diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2017-11-11 01:08:27 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2017-11-13 15:34:50 +0900 |
commit | 363f40fb47bef81a784d4cc6feabef345ada9b0f (patch) | |
tree | dfe18253ab54210ceb077409d2360617bead8369 /ext/openssl/ruby_missing.h | |
parent | 1425bf543ddcf7280877624532128cdd311f54ab (diff) | |
download | ruby-openssl-ky/pkey-check-sanity.tar.gz |
x509cert, x509crl, x509req, ns_spki: check sanity of public keyky/pkey-check-sanity
The pub_encode routine of an EVP_PKEY_ASN1_METHOD seems to assume the
parameters and public key component(s) to be set properly. Calling that,
for example, through X509_set_pubkey(), with an incomplete object may
cause segfault.
Use ossl_pkey_check_public_key() to check that. It doesn't look pretty,
but unfortunately there isn't a generic way to do that with the EVP API.
Something similar applies to the verify routine of an EVP_PKEY_METHOD.
Do the same check before calling *_verify().
Reference: http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/83688
Reference: https://bugs.ruby-lang.org/issues/14087
Diffstat (limited to 'ext/openssl/ruby_missing.h')
0 files changed, 0 insertions, 0 deletions