diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2015-12-14 13:13:32 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2015-12-14 23:06:14 +0000 |
| commit | c01ff880d47392b82cce2f93ac4a9bb8c68f8cc7 (patch) | |
| tree | 5d4bfc88099fab5f8178b3cdfee4e8f4db2ad68d /crypto/x509/x509_cmp.c | |
| parent | 2872dbe1c46eceb20c38bc55a5fe2a4c4c52fe9d (diff) | |
New function X509_get0_pubkey
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Diffstat (limited to 'crypto/x509/x509_cmp.c')
| -rw-r--r-- | crypto/x509/x509_cmp.c | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 5c3ac6a66f..9d9ea4b605 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -305,11 +305,18 @@ X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name) return (NULL); } +EVP_PKEY *X509_get0_pubkey(X509 *x) +{ + if (x == NULL) + return NULL; + return X509_PUBKEY_get0(x->cert_info.key); +} + EVP_PKEY *X509_get_pubkey(X509 *x) { if (x == NULL) - return (NULL); - return (X509_PUBKEY_get(x->cert_info.key)); + return NULL; + return X509_PUBKEY_get(x->cert_info.key); } ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x) @@ -324,7 +331,7 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k) EVP_PKEY *xk; int ret; - xk = X509_get_pubkey(x); + xk = X509_get0_pubkey(x); if (xk) ret = EVP_PKEY_cmp(xk, k); @@ -343,7 +350,6 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k) case -2: X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_UNKNOWN_KEY_TYPE); } - EVP_PKEY_free(xk); if (ret > 0) return 1; return 0; @@ -411,7 +417,7 @@ int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain, goto end; } - pk = X509_get_pubkey(x); + pk = X509_get0_pubkey(x); /* Check EE key only */ rv = check_suite_b(pk, -1, &tflags); if (rv != X509_V_OK) { @@ -426,7 +432,6 @@ int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain, rv = X509_V_ERR_SUITE_B_INVALID_VERSION; goto end; } - EVP_PKEY_free(pk); pk = X509_get_pubkey(x); rv = check_suite_b(pk, sign_nid, &tflags); if (rv != X509_V_OK) @@ -436,7 +441,6 @@ int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain, /* Final check: root CA signature */ rv = check_suite_b(pk, X509_get_signature_nid(x), &tflags); end: - EVP_PKEY_free(pk); if (rv != X509_V_OK) { /* Invalid signature or LOS errors are for previous cert */ if ((rv == X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM |