Correctly handle errors from X509_CRL_sign

pyca · Sep 13, 2011 · c7293bc · c7293bc
1 parent 54d99bc
commit c7293bc
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 4 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,8 @@
+2011-09-13  Jean-Paul Calderone  <exarkun@twistedmatrix.com>
+
+	* OpenSSL/crypto/crl.c: Add error handling for the use of
+	  X509_CRL_sign.
+
 2011-09-11  Jonathan Ballet  <lp:multani>
 
 	* doc/: Convert the LaTeX documentation to Sphinx-using ReST.

diff --git a/OpenSSL/crypto/crl.c b/OpenSSL/crypto/crl.c
@@ -131,13 +131,13 @@ crypto_CRL_export(crypto_CRLObj *self, PyObject *args, PyObject *keywds) {
     ASN1_TIME *tmptm;
     crypto_X509Obj *x509;
     static char *kwlist[] = {"cert", "key", "type", "days", NULL};
-    
+
     if (!PyArg_ParseTupleAndKeywords(args, keywds, "O!O!|ii:dump_crl", kwlist,
-                                     &crypto_X509_Type, &x509, 
+                                     &crypto_X509_Type, &x509,
                                      &crypto_PKey_Type, &key, &type, &days)) {
         return NULL;
     }
-    
+
     bio = BIO_new(BIO_s_mem());
     tmptm = ASN1_TIME_new();
     if (!tmptm) {
@@ -149,7 +149,13 @@ crypto_CRL_export(crypto_CRLObj *self, PyObject *args, PyObject *keywds) {
     X509_CRL_set_nextUpdate(self->crl, tmptm);
     ASN1_TIME_free(tmptm);
     X509_CRL_set_issuer_name(self->crl, X509_get_subject_name(x509->x509));
-    X509_CRL_sign(self->crl, key->pkey, EVP_md5());
+
+    if (!X509_CRL_sign(self->crl, key->pkey, EVP_md5())) {
+        exception_from_error_queue(crypto_Error);
+        BIO_free(bio);
+        return NULL;
+    }
+
     switch (type) {
         case X509_FILETYPE_PEM:
             ret = PEM_write_bio_X509_CRL(bio, self->crl);

diff --git a/OpenSSL/test/test_crypto.py b/OpenSSL/test/test_crypto.py
@@ -2515,6 +2515,15 @@ def test_export(self):
         self.assertEqual(text, dumped_text)
 
 
+    def test_export_invalid(self):
+        """
+        If :py:obj:`CRL.export` is used with an uninitialized :py:obj:`X509`
+        instance, :py:obj:`ValueError` is raised.
+        """
+        crl = CRL()
+        self.assertRaises(Error, crl.export, X509(), PKey())
+
+
     def test_add_revoked_keyword(self):
         """
         :py:obj:`OpenSSL.CRL.add_revoked` accepts its single argument as the