Fix X509_PUBKEY_cmp(), move to crypto/x509/x_pubkey.c, rename, export, and document it

Fixes #11870 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11894)
2025-05-13 09:59:40 +00:00 · 2020-05-21 10:37:22 +02:00 · 2020-05-21 10:37:22 +02:00 · 93f99b681a
commit 93f99b681a
parent 7674e92324
5 changed files with 35 additions and 22 deletions
--- a/crypto/crmf/crmf_lib.c
+++ b/crypto/crmf/crmf_lib.c
@ -461,25 +461,6 @@ int OSSL_CRMF_MSG_create_popo(OSSL_CRMF_MSG *crm, EVP_PKEY *pkey,
    return 0;
 }

-/* returns 0 for equal, -1 for a < b or error on a, 1 for a > b or error on b */
-static int X509_PUBKEY_cmp(X509_PUBKEY *a, X509_PUBKEY *b)
-{
-    X509_ALGOR *algA = NULL, *algB = NULL;
-    int res = 0;
-
-    if (a == b)
-        return 0;
-    if (a == NULL || !X509_PUBKEY_get0_param(NULL, NULL, NULL, &algA, a)
-            || algA == NULL)
-        return -1;
-    if (b == NULL || !X509_PUBKEY_get0_param(NULL, NULL, NULL, &algB, b)
-            || algB == NULL)
-        return 1;
-    if ((res = X509_ALGOR_cmp(algA, algB)) != 0)
-        return res;
-    return EVP_PKEY_cmp(X509_PUBKEY_get0(a), X509_PUBKEY_get0(b));
-}
-
 /* verifies the Proof-of-Possession of the request with the given rid in reqs */
 int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
                               int rid, int acceptRAVerified)
@ -522,7 +503,7 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
                CRMFerr(0, CRMF_R_POPO_MISSING_PUBLIC_KEY);
                return 0;
            }
-            if (X509_PUBKEY_cmp(pubkey, sig->poposkInput->publicKey) != 0) {
+            if (X509_PUBKEY_eq(pubkey, sig->poposkInput->publicKey) != 1) {
                CRMFerr(0, CRMF_R_POPO_INCONSISTENT_PUBLIC_KEY);
                return 0;
            }
--- a/crypto/x509/x_pubkey.c
+++ b/crypto/x509/x_pubkey.c
@ -472,3 +472,24 @@ ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x)
        return NULL;
    return x->cert_info.key->public_key;
 }
+
+/* Returns 1 for equal, 0, for non-equal, < 0 on error */
+int X509_PUBKEY_eq(const X509_PUBKEY *a, const X509_PUBKEY *b)
+{
+    X509_ALGOR *algA, *algB;
+    EVP_PKEY *pA, *pB;
+
+    if (a == b)
+        return 1;
+    if (a == NULL || b == NULL)
+        return 0;
+    if (!X509_PUBKEY_get0_param(NULL, NULL, NULL, &algA, a) || algA == NULL
+        || !X509_PUBKEY_get0_param(NULL, NULL, NULL, &algB, b) || algB == NULL)
+        return -2;
+    if (X509_ALGOR_cmp(algA, algB) != 0)
+        return 0;
+    if ((pA = X509_PUBKEY_get0(a)) == NULL
+        || (pB = X509_PUBKEY_get0(b)) == NULL)
+        return -2;
+    return EVP_PKEY_cmp(pA, pB);
+}
--- a/doc/man3/X509_PUBKEY_new.pod
+++ b/doc/man3/X509_PUBKEY_new.pod
@ -5,8 +5,8 @@
 X509_PUBKEY_new, X509_PUBKEY_free, X509_PUBKEY_dup,
 X509_PUBKEY_set, X509_PUBKEY_get0, X509_PUBKEY_get,
 d2i_PUBKEY, i2d_PUBKEY, d2i_PUBKEY_bio, d2i_PUBKEY_fp,
-i2d_PUBKEY_fp, i2d_PUBKEY_bio, X509_PUBKEY_set0_param,
-X509_PUBKEY_get0_param - SubjectPublicKeyInfo public key functions
+i2d_PUBKEY_fp, i2d_PUBKEY_bio, X509_PUBKEY_set0_param, X509_PUBKEY_get0_param,
+X509_PUBKEY_eq - SubjectPublicKeyInfo public key functions

 =head1 SYNOPSIS

@ -35,6 +35,7 @@ X509_PUBKEY_get0_param - SubjectPublicKeyInfo public key functions
 int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
                            const unsigned char **pk, int *ppklen,
                            X509_ALGOR **pa, const X509_PUBKEY *pub);
+ int X509_PUBKEY_eq(X509_PUBKEY *a, X509_PUBKEY *b);

 =head1 DESCRIPTION

@ -81,6 +82,8 @@ parameters is not required it can be set to B<NULL>. All of the
 retrieved pointers are internal and must not be freed after the
 call.

+X509_PUBKEY_eq() compares two B<X509_PUBKEY> values.
+
 =head1 NOTES

 The B<X509_PUBKEY> functions can be used to encode and decode public keys
@ -104,12 +107,18 @@ structure or B<NULL> if an error occurs.
 X509_PUBKEY_set(), X509_PUBKEY_set0_param() and X509_PUBKEY_get0_param()
 return 1 for success and 0 if an error occurred.

+X509_PUBKEY_eq() returns 1 for equal, 0 for different, and < 0 on error.
+
 =head1 SEE ALSO

 L<d2i_X509(3)>,
 L<ERR_get_error(3)>,
 L<X509_get_pubkey(3)>,

+=head1 HISTORY
+
+The X509_PUBKEY_eq() function was added in OpenSSL 3.0.
+
 =head1 COPYRIGHT

 Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@ -1053,6 +1053,7 @@ int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
 int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
                           const unsigned char **pk, int *ppklen,
                           X509_ALGOR **pa, const X509_PUBKEY *pub);
+int X509_PUBKEY_eq(const X509_PUBKEY *a, const X509_PUBKEY *b);

 int X509_check_trust(X509 *x, int id, int flags);
 int X509_TRUST_get_count(void);
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@ -5094,3 +5094,4 @@ EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen ?	3_0_0	EXIST::FUNCTION:RSA
 EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md ?	3_0_0	EXIST::FUNCTION:RSA
 EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name ?	3_0_0	EXIST::FUNCTION:RSA
 OSSL_PROVIDER_do_all                    ?	3_0_0	EXIST::FUNCTION:
+X509_PUBKEY_eq                          ?	3_0_0	EXIST::FUNCTION: