline void mbedtls_x509_crt_pk_release( mbedtls_x509_crt const *crt, - mbedtls_pk_context *pk ) +static inline void mbedtls_x509_crt_pk_release( mbedtls_x509_crt const *crt ) { - ((void) pk); ((void) crt); #if defined(MBEDTLS_THREADING_C) diff --git a/library/debug.c b/library/debug.c index 41769eca6..b02a4f8b5 100644 --- a/library/debug.c +++ b/library/debug.c @@ -402,7 +402,7 @@ void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level, return; } debug_print_pk( ssl, level, file, line, "crt->", pk ); - mbedtls_x509_crt_pk_release( crt, pk ); + mbedtls_x509_crt_pk_release( crt ); crt = crt->next; } diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 07e15c4cd..c3c28c703 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2378,7 +2378,7 @@ cleanup: /* We don't need the peer's public key anymore. Free it. */ mbedtls_pk_free( peer_pk ); #else - mbedtls_x509_crt_pk_release( ssl->session_negotiate->peer_cert, peer_pk ); + mbedtls_x509_crt_pk_release( ssl->session_negotiate->peer_cert ); #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ return( ret ); @@ -2509,7 +2509,7 @@ cleanup: * operations like ECDHE. */ mbedtls_pk_free( peer_pk ); #else - mbedtls_x509_crt_pk_release( ssl->session_negotiate->peer_cert, peer_pk ); + mbedtls_x509_crt_pk_release( ssl->session_negotiate->peer_cert ); #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ return( ret ); @@ -2837,8 +2837,7 @@ start_processing: mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - mbedtls_x509_crt_pk_release( ssl->session_negotiate->peer_cert, - peer_pk ); + mbedtls_x509_crt_pk_release( ssl->session_negotiate->peer_cert ); #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH ); } @@ -2862,8 +2861,7 @@ start_processing: ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; #endif #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - mbedtls_x509_crt_pk_release( ssl->session_negotiate->peer_cert, - peer_pk ); + mbedtls_x509_crt_pk_release( ssl->session_negotiate->peer_cert ); #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ return( ret ); } @@ -2874,8 +2872,7 @@ start_processing: * operations like ECDHE. */ mbedtls_pk_free( peer_pk ); #else - mbedtls_x509_crt_pk_release( ssl->session_negotiate->peer_cert, - peer_pk ); + mbedtls_x509_crt_pk_release( ssl->session_negotiate->peer_cert ); #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ } #endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */ diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 6757e2ab2..1fd1d310a 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -840,7 +840,7 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl, #endif #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - mbedtls_x509_crt_pk_release( cur->cert, pk ); + mbedtls_x509_crt_pk_release( cur->cert ); #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ if( match == 0 ) @@ -879,7 +879,7 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl, if( ret != 0 ) return( ret ); sig_md = frame->sig_md; - mbedtls_x509_crt_frame_release( cur->cert, frame ); + mbedtls_x509_crt_frame_release( cur->cert ); } if( sig_md != MBEDTLS_MD_SHA1 ) @@ -3008,7 +3008,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) (size_t)( end - p ) < 2 + dn_size ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "skipping CAs: buffer too short" ) ); - mbedtls_x509_crt_frame_release( crt, frame ); + mbedtls_x509_crt_frame_release( crt ); break; } @@ -3021,7 +3021,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) total_dn_size += 2 + dn_size; - mbedtls_x509_crt_frame_release( crt, frame ); + mbedtls_x509_crt_frame_release( crt ); crt = crt->next; } @@ -4407,8 +4407,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) exit: #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - mbedtls_x509_crt_pk_release( ssl->session_negotiate->peer_cert, - peer_pk ); + mbedtls_x509_crt_pk_release( ssl->session_negotiate->peer_cert ); #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ return( ret ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 4a3c9fe8b..560ef4c07 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6513,7 +6513,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) ) ret = mbedtls_ssl_check_curve( ssl, mbedtls_pk_ec( *pk )->grp.id ); - mbedtls_x509_crt_pk_release( chain, pk ); + mbedtls_x509_crt_pk_release( chain ); if( ret != 0 ) { diff --git a/library/x509_crt.c b/library/x509_crt.c index 04b227abe..b5710ed74 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -260,7 +260,7 @@ int mbedtls_x509_crt_get_subject_alt_names( mbedtls_x509_crt const *crt, else ret = x509_crt_subject_alt_from_frame( frame, seq ); - mbedtls_x509_crt_frame_release( crt, frame ); + mbedtls_x509_crt_frame_release( crt ); *subj_alt = seq; return( ret ); @@ -283,7 +283,7 @@ int mbedtls_x509_crt_get_ext_key_usage( mbedtls_x509_crt const *crt, else ret = x509_crt_ext_key_usage_from_frame( frame, seq ); - mbedtls_x509_crt_frame_release( crt, frame ); + mbedtls_x509_crt_frame_release( crt ); *ext_key_usage = seq; return( ret ); @@ -306,7 +306,7 @@ int mbedtls_x509_crt_get_subject( mbedtls_x509_crt const *crt, else ret = x509_crt_subject_from_frame( frame, name ); - mbedtls_x509_crt_frame_release( crt, frame ); + mbedtls_x509_crt_frame_release( crt ); *subject = name; return( ret ); @@ -329,7 +329,7 @@ int mbedtls_x509_crt_get_issuer( mbedtls_x509_crt const *crt, else ret = x509_crt_issuer_from_frame( frame, name ); - mbedtls_x509_crt_frame_release( crt, frame ); + mbedtls_x509_crt_frame_release( crt ); *issuer = name; return( ret ); @@ -344,7 +344,7 @@ int mbedtls_x509_crt_get_frame( mbedtls_x509_crt const *crt, if( ret != 0 ) return( ret ); *dst = *frame; - mbedtls_x509_crt_frame_release( crt, frame ); + mbedtls_x509_crt_frame_release( crt ); return( 0 ); } @@ -369,7 +369,7 @@ int mbedtls_x509_crt_get_pk( mbedtls_x509_crt const *crt, mbedtls_free( crt->cache->pk ); crt->cache->pk = NULL; - mbedtls_x509_crt_pk_release( crt, pk ); + mbedtls_x509_crt_pk_release( crt ); return( 0 ); #endif /* MBEDTLS_X509_ON_DEMAND_PARSING */ } @@ -2379,13 +2379,12 @@ int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt, { int ret; mbedtls_x509_crt_frame *frame; - ret = mbedtls_x509_crt_frame_acquire( crt, - (mbedtls_x509_crt_frame**) &frame ); + ret = mbedtls_x509_crt_frame_acquire( crt, &frame ); if( ret != 0 ) return( MBEDTLS_ERR_X509_FATAL_ERROR ); ret = x509_crt_check_key_usage_frame( frame, usage ); - mbedtls_x509_crt_frame_release( crt, (mbedtls_x509_crt_frame*) frame ); + mbedtls_x509_crt_frame_release( crt ); return( ret ); } @@ -2453,7 +2452,7 @@ int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt, ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA; } - mbedtls_x509_crt_frame_release( crt, frame ); + mbedtls_x509_crt_frame_release( crt ); return( ret ); } #endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */ @@ -2496,7 +2495,7 @@ int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, ret = x509_serial_is_revoked( frame->serial.p, frame->serial.len, crl ); - mbedtls_x509_crt_frame_release( crt, frame ); + mbedtls_x509_crt_frame_release( crt ); return( ret ); } @@ -2536,7 +2535,7 @@ static int x509_crt_verifycrl( unsigned char *crt_serial, can_sign = 1; } - mbedtls_x509_crt_frame_release( ca_crt, ca ); + mbedtls_x509_crt_frame_release( ca_crt ); } ret = mbedtls_x509_crt_pk_acquire( ca_crt, &pk ); @@ -2614,7 +2613,7 @@ static int x509_crt_verifycrl( unsigned char *crt_serial, crl_list = crl_list->next; } - mbedtls_x509_crt_pk_release( ca_crt, pk ); + mbedtls_x509_crt_pk_release( ca_crt ); return( flags ); } #endif /* MBEDTLS_X509_CRL_PARSE_C */ @@ -2663,7 +2662,7 @@ static int x509_crt_check_signature( const mbedtls_x509_crt_sig_info *sig_info, } exit: - mbedtls_x509_crt_pk_release( parent, pk ); + mbedtls_x509_crt_pk_release( parent ); return( ret ); } @@ -2823,7 +2822,7 @@ check_signature: path_len_ok = 1; } - mbedtls_x509_crt_frame_release( parent_crt, parent ); + mbedtls_x509_crt_frame_release( parent_crt ); } if( parent_match == 0 || path_len_ok == 0 ) @@ -3107,7 +3106,7 @@ find_parent: /* Stop here for trusted roots (but not for trusted EE certs) */ if( child_is_trusted ) { - mbedtls_x509_crt_frame_release( child_crt, child ); + mbedtls_x509_crt_frame_release( child_crt ); return( 0 ); } @@ -3130,7 +3129,7 @@ find_parent: if( ver_chain->len == 1 && self_issued && x509_crt_check_ee_locally_trusted( child, trust_ca ) == 0 ) { - mbedtls_x509_crt_frame_release( child_crt, child ); + mbedtls_x509_crt_frame_release( child_crt ); return( 0 ); } @@ -3139,7 +3138,7 @@ find_parent: #endif /* MBEDTLS_X509_CRL_PARSE_C */ ret = x509_crt_get_sig_info( child, &child_sig ); - mbedtls_x509_crt_frame_release( child_crt, child ); + mbedtls_x509_crt_frame_release( child_crt ); if( ret != 0 ) return( MBEDTLS_ERR_X509_FATAL_ERROR ); @@ -3203,7 +3202,7 @@ find_parent: if( x509_profile_check_key( profile, parent_pk ) != 0 ) *flags |= MBEDTLS_X509_BADCERT_BAD_KEY; - mbedtls_x509_crt_pk_release( parent_crt, parent_pk ); + mbedtls_x509_crt_pk_release( parent_crt ); } #if defined(MBEDTLS_X509_CRL_PARSE_C) @@ -3321,7 +3320,7 @@ static int x509_crt_verify_name( const mbedtls_x509_crt *crt, x509_crt_check_name, (void*) cn ); } - mbedtls_x509_crt_frame_release( crt, frame ); + mbedtls_x509_crt_frame_release( crt ); /* x509_crt_check_name() and x509_crt_subject_alt_check_name() * return 1 when finding a name component matching `cn`. */ @@ -3452,7 +3451,7 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, if( x509_profile_check_key( profile, pk ) != 0 ) ee_flags |= MBEDTLS_X509_BADCERT_BAD_KEY; - mbedtls_x509_crt_pk_release( crt, pk ); + mbedtls_x509_crt_pk_release( crt ); } /* Check the chain */ diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index df39b5149..8488bada8 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1099,7 +1099,7 @@ static int ssl_async_start( mbedtls_ssl_context *ssl, if( ret != 0 ) return( ret ); match = mbedtls_pk_check_pair( pk, config_data->slots[slot].pk ); - mbedtls_x509_crt_pk_release( cert, pk ); + mbedtls_x509_crt_pk_release( cert ); if( match == 0 ) break; } diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index de0bc6d55..3b926084e 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -179,7 +179,7 @@ int verify_print( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint cleanup: mbedtls_x509_name_free( subject ); - mbedtls_x509_crt_frame_release( crt, frame ); + mbedtls_x509_crt_frame_release( crt ); if( ret < 0 ) return( ret );