Merge pull request #762 from KJTsanaktsidis/ktsanaktsidis/fix_asan_error

Fix test_create_with_mac_iter accidently setting keytype not maciter

ext/openssl/ossl_pkcs12.c

@@ -134,6 +134,10 @@ ossl_pkcs12_s_create(int argc, VALUE *argv, VALUE self)
  if (!NIL_P(keytype))
  ktype = NUM2INT(keytype);
 
+ if (ktype != 0 && ktype != KEY_SIG && ktype != KEY_EX) {
+ ossl_raise(rb_eArgError, "Unknown key usage type %"PRIsVALUE, INT2NUM(ktype));
+ }
+
  obj = NewPKCS12(cPKCS12);
  x509s = NIL_P(ca) ? NULL : ossl_x509_ary2sk(ca);
  p12 = PKCS12_create(passphrase, friendlyname, key, x509, x509s,
@@ -272,4 +276,8 @@ Init_ossl_pkcs12(void)
  rb_attr(cPKCS12, rb_intern("ca_certs"), 1, 0, Qfalse);
  rb_define_method(cPKCS12, "initialize", ossl_pkcs12_initialize, -1);
  rb_define_method(cPKCS12, "to_der", ossl_pkcs12_to_der, 0);
+
+ /* MSIE specific PKCS12 key usage extensions */
+ rb_define_const(cPKCS12, "KEY_EX", INT2NUM(KEY_EX));
+ rb_define_const(cPKCS12, "KEY_SIG", INT2NUM(KEY_SIG));
 }

test/openssl/test_pkcs12.rb

@@ -159,7 +159,6 @@ def test_create_with_mac_itr
  DEFAULT_PBE_PKEYS,
  DEFAULT_PBE_CERTS,
  nil,
- nil,
  2048
  )
 
@@ -178,6 +177,36 @@ def test_create_with_mac_itr
  end
  end
 
+ def test_create_with_keytype
+ OpenSSL::PKCS12.create(
+ "omg",
+ "hello",
+ @mykey,
+ @mycert,
+ [],
+ DEFAULT_PBE_PKEYS,
+ DEFAULT_PBE_CERTS,
+ nil,
+ nil,
+ OpenSSL::PKCS12::KEY_SIG
+ )
+
+ assert_raise(ArgumentError) do
+ OpenSSL::PKCS12.create(
+ "omg",
+ "hello",
+ @mykey,
+ @mycert,
+ [],
+ DEFAULT_PBE_PKEYS,
+ DEFAULT_PBE_CERTS,
+ nil,
+ nil,
+ 2048
+ )
+ end
+ end
+
  def test_new_with_no_keys
  # generated with:
  # openssl pkcs12 -certpbe PBE-SHA1-3DES -in <@mycert> -nokeys -export