Correctly check for export size limit

[oweals/openssl.git] / crypto / x509 / x509_cmp.c

diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index eb46a677a490d377b1f6ab16c877d95c962aff0d..9308249570060955954bfd4e898b2cb2d840689a 100644 (file)
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -58,11 +58,12 @@
 
 #include <stdio.h>
 #include <ctype.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/asn1.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
+#include "internal/x509_int.h"
 
 int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
 {
@@ -341,8 +342,7 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k)
     case -2:
         X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_UNKNOWN_KEY_TYPE);
     }
-    if (xk)
-        EVP_PKEY_free(xk);
+    EVP_PKEY_free(xk);
     if (ret > 0)
         return 1;
     return 0;
@@ -435,8 +435,7 @@ int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain,
     /* Final check: root CA signature */
     rv = check_suite_b(pk, X509_get_signature_nid(x), &tflags);
  end:
-    if (pk)
-        EVP_PKEY_free(pk);
+    EVP_PKEY_free(pk);
     if (rv != X509_V_OK) {
         /* Invalid signature or LOS errors are for previous cert */
         if ((rv == X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM