mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-07-29 11:41:15 +03:00
Merge remote-tracking branch 'restricted/development-restricted' into future_rc
As set by process the tf-psa-crypto submodule is set to point to tf-psa-crypto-release-sync input.
This commit is contained in:
Minos Galanakis
@ -150,7 +150,6 @@ int main(int argc, char *argv[])
|
||||
mbedtls_ctr_drbg_context ctr_drbg;
|
||||
const char *pers = "csr example app";
|
||||
mbedtls_x509_san_list *cur, *prev;
|
||||
mbedtls_asn1_named_data *ext_san_dirname = NULL;
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
uint8_t ip[4] = { 0 };
|
||||
#endif
|
||||
@ -274,7 +273,15 @@ usage:
|
||||
cur->node.san.unstructured_name.len = sizeof(ip);
|
||||
} else if (strcmp(q, "DN") == 0) {
|
||||
cur->node.type = MBEDTLS_X509_SAN_DIRECTORY_NAME;
|
||||
if ((ret = mbedtls_x509_string_to_names(&ext_san_dirname,
|
||||
/* Work around an API mismatch between string_to_names() and
|
||||
* mbedtls_x509_subject_alternative_name, which holds an
|
||||
* actual mbedtls_x509_name while a pointer to one would be
|
||||
* more convenient here. (Note mbedtls_x509_name and
|
||||
* mbedtls_asn1_named_data are synonymous, again
|
||||
* string_to_names() uses one while
|
||||
* cur->node.san.directory_name is nominally the other.) */
|
||||
mbedtls_asn1_named_data *tmp_san_dirname = NULL;
|
||||
if ((ret = mbedtls_x509_string_to_names(&tmp_san_dirname,
|
||||
subtype_value)) != 0) {
|
||||
mbedtls_strerror(ret, buf, sizeof(buf));
|
||||
mbedtls_printf(
|
||||
@ -283,7 +290,9 @@ usage:
|
||||
(unsigned int) -ret, buf);
|
||||
goto exit;
|
||||
}
|
||||
cur->node.san.directory_name = *ext_san_dirname;
|
||||
cur->node.san.directory_name = *tmp_san_dirname;
|
||||
mbedtls_free(tmp_san_dirname);
|
||||
tmp_san_dirname = NULL;
|
||||
} else {
|
||||
mbedtls_free(cur);
|
||||
goto usage;
|
||||
@ -490,7 +499,6 @@ exit:
|
||||
}
|
||||
|
||||
mbedtls_x509write_csr_free(&req);
|
||||
mbedtls_asn1_free_named_data_list(&ext_san_dirname);
|
||||
mbedtls_pk_free(&key);
|
||||
mbedtls_ctr_drbg_free(&ctr_drbg);
|
||||
mbedtls_entropy_free(&entropy);
|
||||
@ -500,12 +508,21 @@ exit:
|
||||
|
||||
cur = opt.san_list;
|
||||
while (cur != NULL) {
|
||||
prev = cur;
|
||||
cur = cur->next;
|
||||
mbedtls_free(prev);
|
||||
mbedtls_x509_san_list *next = cur->next;
|
||||
/* Note: mbedtls_x509_free_subject_alt_name() is not what we want here.
|
||||
* It's the right thing for entries that were parsed from a certificate,
|
||||
* where pointers are to the raw certificate, but here all the
|
||||
* pointers were allocated while parsing from a user-provided string. */
|
||||
if (cur->node.type == MBEDTLS_X509_SAN_DIRECTORY_NAME) {
|
||||
mbedtls_x509_name *dn = &cur->node.san.directory_name;
|
||||
mbedtls_free(dn->oid.p);
|
||||
mbedtls_free(dn->val.p);
|
||||
mbedtls_asn1_free_named_data_list(&dn->next);
|
||||
}
|
||||
mbedtls_free(cur);
|
||||
cur = next;
|
||||
}
|
||||
|
||||
|
||||
mbedtls_exit(exit_code);
|
||||
}
|
||||
#endif /* MBEDTLS_X509_CSR_WRITE_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
|
||||
|
||||
@ -310,7 +310,6 @@ int main(int argc, char *argv[])
|
||||
mbedtls_ctr_drbg_context ctr_drbg;
|
||||
const char *pers = "crt example app";
|
||||
mbedtls_x509_san_list *cur, *prev;
|
||||
mbedtls_asn1_named_data *ext_san_dirname = NULL;
|
||||
uint8_t ip[4] = { 0 };
|
||||
/*
|
||||
* Set to sane values
|
||||
@ -593,7 +592,15 @@ usage:
|
||||
cur->node.san.unstructured_name.len = sizeof(ip);
|
||||
} else if (strcmp(q, "DN") == 0) {
|
||||
cur->node.type = MBEDTLS_X509_SAN_DIRECTORY_NAME;
|
||||
if ((ret = mbedtls_x509_string_to_names(&ext_san_dirname,
|
||||
/* Work around an API mismatch between string_to_names() and
|
||||
* mbedtls_x509_subject_alternative_name, which holds an
|
||||
* actual mbedtls_x509_name while a pointer to one would be
|
||||
* more convenient here. (Note mbedtls_x509_name and
|
||||
* mbedtls_asn1_named_data are synonymous, again
|
||||
* string_to_names() uses one while
|
||||
* cur->node.san.directory_name is nominally the other.) */
|
||||
mbedtls_asn1_named_data *tmp_san_dirname = NULL;
|
||||
if ((ret = mbedtls_x509_string_to_names(&tmp_san_dirname,
|
||||
subtype_value)) != 0) {
|
||||
mbedtls_strerror(ret, buf, sizeof(buf));
|
||||
mbedtls_printf(
|
||||
@ -602,7 +609,9 @@ usage:
|
||||
(unsigned int) -ret, buf);
|
||||
goto exit;
|
||||
}
|
||||
cur->node.san.directory_name = *ext_san_dirname;
|
||||
cur->node.san.directory_name = *tmp_san_dirname;
|
||||
mbedtls_free(tmp_san_dirname);
|
||||
tmp_san_dirname = NULL;
|
||||
} else {
|
||||
mbedtls_free(cur);
|
||||
goto usage;
|
||||
@ -991,10 +1000,26 @@ usage:
|
||||
exit_code = MBEDTLS_EXIT_SUCCESS;
|
||||
|
||||
exit:
|
||||
cur = opt.san_list;
|
||||
while (cur != NULL) {
|
||||
mbedtls_x509_san_list *next = cur->next;
|
||||
/* Note: mbedtls_x509_free_subject_alt_name() is not what we want here.
|
||||
* It's the right thing for entries that were parsed from a certificate,
|
||||
* where pointers are to the raw certificate, but here all the
|
||||
* pointers were allocated while parsing from a user-provided string. */
|
||||
if (cur->node.type == MBEDTLS_X509_SAN_DIRECTORY_NAME) {
|
||||
mbedtls_x509_name *dn = &cur->node.san.directory_name;
|
||||
mbedtls_free(dn->oid.p);
|
||||
mbedtls_free(dn->val.p);
|
||||
mbedtls_asn1_free_named_data_list(&dn->next);
|
||||
}
|
||||
mbedtls_free(cur);
|
||||
cur = next;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_X509_CSR_PARSE_C)
|
||||
mbedtls_x509_csr_free(&csr);
|
||||
#endif /* MBEDTLS_X509_CSR_PARSE_C */
|
||||
mbedtls_asn1_free_named_data_list(&ext_san_dirname);
|
||||
mbedtls_x509_crt_free(&issuer_crt);
|
||||
mbedtls_x509write_crt_free(&crt);
|
||||
mbedtls_pk_free(&loaded_subject_key);
|
||||
|
||||
Reference in New Issue
Block a user