Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / pyopenssl / ac0d95ffced49b559eb3fe80d8622ffc6b559899^! / . / src / crypto / x509.c
commitac0d95ffced49b559eb3fe80d8622ffc6b559899[log] [tgz]
authorJean-Paul Calderone <exarkun@boson>Mon Mar 10 00:00:42 2008 -0400
committerJean-Paul Calderone <exarkun@boson>Mon Mar 10 00:00:42 2008 -0400
treec245202fd1439dd3e14b3e340f48559787399b01
parent24c9926f143566b556723471238552521ecb3338 [diff] [blame]
fix segfaults with X509.sign and X509Req.sign with certain PKeys
diff --git a/src/crypto/x509.c b/src/crypto/x509.c
index ff1f3de..a10c53a 100644
--- a/src/crypto/x509.c
+++ b/src/crypto/x509.c

@@ -309,6 +309,7 @@
 {
     crypto_PKeyObj *crypto_PKey_New(EVP_PKEY *, int);
     EVP_PKEY *pkey;
+    crypto_PKeyObj *py_pkey;
 
     if (!PyArg_ParseTuple(args, ":get_pubkey"))
         return NULL;
@@ -319,7 +320,11 @@
         return NULL;
     }
 
-    return (PyObject *)crypto_PKey_New(pkey, 1);
+    py_pkey = crypto_PKey_New(pkey, 1);
+    if (py_pkey != NULL) {
+	py_pkey->only_public = 1;
+    }
+    return py_pkey;
 }
 
 static char crypto_X509_set_pubkey_doc[] = "\n\
@@ -568,6 +573,16 @@
 			  &digest_name))
         return NULL;
 
+    if (pkey->only_public) {
+	PyErr_SetString(PyExc_ValueError, "Key has only public part");
+	return NULL;
+    }
+
+    if (!pkey->initialized) {
+	PyErr_SetString(PyExc_ValueError, "Key is uninitialized");
+	return NULL;
+    }
+
     if ((digest = EVP_get_digestbyname(digest_name)) == NULL)
     {
         PyErr_SetString(PyExc_ValueError, "No such digest method");