Shared code to free x509 structs
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
This commit is contained in:
parent
88f5fd9099
commit
a4b4041219
9 changed files with 37 additions and 149 deletions
2
ChangeLog.d/mbedtls_asn1_type_free.txt
Normal file
2
ChangeLog.d/mbedtls_asn1_type_free.txt
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
Features
|
||||||
|
* Shared code to free x509 structs like mbedtls_x509_named_data
|
|
@ -625,6 +625,15 @@ void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *entry );
|
||||||
*/
|
*/
|
||||||
void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head );
|
void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head );
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \brief Free all shallow entries in a mbedtls_asn1_named_data list,
|
||||||
|
* but do not free internal pointer targets.
|
||||||
|
*
|
||||||
|
* \param name Head of the list of named data entries to free.
|
||||||
|
* This function calls mbedtls_free() on each list element.
|
||||||
|
*/
|
||||||
|
void mbedtls_asn1_free_named_data_list_shallow( mbedtls_asn1_named_data *name );
|
||||||
|
|
||||||
/** \} name Functions to parse ASN.1 data structures */
|
/** \} name Functions to parse ASN.1 data structures */
|
||||||
/** \} addtogroup asn1_module */
|
/** \} addtogroup asn1_module */
|
||||||
|
|
||||||
|
|
|
@ -455,6 +455,16 @@ void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head )
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void mbedtls_asn1_free_named_data_list_shallow( mbedtls_asn1_named_data *name )
|
||||||
|
{
|
||||||
|
for( mbedtls_asn1_named_data *next; name != NULL; name = next )
|
||||||
|
{
|
||||||
|
next = name->next;
|
||||||
|
mbedtls_platform_zeroize( name, sizeof( *name ) );
|
||||||
|
mbedtls_free( name );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
const mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( const mbedtls_asn1_named_data *list,
|
const mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( const mbedtls_asn1_named_data *list,
|
||||||
const char *oid, size_t len )
|
const char *oid, size_t len )
|
||||||
{
|
{
|
||||||
|
|
|
@ -2680,7 +2680,6 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
unsigned char *p = dn + i + 2;
|
unsigned char *p = dn + i + 2;
|
||||||
mbedtls_x509_name name;
|
mbedtls_x509_name name;
|
||||||
mbedtls_x509_name *name_cur, *name_prv;
|
|
||||||
size_t asn1_len;
|
size_t asn1_len;
|
||||||
char s[MBEDTLS_X509_MAX_DN_NAME_SIZE];
|
char s[MBEDTLS_X509_MAX_DN_NAME_SIZE];
|
||||||
memset( &name, 0, sizeof( name ) );
|
memset( &name, 0, sizeof( name ) );
|
||||||
|
@ -2700,14 +2699,7 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3,
|
MBEDTLS_SSL_DEBUG_MSG( 3,
|
||||||
( "DN hint: %.*s",
|
( "DN hint: %.*s",
|
||||||
mbedtls_x509_dn_gets( s, sizeof(s), &name ), s ) );
|
mbedtls_x509_dn_gets( s, sizeof(s), &name ), s ) );
|
||||||
name_cur = name.next;
|
mbedtls_asn1_free_named_data_list_shallow( name.next );
|
||||||
while( name_cur != NULL )
|
|
||||||
{
|
|
||||||
name_prv = name_cur;
|
|
||||||
name_cur = name_cur->next;
|
|
||||||
mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
|
|
||||||
mbedtls_free( name_prv );
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
|
@ -472,7 +472,6 @@ int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end,
|
||||||
size_t set_len;
|
size_t set_len;
|
||||||
const unsigned char *end_set;
|
const unsigned char *end_set;
|
||||||
mbedtls_x509_name *head = cur;
|
mbedtls_x509_name *head = cur;
|
||||||
mbedtls_x509_name *prev, *allocated;
|
|
||||||
|
|
||||||
/* don't use recursion, we'd risk stack overflow if not optimized */
