diff options
Diffstat (limited to 'ext')
-rw-r--r-- | ext/openssl/ossl.h | 5 | ||||
-rw-r--r-- | ext/openssl/ossl_pkey_dsa.c | 5 | ||||
-rw-r--r-- | ext/openssl/ossl_pkey_ec.c | 14 | ||||
-rw-r--r-- | ext/openssl/ossl_pkey_rsa.c | 5 |
4 files changed, 22 insertions, 7 deletions
diff --git a/ext/openssl/ossl.h b/ext/openssl/ossl.h index 97095f7d6f..f8023bc8c6 100644 --- a/ext/openssl/ossl.h +++ b/ext/openssl/ossl.h @@ -74,6 +74,11 @@ extern "C" { # include <openssl/ocsp.h> #endif +/* OpenSSL requires passwords for PEM-encoded files to be at least four + * characters long + */ +#define OSSL_MIN_PWD_LEN 4 + /* * Common Module */ diff --git a/ext/openssl/ossl_pkey_dsa.c b/ext/openssl/ossl_pkey_dsa.c index 6fc3a44bbc..d3e91f00e3 100644 --- a/ext/openssl/ossl_pkey_dsa.c +++ b/ext/openssl/ossl_pkey_dsa.c @@ -318,7 +318,10 @@ ossl_dsa_export(int argc, VALUE *argv, VALUE self) if (!NIL_P(cipher)) { ciph = GetCipherPtr(cipher); if (!NIL_P(pass)) { - passwd = StringValuePtr(pass); + StringValue(pass); + if (RSTRING_LENINT(pass) < OSSL_MIN_PWD_LEN) + ossl_raise(eOSSLError, "OpenSSL requires passwords to be at least four characters long"); + passwd = RSTRING_PTR(pass); } } if (!(out = BIO_new(BIO_s_mem()))) { diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c index cfcaf97ab5..63bb8200e6 100644 --- a/ext/openssl/ossl_pkey_ec.c +++ b/ext/openssl/ossl_pkey_ec.c @@ -493,7 +493,10 @@ static VALUE ossl_ec_key_to_string(VALUE self, VALUE ciph, VALUE pass, int forma if (!NIL_P(ciph)) { cipher = GetCipherPtr(ciph); if (!NIL_P(pass)) { - password = StringValuePtr(pass); + StringValue(pass); + if (RSTRING_LENINT(pass) < OSSL_MIN_PWD_LEN) + ossl_raise(eOSSLError, "OpenSSL requires passwords to be at least four characters long"); + password = RSTRING_PTR(pass); } } else { @@ -530,8 +533,8 @@ static VALUE ossl_ec_key_to_string(VALUE self, VALUE ciph, VALUE pass, int forma /* * call-seq: - * key.to_pem => String - * key.to_pem(cipher, pass_phrase) => String + * key.export => String + * key.export(cipher, pass_phrase) => String * * Outputs the EC key in PEM encoding. If +cipher+ and +pass_phrase+ are * given they will be used to encrypt the key. +cipher+ must be an @@ -540,7 +543,7 @@ static VALUE ossl_ec_key_to_string(VALUE self, VALUE ciph, VALUE pass, int forma * text. * */ -static VALUE ossl_ec_key_to_pem(int argc, VALUE *argv, VALUE self) +static VALUE ossl_ec_key_export(int argc, VALUE *argv, VALUE self) { VALUE cipher, passwd; rb_scan_args(argc, argv, "02", &cipher, &passwd); @@ -1533,7 +1536,8 @@ void Init_ossl_ec() rb_define_method(cEC, "dsa_verify_asn1", ossl_ec_key_dsa_verify_asn1, 2); /* do_sign/do_verify */ - rb_define_method(cEC, "to_pem", ossl_ec_key_to_pem, -1); + rb_define_method(cEC, "export", ossl_ec_key_export, -1); + rb_define_alias(cEC, "to_pem", "export"); rb_define_method(cEC, "to_der", ossl_ec_key_to_der, 0); rb_define_method(cEC, "to_text", ossl_ec_key_to_text, 0); diff --git a/ext/openssl/ossl_pkey_rsa.c b/ext/openssl/ossl_pkey_rsa.c index d3d69134bc..3fbd87fb48 100644 --- a/ext/openssl/ossl_pkey_rsa.c +++ b/ext/openssl/ossl_pkey_rsa.c @@ -314,7 +314,10 @@ ossl_rsa_export(int argc, VALUE *argv, VALUE self) if (!NIL_P(cipher)) { ciph = GetCipherPtr(cipher); if (!NIL_P(pass)) { - passwd = StringValuePtr(pass); + StringValue(pass); + if (RSTRING_LENINT(pass) < OSSL_MIN_PWD_LEN) + ossl_raise(eOSSLError, "OpenSSL requires passwords to be at least four characters long"); + passwd = RSTRING_PTR(pass); } } if (!(out = BIO_new(BIO_s_mem()))) { |