diff options
author | Jean-Paul Calderone <exarkun@divmod.com> | 2011-11-01 10:17:25 -0400 |
---|---|---|
committer | Jean-Paul Calderone <exarkun@divmod.com> | 2011-11-01 10:17:25 -0400 |
commit | 22d915f1197342ce2988cdd9f5e171bc37aa120b (patch) | |
tree | 358c6add1c71f73173c6bb11058b795b8bac193b | |
parent | 56b2fb8abb3ea3d846bb336a7bc25fa2b0a9c0d9 (diff) | |
parent | 02d0197da67256734bfe7e9e8a4f82c7f037a863 (diff) | |
download | pyopenssl-22d915f1197342ce2988cdd9f5e171bc37aa120b.tar.gz |
Fix PKey.check for public-only keys
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | OpenSSL/crypto/pkey.c | 5 | ||||
-rw-r--r-- | OpenSSL/test/test_crypto.py | 14 |
3 files changed, 25 insertions, 0 deletions
@@ -1,3 +1,9 @@ +2011-11-01 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * OpenSSL/crypto/pkey.c: Raise TypeError when trying to check a + PKey instance which has no private component, instead of crashing. + Based on fix by <lp:~dataway>. + 2011-09-14 Žiga Seilnacht <lp:ziga-seilnacht> * OpenSSL/crypto/crypto.c: Allow exceptions from passphrase diff --git a/OpenSSL/crypto/pkey.c b/OpenSSL/crypto/pkey.c index 27ea4d4..b9472ec 100644 --- a/OpenSSL/crypto/pkey.c +++ b/OpenSSL/crypto/pkey.c @@ -124,6 +124,11 @@ crypto_PKey_check(crypto_PKeyObj *self, PyObject *args) { return NULL; } + if (self->only_public) { + PyErr_SetString(PyExc_TypeError, "public key only"); + return NULL; + } + if (self->pkey->type == EVP_PKEY_RSA) { RSA *rsa; rsa = EVP_PKEY_get1_RSA(self->pkey); diff --git a/OpenSSL/test/test_crypto.py b/OpenSSL/test/test_crypto.py index e0d7b27..62b9429 100644 --- a/OpenSSL/test/test_crypto.py +++ b/OpenSSL/test/test_crypto.py @@ -630,6 +630,20 @@ class PKeyTests(TestCase): self.assertRaises(TypeError, PKey().check, 1) + def test_check_public_key(self): + """ + :py:meth:`PKeyType.check` raises :py:exc:`TypeError` if only the public + part of the key is available. + """ + # A trick to get a public-only key + key = PKey() + key.generate_key(TYPE_RSA, 512) + cert = X509() + cert.set_pubkey(key) + pub = cert.get_pubkey() + self.assertRaises(TypeError, pub.check) + + class X509NameTests(TestCase): """ |