aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKazuki Yamaguchi <k@rhe.jp>2018-01-04 18:26:41 +0900
committerKazuki Yamaguchi <k@rhe.jp>2018-01-04 18:48:07 +0900
commit769b5575d157aca77b78e44d94ea40ad08e3975e (patch)
treee534e7250e6a255c55b36f70ab7bd05a60f1a2de
parentb8b8f74e95854a8db793d8189952a51e5af53dea (diff)
downloadruby-openssl-769b5575d157aca77b78e44d94ea40ad08e3975e.tar.gz
pkcs7: allow recipient's certificate to be omitted for PKCS7#decryptky/pkcs7-decrypt-without-recipients-certificate
The recipient's certificate is not mandatory for PKCS7_decrypt(). Make it possible to call OpenSSL::PKCS7#decrypt with only the private key to match the functionality. Reference: https://github.com/ruby/openssl/issues/182
Diffstat
-rw-r--r--ext/openssl/ossl_pkcs7.c4
-rw-r--r--test/test_pkcs7.rb2
2 files changed, 4 insertions, 2 deletions
diff --git a/ext/openssl/ossl_pkcs7.c b/ext/openssl/ossl_pkcs7.c
index 6395fa6f..20301e71 100644
--- a/ext/openssl/ossl_pkcs7.c
+++ b/ext/openssl/ossl_pkcs7.c
@@ -803,9 +803,9 @@ ossl_pkcs7_decrypt(int argc, VALUE *argv, VALUE self)
BIO *out;
VALUE str;
- rb_scan_args(argc, argv, "21", &pkey, &cert, &flags);
+ rb_scan_args(argc, argv, "12", &pkey, &cert, &flags);
key = GetPrivPKeyPtr(pkey); /* NO NEED TO DUP */
- x509 = GetX509CertPtr(cert); /* NO NEED TO DUP */
+ x509 = NIL_P(cert) ? NULL : GetX509CertPtr(cert); /* NO NEED TO DUP */
flg = NIL_P(flags) ? 0 : NUM2INT(flags);
GetPKCS7(self, p7);
if(!(out = BIO_new(BIO_s_mem())))
diff --git a/test/test_pkcs7.rb b/test/test_pkcs7.rb
index 149d3b9b..6437112b 100644
--- a/test/test_pkcs7.rb
+++ b/test/test_pkcs7.rb
@@ -133,6 +133,8 @@ class OpenSSL::TestPKCS7 < OpenSSL::TestCase
assert_equal(@ca_cert.subject.to_s, recip[1].issuer.to_s)
assert_equal(3, recip[1].serial)
assert_equal(data, p7.decrypt(@rsa1024, @ee2_cert))
+
+ assert_equal(data, p7.decrypt(@rsa1024))
end
def test_graceful_parsing_failure #[ruby-core:43250]
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-02 07:05:11 +0000