From f332a97e1bf370b9ea15c0e18e76d3fe8cf92c26 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 13 May 2019 11:56:21 +0100 Subject: [PATCH] Add ASN.1 API to free linked list representation of ASN.1 sequences --- include/mbedtls/asn1.h | 37 +++++++++++++++++++++++++++++++------ include/mbedtls/x509.h | 5 ++++- library/asn1parse.c | 10 ++++++++++ library/x509.c | 11 ----------- 4 files changed, 45 insertions(+), 18 deletions(-) diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h index 5b7b2b82d..b471a94b6 100644 --- a/include/mbedtls/asn1.h +++ b/include/mbedtls/asn1.h @@ -276,13 +276,38 @@ int mbedtls_asn1_get_bitstring_null( unsigned char **p, const unsigned char *end size_t *len ); /** - * \brief Parses and splits an ASN.1 "SEQUENCE OF " - * Updated the pointer to immediately behind the full sequence tag. + * \brief Free a heap-allocated linked list presentation of + * an ASN.1 sequence, including the first element. * - * \param p The position in the ASN.1 data - * \param end End of data - * \param cur First variable in the chain to fill - * \param tag Type of sequence + * \param seq The address of the first sequence component. This may + * be \c NULL, in which case this functions returns + * immediately. + */ +void mbedtls_asn1_sequence_free( mbedtls_asn1_sequence *seq ); + +/** + * \brief This function parses and splits an ASN.1 "SEQUENCE OF " + * and updates the source buffer pointer to immediately behind + * the full sequence. + * + * \param p The address of the pointer to the beginning of the + * ASN.1 SEQUENCE OF structure, including ASN.1 tag+length header. + * On success, `*p` is advanced to point to the first byte + * following the parsed ASN.1 sequence. + * \param end The end of the ASN.1 input buffer starting at \p p. This is + * used for bounds checking. + * \param cur The address at which to store the first entry in the parsed + * sequence. Further entries are heap-allocated and referenced + * from \p cur. + * \param tag The common tag of the entries in the ASN.1 sequence. + * + * \note Ownership for the heap-allocated elements \c cur->next, + * \c cur->next->next, ..., is passed to the caller. It + * is hence the caller's responsibility to free them when + * no longer needed, and mbedtls_asn1_sequence_free() can + * be used for that, passing \c cur->next as the \c seq + * argument (or \p cur if \p cur itself was heap-allocated + * by the caller). * * \return 0 if successful or a specific ASN.1 error code. */ diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 753019aac..5d091bc2d 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -296,7 +296,10 @@ void mbedtls_x509_name_free( mbedtls_x509_name *name ); * be \c NULL, in which case this functions returns * immediately. */ -void mbedtls_x509_sequence_free( mbedtls_x509_sequence *seq ); +static inline void mbedtls_x509_sequence_free( mbedtls_x509_sequence *seq ) +{ + mbedtls_asn1_sequence_free( (mbedtls_asn1_sequence*) seq ); +} #if defined(MBEDTLS_SELF_TEST) diff --git a/library/asn1parse.c b/library/asn1parse.c index f24fee69f..68a70e61f 100644 --- a/library/asn1parse.c +++ b/library/asn1parse.c @@ -229,6 +229,16 @@ int mbedtls_asn1_get_bitstring_null( unsigned char **p, const unsigned char *end return( 0 ); } +void mbedtls_asn1_sequence_free( mbedtls_asn1_sequence *seq ) +{ + while( seq != NULL ) + { + mbedtls_asn1_sequence *next = seq->next; + mbedtls_platform_zeroize( seq, sizeof( *seq ) ); + mbedtls_free( seq ); + seq = next; + } +} /* * Traverse an ASN.1 "SEQUENCE OF " diff --git a/library/x509.c b/library/x509.c index 627a5a39b..f1c96a827 100644 --- a/library/x509.c +++ b/library/x509.c @@ -1220,17 +1220,6 @@ void mbedtls_x509_name_free( mbedtls_x509_name *name ) } } -void mbedtls_x509_sequence_free( mbedtls_x509_sequence *seq ) -{ - while( seq != NULL ) - { - mbedtls_x509_sequence *next = seq->next; - mbedtls_platform_zeroize( seq, sizeof( *seq ) ); - mbedtls_free( seq ); - seq = next; - } -} - #if defined(MBEDTLS_SELF_TEST) #include "mbedtls/x509_crt.h"