Remove frame/pk parameter from mbedtls_x509_crt_xxx_release()

include/mbedtls/x509_crt.h

@@ -864,11 +864,8 @@ static inline int mbedtls_x509_crt_frame_acquire( mbedtls_x509_crt const *crt,
     return( 0 );
 }
 
-static inline void mbedtls_x509_crt_frame_release(
+static inline void mbedtls_x509_crt_frame_release( mbedtls_x509_crt const *crt )
-    mbedtls_x509_crt const *crt,
-    mbedtls_x509_crt_frame *frame )
 {
-    ((void) frame);
     ((void) crt);
 
 #if defined(MBEDTLS_THREADING_C)
@@ -902,10 +899,8 @@ static inline int mbedtls_x509_crt_pk_acquire( mbedtls_x509_crt const *crt,
     return( 0 );
 }
 
-static inline void mbedtls_x509_crt_pk_release( mbedtls_x509_crt const *crt,
+static inline void mbedtls_x509_crt_pk_release( mbedtls_x509_crt const *crt )
-                                                mbedtls_pk_context *pk )
 {
-    ((void) pk);
     ((void) crt);
 
 #if defined(MBEDTLS_THREADING_C)

library/debug.c

@@ -402,7 +402,7 @@ void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level,
             return;
         }
         debug_print_pk( ssl, level, file, line, "crt->", pk );
-        mbedtls_x509_crt_pk_release( crt, pk );
+        mbedtls_x509_crt_pk_release( crt );
 
         crt = crt->next;
     }

library/ssl_cli.c

@@ -2378,7 +2378,7 @@ cleanup:
     /* We don't need the peer's public key anymore. Free it. */
     mbedtls_pk_free( peer_pk );
 #else
-    mbedtls_x509_crt_pk_release( ssl->session_negotiate->peer_cert, peer_pk );
+    mbedtls_x509_crt_pk_release( ssl->session_negotiate->peer_cert );
 #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 
     return( ret );
@@ -2509,7 +2509,7 @@ cleanup:
      * operations like ECDHE. */
     mbedtls_pk_free( peer_pk );
 #else
-    mbedtls_x509_crt_pk_release( ssl->session_negotiate->peer_cert, peer_pk );
+    mbedtls_x509_crt_pk_release( ssl->session_negotiate->peer_cert );
 #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 
     return( ret );
@@ -2837,8 +2837,7 @@ start_processing:
             mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
                                             MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
 #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
-            mbedtls_x509_crt_pk_release( ssl->session_negotiate->peer_cert,
+            mbedtls_x509_crt_pk_release( ssl->session_negotiate->peer_cert );
-                                         peer_pk );
 #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
             return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH );
         }
@@ -2862,8 +2861,7 @@ start_processing:
                 ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
 #endif
 #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
-            mbedtls_x509_crt_pk_release( ssl->session_negotiate->peer_cert,
+            mbedtls_x509_crt_pk_release( ssl->session_negotiate->peer_cert );
-                                         peer_pk );
 #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
             return( ret );
         }
@@ -2874,8 +2872,7 @@ start_processing:
          * operations like ECDHE. */
         mbedtls_pk_free( peer_pk );
 #else
-        mbedtls_x509_crt_pk_release( ssl->session_negotiate->peer_cert,
+        mbedtls_x509_crt_pk_release( ssl->session_negotiate->peer_cert );
-                                     peer_pk );
 #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
     }
 #endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */

library/ssl_srv.c

@@ -840,7 +840,7 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl,
 #endif
 
 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
-        mbedtls_x509_crt_pk_release( cur->cert, pk );
+        mbedtls_x509_crt_pk_release( cur->cert );
 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
 
          if( match == 0 )
@@ -879,7 +879,7 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl,
                 if( ret != 0 )
                     return( ret );
                 sig_md = frame->sig_md;
-                mbedtls_x509_crt_frame_release( cur->cert, frame );
+                mbedtls_x509_crt_frame_release( cur->cert );
             }
 
             if( sig_md != MBEDTLS_MD_SHA1 )
@@ -3008,7 +3008,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
                 (size_t)( end - p ) < 2 + dn_size )
             {
                 MBEDTLS_SSL_DEBUG_MSG( 1, ( "skipping CAs: buffer too short" ) );
-                mbedtls_x509_crt_frame_release( crt, frame );
+                mbedtls_x509_crt_frame_release( crt );
                 break;
             }
 
@@ -3021,7 +3021,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
 
             total_dn_size += 2 + dn_size;
 
-            mbedtls_x509_crt_frame_release( crt, frame );
+            mbedtls_x509_crt_frame_release( crt );
 
             crt = crt->next;
         }
@@ -4407,8 +4407,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
 exit:
 
 #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
-    mbedtls_x509_crt_pk_release( ssl->session_negotiate->peer_cert,
+    mbedtls_x509_crt_pk_release( ssl->session_negotiate->peer_cert );
-                                 peer_pk );
 #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 
     return( ret );

library/ssl_tls.c

@@ -6513,7 +6513,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl,
         if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) )
             ret = mbedtls_ssl_check_curve( ssl, mbedtls_pk_ec( *pk )->grp.id );
 
-        mbedtls_x509_crt_pk_release( chain, pk );
+        mbedtls_x509_crt_pk_release( chain );
 
         if( ret != 0 )
         {

library/x509_crt.c

@@ -260,7 +260,7 @@ int mbedtls_x509_crt_get_subject_alt_names( mbedtls_x509_crt const *crt,
     else
         ret = x509_crt_subject_alt_from_frame( frame, seq );
 
-    mbedtls_x509_crt_frame_release( crt, frame );
+    mbedtls_x509_crt_frame_release( crt );
 
     *subj_alt = seq;
     return( ret );
@@ -283,7 +283,7 @@ int mbedtls_x509_crt_get_ext_key_usage( mbedtls_x509_crt const *crt,
     else
         ret = x509_crt_ext_key_usage_from_frame( frame, seq );
 
-    mbedtls_x509_crt_frame_release( crt, frame );
+    mbedtls_x509_crt_frame_release( crt );
 
     *ext_key_usage = seq;
     return( ret );
@@ -306,7 +306,7 @@ int mbedtls_x509_crt_get_subject( mbedtls_x509_crt const *crt,
     else
         ret = x509_crt_subject_from_frame( frame, name );
 
-    mbedtls_x509_crt_frame_release( crt, frame );
+    mbedtls_x509_crt_frame_release( crt );
 
     *subject = name;
     return( ret );
@@ -329,7 +329,7 @@ int mbedtls_x509_crt_get_issuer( mbedtls_x509_crt const *crt,
     else
         ret = x509_crt_issuer_from_frame( frame, name );
 
-    mbedtls_x509_crt_frame_release( crt, frame );
+    mbedtls_x509_crt_frame_release( crt );
 
     *issuer = name;
     return( ret );
@@ -344,7 +344,7 @@ int mbedtls_x509_crt_get_frame( mbedtls_x509_crt const *crt,
     if( ret != 0 )
         return( ret );
     *dst = *frame;
-    mbedtls_x509_crt_frame_release( crt, frame );
+    mbedtls_x509_crt_frame_release( crt );
     return( 0 );
 }
 
@@ -369,7 +369,7 @@ int mbedtls_x509_crt_get_pk( mbedtls_x509_crt const *crt,
     mbedtls_free( crt->cache->pk );
     crt->cache->pk = NULL;
 
-    mbedtls_x509_crt_pk_release( crt, pk );
+    mbedtls_x509_crt_pk_release( crt );
     return( 0 );
 #endif /* MBEDTLS_X509_ON_DEMAND_PARSING */
 }
@@ -2379,13 +2379,12 @@ int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt,
 {
     int ret;
     mbedtls_x509_crt_frame *frame;
-    ret = mbedtls_x509_crt_frame_acquire( crt,
+    ret = mbedtls_x509_crt_frame_acquire( crt, &frame );
-                                          (mbedtls_x509_crt_frame**) &frame );
     if( ret != 0 )
         return( MBEDTLS_ERR_X509_FATAL_ERROR );
 
     ret = x509_crt_check_key_usage_frame( frame, usage );
-    mbedtls_x509_crt_frame_release( crt, (mbedtls_x509_crt_frame*) frame );
+    mbedtls_x509_crt_frame_release( crt );
 
     return( ret );
 }
@@ -2453,7 +2452,7 @@ int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt,
             ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA;
     }
 
-    mbedtls_x509_crt_frame_release( crt, frame );
+    mbedtls_x509_crt_frame_release( crt );
     return( ret );
 }
 #endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
@@ -2496,7 +2495,7 @@ int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt,
     ret = x509_serial_is_revoked( frame->serial.p,
                                   frame->serial.len,
                                   crl );
-    mbedtls_x509_crt_frame_release( crt, frame );
+    mbedtls_x509_crt_frame_release( crt );
     return( ret );
 }
 
