From f4c717bcb2276c3c3dbe4ec3da159d6f6b3ff861 Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Tue, 21 Mar 2017 18:23:53 +0900 Subject: pkey: assume generic PKeys contain private components The EVP interface cannot tell whether if a pkey contains the private components or not. Assume it does if it does not respond to #private?. This fixes the NoMethodError on calling #sign on a generic PKey. --- ext/openssl/ossl_pkey.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) (limited to 'ext') diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c index 23204087..516ee8b3 100644 --- a/ext/openssl/ossl_pkey.c +++ b/ext/openssl/ossl_pkey.c @@ -246,12 +246,19 @@ GetPrivPKeyPtr(VALUE obj) { EVP_PKEY *pkey; - if (rb_funcallv(obj, id_private_q, 0, NULL) != Qtrue) { - ossl_raise(rb_eArgError, "Private key is needed."); - } GetPKey(obj, pkey); + if (OSSL_PKEY_IS_PRIVATE(obj)) + return pkey; + /* + * The EVP API does not provide a way to check if the EVP_PKEY has private + * components. Assuming it does... + */ + if (!rb_respond_to(obj, id_private_q)) + return pkey; + if (RTEST(rb_funcallv(obj, id_private_q, 0, NULL))) + return pkey; - return pkey; + rb_raise(rb_eArgError, "private key is needed"); } EVP_PKEY * -- cgit v1.2.3