[Fixup] Add missing PK release call in Cert Verify parsing mbedtls_ssl_read() can fail non-fatally, in which case ssl_parse_certificate_verify() returned immediately without calling mbedtls_x509_crt_pk_release(), which in turn lead to a fatal error because of nested acquire calls in the next call to the function.

commit: bc6b59859fe12c77500a5a05dd8b227077df1ca2 [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Tue Jul 02 15:36:44 2019 +0100
committer: Hanno Becker <hanno.becker@arm.com> Tue Jul 02 15:36:44 2019 +0100
tree: ceb2cb05b30a15bd5217ce549fe6610269fc9fdf
parent: 410322f23e16c17a6bc42b93801ade286c0ad190 [diff] [blame]
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 9e15f75..40f8e06 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c

@@ -4274,7 +4274,7 @@
     if( 0 != ret )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record" ), ret );
-        return( ret );
+        goto exit;
     }
 
     ssl->state++;
@@ -4284,7 +4284,8 @@
         ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE_VERIFY )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
+        ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY;
+        goto exit;
     }
 
     i = mbedtls_ssl_hs_hdr_len( ssl );
commit	bc6b59859fe12c77500a5a05dd8b227077df1ca2	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Tue Jul 02 15:36:44 2019 +0100
committer	Hanno Becker <hanno.becker@arm.com>	Tue Jul 02 15:36:44 2019 +0100
tree	ceb2cb05b30a15bd5217ce549fe6610269fc9fdf
parent	410322f23e16c17a6bc42b93801ade286c0ad190 [diff] [blame]