From e334f711688336ab8bb1a9c887012064254e1bf4 Mon Sep 17 00:00:00 2001
From: Anthony Uk <uk@dataway.ch>
Date: Mon, 31 Oct 2011 14:40:16 +0100
Subject: Fix segfault on PKey.check() when there is no private key

---
 OpenSSL/crypto/pkey.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/OpenSSL/crypto/pkey.c b/OpenSSL/crypto/pkey.c
index 27ea4d4..711306d 100644
--- a/OpenSSL/crypto/pkey.c
+++ b/OpenSSL/crypto/pkey.c
@@ -124,6 +124,11 @@ crypto_PKey_check(crypto_PKeyObj *self, PyObject *args) {
         return NULL;
     }
 
+    if (self->only_public) {
+        PyErr_SetString(PyExc_TypeError, "public key only");
+        return NULL;
+	}
+
     if (self->pkey->type == EVP_PKEY_RSA) {
         RSA *rsa;
         rsa = EVP_PKEY_get1_RSA(self->pkey);
-- 
cgit v1.2.1


From 02d0197da67256734bfe7e9e8a4f82c7f037a863 Mon Sep 17 00:00:00 2001
From: Jean-Paul Calderone <exarkun@divmod.com>
Date: Mon, 31 Oct 2011 10:39:29 -0400
Subject: Add a unit test for checking a public key

---
 OpenSSL/crypto/pkey.c       |  2 +-
 OpenSSL/test/test_crypto.py | 14 ++++++++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/OpenSSL/crypto/pkey.c b/OpenSSL/crypto/pkey.c
index 711306d..b9472ec 100644
--- a/OpenSSL/crypto/pkey.c
+++ b/OpenSSL/crypto/pkey.c
@@ -127,7 +127,7 @@ crypto_PKey_check(crypto_PKeyObj *self, PyObject *args) {
     if (self->only_public) {
         PyErr_SetString(PyExc_TypeError, "public key only");
         return NULL;
-	}
+    }
 
     if (self->pkey->type == EVP_PKEY_RSA) {
         RSA *rsa;
diff --git a/OpenSSL/test/test_crypto.py b/OpenSSL/test/test_crypto.py
index e0d7b27..62b9429 100644
--- a/OpenSSL/test/test_crypto.py
+++ b/OpenSSL/test/test_crypto.py
@@ -630,6 +630,20 @@ class PKeyTests(TestCase):
         self.assertRaises(TypeError, PKey().check, 1)
 
 
+    def test_check_public_key(self):
+        """
+        :py:meth:`PKeyType.check` raises :py:exc:`TypeError` if only the public
+        part of the key is available.
+        """
+        # A trick to get a public-only key
+        key = PKey()
+        key.generate_key(TYPE_RSA, 512)
+        cert = X509()
+        cert.set_pubkey(key)
+        pub = cert.get_pubkey()
+        self.assertRaises(TypeError, pub.check)
+
+
 
 class X509NameTests(TestCase):
     """
-- 
cgit v1.2.1