Fix PKey.check for public-only keys

3 files changed, 25 insertions, 0 deletions

diff --git a/ChangeLog b/ChangeLog
index 6d1440f..a361ad4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2011-11-01  Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+	* OpenSSL/crypto/pkey.c: Raise TypeError when trying to check a
+	  PKey instance which has no private component, instead of crashing.
+	  Based on fix by <lp:~dataway>.
+
 2011-09-14  Žiga Seilnacht <lp:ziga-seilnacht>
 
 	* OpenSSL/crypto/crypto.c: Allow exceptions from passphrase
diff --git a/OpenSSL/crypto/pkey.c b/OpenSSL/crypto/pkey.c
index 27ea4d4..b9472ec 100644
--- a/OpenSSL/crypto/pkey.c
+++ b/OpenSSL/crypto/pkey.c
@@ -124,6 +124,11 @@ crypto_PKey_check(crypto_PKeyObj *self, PyObject *args) {
         return NULL;
     }
 
+    if (self->only_public) {
+        PyErr_SetString(PyExc_TypeError, "public key only");
+        return NULL;
+    }
+
     if (self->pkey->type == EVP_PKEY_RSA) {
         RSA *rsa;
         rsa = EVP_PKEY_get1_RSA(self->pkey);
diff --git a/OpenSSL/test/test_crypto.py b/OpenSSL/test/test_crypto.py
index e0d7b27..62b9429 100644
--- a/OpenSSL/test/test_crypto.py
+++ b/OpenSSL/test/test_crypto.py
@@ -630,6 +630,20 @@ class PKeyTests(TestCase):
         self.assertRaises(TypeError, PKey().check, 1)
 
 
+    def test_check_public_key(self):
+        """
+        :py:meth:`PKeyType.check` raises :py:exc:`TypeError` if only the public
+        part of the key is available.
+        """
+        # A trick to get a public-only key
+        key = PKey()
+        key.generate_key(TYPE_RSA, 512)
+        cert = X509()
+        cert.set_pubkey(key)
+        pub = cert.get_pubkey()
+        self.assertRaises(TypeError, pub.check)
+
+
 
 class X509NameTests(TestCase):
     """