@@ -2536,7 +2535,7 @@ static int x509_crt_verifycrl( unsigned char *crt_serial,
             can_sign = 1;
         }
 
-        mbedtls_x509_crt_frame_release( ca_crt, ca );
+        mbedtls_x509_crt_frame_release( ca_crt );
     }
 
     ret = mbedtls_x509_crt_pk_acquire( ca_crt, &pk );
@@ -2614,7 +2613,7 @@ static int x509_crt_verifycrl( unsigned char *crt_serial,
         crl_list = crl_list->next;
     }
 
-    mbedtls_x509_crt_pk_release( ca_crt, pk );
+    mbedtls_x509_crt_pk_release( ca_crt );
     return( flags );
 }
 #endif /* MBEDTLS_X509_CRL_PARSE_C */
@@ -2663,7 +2662,7 @@ static int x509_crt_check_signature( const mbedtls_x509_crt_sig_info *sig_info,
     }
 
 exit:
-    mbedtls_x509_crt_pk_release( parent, pk );
+    mbedtls_x509_crt_pk_release( parent );
     return( ret );
 }
 
@@ -2823,7 +2822,7 @@ check_signature:
                 path_len_ok = 1;
             }
 
-            mbedtls_x509_crt_frame_release( parent_crt, parent );
+            mbedtls_x509_crt_frame_release( parent_crt );
         }
 
         if( parent_match == 0 || path_len_ok == 0 )
@@ -3107,7 +3106,7 @@ find_parent:
                 /* Stop here for trusted roots (but not for trusted EE certs) */
                 if( child_is_trusted )
                 {
-                    mbedtls_x509_crt_frame_release( child_crt, child );
+                    mbedtls_x509_crt_frame_release( child_crt );
                     return( 0 );
                 }
 
@@ -3130,7 +3129,7 @@ find_parent:
                 if( ver_chain->len == 1 && self_issued &&
                     x509_crt_check_ee_locally_trusted( child, trust_ca ) == 0 )
                 {
-                    mbedtls_x509_crt_frame_release( child_crt, child );
+                    mbedtls_x509_crt_frame_release( child_crt );
                     return( 0 );
                 }
 
@@ -3139,7 +3138,7 @@ find_parent:
 #endif /* MBEDTLS_X509_CRL_PARSE_C */
 
                 ret = x509_crt_get_sig_info( child, &child_sig );
-                mbedtls_x509_crt_frame_release( child_crt, child );
+                mbedtls_x509_crt_frame_release( child_crt );
 
                 if( ret != 0 )
                     return( MBEDTLS_ERR_X509_FATAL_ERROR );
@@ -3203,7 +3202,7 @@ find_parent:
             if( x509_profile_check_key( profile, parent_pk ) != 0 )
                 *flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
 
-            mbedtls_x509_crt_pk_release( parent_crt, parent_pk );
+            mbedtls_x509_crt_pk_release( parent_crt );
         }
 
 #if defined(MBEDTLS_X509_CRL_PARSE_C)
@@ -3321,7 +3320,7 @@ static int x509_crt_verify_name( const mbedtls_x509_crt *crt,
                                          x509_crt_check_name, (void*) cn );
     }
 
-    mbedtls_x509_crt_frame_release( crt, frame );
+    mbedtls_x509_crt_frame_release( crt );
 
     /* x509_crt_check_name() and x509_crt_subject_alt_check_name()
      * return 1 when finding a name component matching `cn`. */
@@ -3452,7 +3451,7 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt,
         if( x509_profile_check_key( profile, pk ) != 0 )
             ee_flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
 
-        mbedtls_x509_crt_pk_release( crt, pk );
+        mbedtls_x509_crt_pk_release( crt );
     }
 
     /* Check the chain */

programs/ssl/ssl_server2.c

@@ -1099,7 +1099,7 @@ static int ssl_async_start( mbedtls_ssl_context *ssl,
         if( ret != 0 )
             return( ret );
         match = mbedtls_pk_check_pair( pk, config_data->slots[slot].pk );
-        mbedtls_x509_crt_pk_release( cert, pk );
+        mbedtls_x509_crt_pk_release( cert );
         if( match == 0 )
             break;
     }

tests/suites/test_suite_x509parse.function

@@ -179,7 +179,7 @@ int verify_print( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint
 cleanup:
 
     mbedtls_x509_name_free( subject );
-    mbedtls_x509_crt_frame_release( crt, frame );
+    mbedtls_x509_crt_frame_release( crt );
 
     if( ret < 0 )
         return( ret );