diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2017-11-25 22:04:04 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2017-11-25 22:04:04 +0900 |
commit | ed15e4c51f517227e092b1e3b993b04a27c92e05 (patch) | |
tree | 76bbb1bc97bc7e4fd1423bb6aaa43631651b3a90 /ext/openssl/ossl_ns_spki.c | |
parent | 4e53940676a23a021d2f0543c2349396ea3cf430 (diff) | |
parent | f3b596e858ea1604d0ea5653bffe80672c22f079 (diff) | |
download | ruby-openssl-ed15e4c51f517227e092b1e3b993b04a27c92e05.tar.gz |
Merge branch 'maint'
* maint:
History.md: fix a typo
x509cert, x509crl, x509req, ns_spki: check sanity of public key
pkey: make pkey_check_public_key() non-static
test/test_cipher: fix test_non_aead_cipher_set_auth_data failure
cipher: disallow setting AAD for non-AEAD ciphers
test/test_ssl_session: skip tests for session_remove_cb
appveyor.yml: remove 'openssl version' line
Diffstat (limited to 'ext/openssl/ossl_ns_spki.c')
-rw-r--r-- | ext/openssl/ossl_ns_spki.c | 24 |
1 files changed, 14 insertions, 10 deletions
diff --git a/ext/openssl/ossl_ns_spki.c b/ext/openssl/ossl_ns_spki.c index f17b9509..6f61e61b 100644 --- a/ext/openssl/ossl_ns_spki.c +++ b/ext/openssl/ossl_ns_spki.c @@ -208,12 +208,13 @@ static VALUE ossl_spki_set_public_key(VALUE self, VALUE key) { NETSCAPE_SPKI *spki; + EVP_PKEY *pkey; GetSPKI(self, spki); - if (!NETSCAPE_SPKI_set_pubkey(spki, GetPKeyPtr(key))) { /* NO NEED TO DUP */ - ossl_raise(eSPKIError, NULL); - } - + pkey = GetPKeyPtr(key); + ossl_pkey_check_public_key(pkey); + if (!NETSCAPE_SPKI_set_pubkey(spki, pkey)) + ossl_raise(eSPKIError, "NETSCAPE_SPKI_set_pubkey"); return key; } @@ -307,17 +308,20 @@ static VALUE ossl_spki_verify(VALUE self, VALUE key) { NETSCAPE_SPKI *spki; + EVP_PKEY *pkey; GetSPKI(self, spki); - switch (NETSCAPE_SPKI_verify(spki, GetPKeyPtr(key))) { /* NO NEED TO DUP */ - case 0: + pkey = GetPKeyPtr(key); + ossl_pkey_check_public_key(pkey); + switch (NETSCAPE_SPKI_verify(spki, pkey)) { + case 0: + ossl_clear_error(); return Qfalse; - case 1: + case 1: return Qtrue; - default: - ossl_raise(eSPKIError, NULL); + default: + ossl_raise(eSPKIError, "NETSCAPE_SPKI_verify"); } - return Qnil; /* dummy */ } /* Document-class: OpenSSL::Netscape::SPKI |