Add const to both arguments of X509_check_private_key(3).

tested in a bulk build by sthen
input & ok jsing

2 files changed, 6 insertions, 7 deletions

diff --git a/lib/libcrypto/x509/x509.h b/lib/libcrypto/x509/x509.h
index ec7887a9284..e99e8e0238f 100644
--- a/lib/libcrypto/x509/x509.h
+++ b/lib/libcrypto/x509/x509.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509.h,v 1.63 2018/05/18 19:21:33 tb Exp $ */
+/* $OpenBSD: x509.h,v 1.64 2018/05/18 19:24:08 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1049,7 +1049,7 @@ int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
 
 int		X509_REQ_check_private_key(X509_REQ *x509,EVP_PKEY *pkey);
 
-int		X509_check_private_key(X509 *x509,EVP_PKEY *pkey);
+int		X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey);
 
 int		X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
 unsigned long	X509_issuer_and_serial_hash(X509 *a);
diff --git a/lib/libcrypto/x509/x509_cmp.c b/lib/libcrypto/x509/x509_cmp.c
index b8d1cd46803..6819c3b1f7a 100644
--- a/lib/libcrypto/x509/x509_cmp.c
+++ b/lib/libcrypto/x509/x509_cmp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_cmp.c,v 1.32 2018/05/13 10:36:35 tb Exp $ */
+/* $OpenBSD: x509_cmp.c,v 1.33 2018/05/18 19:24:08 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -343,12 +343,12 @@ X509_get0_pubkey_bitstr(const X509 *x)
 }
 
 int
-X509_check_private_key(X509 *x, EVP_PKEY *k)
+X509_check_private_key(const X509 *x, const EVP_PKEY *k)
 {
-	EVP_PKEY *xk;
+	const EVP_PKEY *xk;
 	int ret;
 
-	xk = X509_get_pubkey(x);
+	xk = X509_get0_pubkey(x);
 
 	if (xk)
 		ret = EVP_PKEY_cmp(xk, k);
@@ -367,7 +367,6 @@ X509_check_private_key(X509 *x, EVP_PKEY *k)
 	case -2:
 		X509error(X509_R_UNKNOWN_KEY_TYPE);
 	}
-	EVP_PKEY_free(xk);
 	if (ret > 0)
 		return 1;
 	return 0;