|
/* don't use recursion, we'd risk stack overflow if not optimized */
|
||||||
while( 1 )
|
while( 1 )
|
||||||
|
@ -530,18 +529,8 @@ int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end,
|
||||||
|
|
||||||
error:
|
error:
|
||||||
/* Skip the first element as we did not allocate it */
|
/* Skip the first element as we did not allocate it */
|
||||||
allocated = head->next;
|
mbedtls_asn1_free_named_data_list_shallow( head->next );
|
||||||
|
head->next = NULL;
|
||||||
while( allocated != NULL )
|
|
||||||
{
|
|
||||||
prev = allocated;
|
|
||||||
allocated = allocated->next;
|
|
||||||
|
|
||||||
mbedtls_platform_zeroize( prev, sizeof( *prev ) );
|
|
||||||
mbedtls_free( prev );
|
|
||||||
}
|
|
||||||
|
|
||||||
mbedtls_platform_zeroize( head, sizeof( *head ) );
|
|
||||||
|
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
|
@ -705,28 +705,16 @@ void mbedtls_x509_crl_free( mbedtls_x509_crl *crl )
|
||||||
{
|
{
|
||||||
mbedtls_x509_crl *crl_cur = crl;
|
mbedtls_x509_crl *crl_cur = crl;
|
||||||
mbedtls_x509_crl *crl_prv;
|
mbedtls_x509_crl *crl_prv;
|
||||||
mbedtls_x509_name *name_cur;
|
|
||||||
mbedtls_x509_name *name_prv;
|
|
||||||
mbedtls_x509_crl_entry *entry_cur;
|
mbedtls_x509_crl_entry *entry_cur;
|
||||||
mbedtls_x509_crl_entry *entry_prv;
|
mbedtls_x509_crl_entry *entry_prv;
|
||||||
|
|
||||||
if( crl == NULL )
|
while( crl_cur != NULL )
|
||||||
return;
|
|
||||||
|
|
||||||
do
|
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
|
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
|
||||||
mbedtls_free( crl_cur->sig_opts );
|
mbedtls_free( crl_cur->sig_opts );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
name_cur = crl_cur->issuer.next;
|
mbedtls_asn1_free_named_data_list_shallow( crl_cur->issuer.next );
|
||||||
while( name_cur != NULL )
|
|
||||||
{
|
|
||||||
name_prv = name_cur;
|
|
||||||
name_cur = name_cur->next;
|
|
||||||
mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
|
|
||||||
mbedtls_free( name_prv );
|
|
||||||
}
|
|
||||||
|
|
||||||
entry_cur = crl_cur->entry.next;
|
entry_cur = crl_cur->entry.next;
|
||||||
while( entry_cur != NULL )
|
while( entry_cur != NULL )
|
||||||
|
@ -744,13 +732,6 @@ void mbedtls_x509_crl_free( mbedtls_x509_crl *crl )
|
||||||
mbedtls_free( crl_cur->raw.p );
|
mbedtls_free( crl_cur->raw.p );
|
||||||
}
|
}
|
||||||
|
|
||||||
crl_cur = crl_cur->next;
|
|
||||||
}
|
|
||||||
while( crl_cur != NULL );
|
|
||||||
|
|
||||||
crl_cur = crl;
|
|
||||||
do
|
|
||||||
{
|
|
||||||
crl_prv = crl_cur;
|
crl_prv = crl_cur;
|
||||||
crl_cur = crl_cur->next;
|
crl_cur = crl_cur->next;
|
||||||
|
|
||||||
|
@ -758,7 +739,6 @@ void mbedtls_x509_crl_free( mbedtls_x509_crl *crl )
|
||||||
if( crl_prv != crl )
|
if( crl_prv != crl )
|
||||||
mbedtls_free( crl_prv );
|
mbedtls_free( crl_prv );
|
||||||
}
|
}
|
||||||
while( crl_cur != NULL );
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#endif /* MBEDTLS_X509_CRL_PARSE_C */
|
#endif /* MBEDTLS_X509_CRL_PARSE_C */
|
||||||
|
|
|
@ -685,16 +685,7 @@ static int x509_get_subject_alt_name( unsigned char **p,
|
||||||
*/
|
*/
|
||||||
if( ret != 0 && ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE )
|
if( ret != 0 && ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE )
|
||||||
{
|
{
|
||||||
mbedtls_x509_sequence *seq_cur = subject_alt_name->next;
|
mbedtls_asn1_sequence_free( subject_alt_name->next );
|
||||||
mbedtls_x509_sequence *seq_prv;
|
|
||||||
while( seq_cur != NULL )
|
|
||||||
{
|
|
||||||
seq_prv = seq_cur;
|
|
||||||
seq_cur = seq_cur->next;
|
|
||||||
mbedtls_platform_zeroize( seq_prv,
|
|
||||||
sizeof( mbedtls_x509_sequence ) );
|
|
||||||
mbedtls_free( seq_prv );
|
|
||||||
}
|
|
||||||
subject_alt_name->next = NULL;
|
subject_alt_name->next = NULL;
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
@ -3300,15 +3291,8 @@ void mbedtls_x509_crt_free( mbedtls_x509_crt *crt )
|
||||||
{
|
{
|
||||||
mbedtls_x509_crt *cert_cur = crt;
|
mbedtls_x509_crt *cert_cur = crt;
|
||||||
mbedtls_x509_crt *cert_prv;
|
mbedtls_x509_crt *cert_prv;
|
||||||
mbedtls_x509_name *name_cur;
|
|
||||||
mbedtls_x509_name *name_prv;
|
|
||||||
mbedtls_x509_sequence *seq_cur;
|
|
||||||
mbedtls_x509_sequence *seq_prv;
|
|
||||||
|
|
||||||
if( crt == NULL )
|
while( cert_cur != NULL )
|
||||||
return;
|
|
||||||
|
|
||||||
do
|
|
||||||
{
|
{
|
||||||
mbedtls_pk_free( &cert_cur->pk );
|
mbedtls_pk_free( &cert_cur->pk );
|
||||||
|
|
||||||
|
@ -3316,53 +3300,11 @@ void mbedtls_x509_crt_free( mbedtls_x509_crt *crt )
|
||||||
mbedtls_free( cert_cur->sig_opts );
|
mbedtls_free( cert_cur->sig_opts );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
name_cur = cert_cur->issuer.next;
|
mbedtls_asn1_free_named_data_list_shallow( cert_cur->issuer.next );
|
||||||
while( name_cur != NULL )
|
mbedtls_asn1_free_named_data_list_shallow( cert_cur->subject.next );
|
||||||
{
|
mbedtls_asn1_sequence_free( cert_cur->ext_key_usage.next );
|
||||||
name_prv = name_cur;
|
mbedtls_asn1_sequence_free( cert_cur->subject_alt_names.next );
|
||||||
name_cur = name_cur->next;
|
mbedtls_asn1_sequence_free( cert_cur->certificate_policies.next );
|
||||||
mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
|
|
||||||
mbedtls_free( name_prv );
|
|
||||||
}
|
|
||||||
|
|
||||||
name_cur = cert_cur->subject.next;
|
|
||||||
while( name_cur != NULL )
|
|
||||||
{
|
|
||||||
name_prv = name_cur;
|
|
||||||
name_cur = name_cur->next;
|
|
||||||
mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
|
|
||||||
mbedtls_free( name_prv );
|
|
||||||
}
|
|
||||||
|
|
||||||
seq_cur = cert_cur->ext_key_usage.next;
|
|
||||||
while( seq_cur != NULL )
|
|
||||||
{
|
|
||||||
seq_prv = seq_cur;
|
|
||||||
seq_cur = seq_cur->next;
|
|
||||||
mbedtls_platform_zeroize( seq_prv,
|
|
||||||
sizeof( mbedtls_x509_sequence ) );
|
|
||||||
mbedtls_free( seq_prv );
|
|
||||||
}
|
|
||||||
|
|
||||||
seq_cur = cert_cur->subject_alt_names.next;
|
|
||||||
while( seq_cur != NULL )
|
|
||||||
{
|
|
||||||
seq_prv = seq_cur;
|
|
||||||
seq_cur = seq_cur->next;
|
|
||||||
mbedtls_platform_zeroize( seq_prv,
|
|
||||||
sizeof( mbedtls_x509_sequence ) );
|
|
||||||
mbedtls_free( seq_prv );
|
|
||||||
}
|
|
||||||
|
|
||||||
seq_cur = cert_cur->certificate_policies.next;
|
|
||||||
while( seq_cur != NULL )
|
|
||||||
{
|
|
||||||
seq_prv = seq_cur;
|
|
||||||
seq_cur = seq_cur->next;
|
|
||||||
mbedtls_platform_zeroize( seq_prv,
|
|
||||||
sizeof( mbedtls_x509_sequence ) );
|
|
||||||
mbedtls_free( seq_prv );
|
|
||||||
}
|
|
||||||
|
|
||||||
if( cert_cur->raw.p != NULL && cert_cur->own_buffer )
|
if( cert_cur->raw.p != NULL && cert_cur->own_buffer )
|
||||||
{
|
{
|
||||||
|
@ -3370,13 +3312,6 @@ void mbedtls_x509_crt_free( mbedtls_x509_crt *crt )
|
||||||
mbedtls_free( cert_cur->raw.p );
|
mbedtls_free( cert_cur->raw.p );
|
||||||
}
|
}
|
||||||
|
|
||||||
cert_cur = cert_cur->next;
|
|
||||||
}
|
|
||||||
while( cert_cur != NULL );
|
|
||||||
|
|
||||||
cert_cur = crt;
|
|
||||||
do
|
|
||||||
{
|
|
||||||
cert_prv = cert_cur;
|
cert_prv = cert_cur;
|
||||||
cert_cur = cert_cur->next;
|
cert_cur = cert_cur->next;
|
||||||
|
|
||||||
|
@ -3384,7 +3319,6 @@ void mbedtls_x509_crt_free( mbedtls_x509_crt *crt )
|
||||||
if( cert_prv != crt )
|
if( cert_prv != crt )
|
||||||
mbedtls_free( cert_prv );
|
mbedtls_free( cert_prv );
|
||||||
}
|
}
|
||||||
while( cert_cur != NULL );
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
||||||
|
|
|
@ -375,9 +375,6 @@ void mbedtls_x509_csr_init( mbedtls_x509_csr *csr )
|
||||||
*/
|
*/
|
||||||
void mbedtls_x509_csr_free( mbedtls_x509_csr *csr )
|
void mbedtls_x509_csr_free( mbedtls_x509_csr *csr )
|
||||||
{
|
{
|
||||||
mbedtls_x509_name *name_cur;
|
|
||||||
mbedtls_x509_name *name_prv;
|
|
||||||
|
|
||||||
if( csr == NULL )
|
if( csr == NULL )
|
||||||
return;
|
return;
|
||||||
|
|
||||||
|
@ -387,14 +384,7 @@ void mbedtls_x509_csr_free( mbedtls_x509_csr *csr )
|
||||||
mbedtls_free( csr->sig_opts );
|
mbedtls_free( csr->sig_opts );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
name_cur = csr->subject.next;
|
mbedtls_asn1_free_named_data_list_shallow( csr->subject.next );
|
||||||
while( name_cur != NULL )
|
|
||||||
{
|
|
||||||
name_prv = name_cur;
|
|
||||||
name_cur = name_cur->next;
|
|
||||||
mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
|
|
||||||
mbedtls_free( name_prv );
|
|
||||||
}
|
|
||||||
|
|
||||||
if( csr->raw.p != NULL )
|
if( csr->raw.p != NULL )
|
||||||
{
|
{
|
||||||
|
|
|
@ -825,7 +825,6 @@ void mbedtls_x509_get_name( char * rdn_sequence, int exp_ret )
|
||||||
unsigned char *p;
|
unsigned char *p;
|
||||||
size_t name_len;
|
size_t name_len;
|
||||||
mbedtls_x509_name head;
|
mbedtls_x509_name head;
|
||||||
mbedtls_x509_name *allocated, *prev;
|
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
memset( &head, 0, sizeof( head ) );
|
memset( &head, 0, sizeof( head ) );
|
||||||
|
@ -835,17 +834,7 @@ void mbedtls_x509_get_name( char * rdn_sequence, int exp_ret )
|
||||||
|
|
||||||
ret = mbedtls_x509_get_name( &p, ( name + name_len ), &head );
|
ret = mbedtls_x509_get_name( &p, ( name + name_len ), &head );
|
||||||
if( ret == 0 )
|
if( ret == 0 )
|
||||||
{
|
mbedtls_asn1_free_named_data_list_shallow( head.next );
|
||||||
allocated = head.next;
|
|
||||||
|
|
||||||
while( allocated != NULL )
|
|
||||||
{
|
|
||||||
prev = allocated;
|
|
||||||
allocated = allocated->next;
|
|
||||||
|
|
||||||
mbedtls_free( prev );
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
TEST_EQUAL( ret, exp_ret );
|
TEST_EQUAL( ret, exp_ret );
|
||||||
|
|
||||||
|
@ -859,7 +848,7 @@ void mbedtls_x509_dn_get_next( char * name_str, int next_merged, char * expected
|
||||||
int ret = 0, i;
|
int ret = 0, i;
|
||||||
size_t len = 0, out_size;
|
size_t len = 0, out_size;
|
||||||
mbedtls_asn1_named_data *names = NULL;
|
mbedtls_asn1_named_data *names = NULL;
|
||||||
mbedtls_x509_name parsed, *parsed_cur, *parsed_prv;
|
mbedtls_x509_name parsed, *parsed_cur;
|
||||||
// Size of buf is maximum required for test cases
|
// Size of buf is maximum required for test cases
|
||||||
unsigned char buf[80], *out = NULL, *c;
|
unsigned char buf[80], *out = NULL, *c;
|
||||||
const char *short_name;
|
const char *short_name;
|
||||||
|
@ -913,14 +902,7 @@ void mbedtls_x509_dn_get_next( char * name_str, int next_merged, char * expected
|
||||||
exit:
|
exit:
|
||||||
mbedtls_free( out );
|
mbedtls_free( out );
|
||||||
mbedtls_asn1_free_named_data_list( &names );
|
mbedtls_asn1_free_named_data_list( &names );
|
||||||
|
mbedtls_asn1_free_named_data_list_shallow( parsed.next );
|
||||||
parsed_cur = parsed.next;
|
|
||||||
while( parsed_cur != 0 )
|
|
||||||
{
|
|
||||||
parsed_prv = parsed_cur;
|
|
||||||
parsed_cur = parsed_cur->next;
|
|
||||||
mbedtls_free( parsed_prv );
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue