diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2017-06-29 18:43:42 -0500 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2017-06-29 16:43:42 -0700 |
| commit | cded993dbbff8e8c777b95f4de0597cdf3f75c0d (patch) | |
| tree | 25bdb719b081caf7d3765aa104cf77468ca83d87 | |
| parent | 41c1024c4664fbd81afebae22cf923b9f6352b74 (diff) | |
| download | pyopenssl-cded993dbbff8e8c777b95f4de0597cdf3f75c0d.tar.gz | |
dump_privatekey with FILETYPE_TEXT only supports RSA keys (#646)
* dump_privatekey with FILETYPE_TEXT only supports RSA keys
FILETYPE_TEXT is terrible but everyone hold their nose
* also verify it's a pkey
| -rw-r--r-- | src/OpenSSL/crypto.py | 6 | ||||
| -rw-r--r-- | tests/test_crypto.py | 14 |
2 files changed, 20 insertions, 0 deletions
diff --git a/src/OpenSSL/crypto.py b/src/OpenSSL/crypto.py index ef2dcdf..5803ae9 100644 --- a/src/OpenSSL/crypto.py +++ b/src/OpenSSL/crypto.py @@ -1837,6 +1837,9 @@ def dump_privatekey(type, pkey, cipher=None, passphrase=None): """ bio = _new_mem_buf() + if not isinstance(pkey, PKey): + raise TypeError("pkey must be a PKey") + if cipher is not None: if passphrase is None: raise TypeError( @@ -1857,6 +1860,9 @@ def dump_privatekey(type, pkey, cipher=None, passphrase=None): elif type == FILETYPE_ASN1: result_code = _lib.i2d_PrivateKey_bio(bio, pkey._pkey) elif type == FILETYPE_TEXT: + if _lib.EVP_PKEY_id(pkey._pkey) != _lib.EVP_PKEY_RSA: + raise TypeError("Only RSA keys are supported for FILETYPE_TEXT") + rsa = _ffi.gc( _lib.EVP_PKEY_get1_RSA(pkey._pkey), _lib.RSA_free diff --git a/tests/test_crypto.py b/tests/test_crypto.py index 4197f11..916186b 100644 --- a/tests/test_crypto.py +++ b/tests/test_crypto.py @@ -2631,6 +2631,20 @@ class TestFunction(object): with pytest.raises(TypeError): dump_privatekey(FILETYPE_PEM, key, cipher=GOOD_CIPHER) + def test_dump_privatekey_not_rsa_key(self): + """ + `dump_privatekey` raises `TypeError` if called with a key that is + not RSA. + """ + key = PKey() + key.generate_key(TYPE_DSA, 512) + with pytest.raises(TypeError): + dump_privatekey(FILETYPE_TEXT, key) + + def test_dump_privatekey_invalid_pkey(self): + with pytest.raises(TypeError): + dump_privatekey(FILETYPE_TEXT, object()) + def test_dump_privatekey_unknown_cipher(self): """ `dump_privatekey` raises `ValueError` if called with an unrecognized |