fix(x509.*) pass correct digest parameter to sign

fffonion · Aug 9, 2020 · 982ad48 · 982ad48
1 parent 26ed56a
commit 982ad48
Show file tree

Hide file tree

Showing 5 changed files with 33 additions and 13 deletions.
diff --git a/lib/resty/openssl/x509/crl.lua b/lib/resty/openssl/x509/crl.lua
@@ -160,12 +160,17 @@ function _M:sign(pkey, digest)
   if not pkey_lib.istype(pkey) then
     return false, "x509.crl:sign: expect a pkey instance at #1"
   end
-  if digest and not digest_lib.istype(digest) then
-    return false, "x509.crl:sign: expect a digest instance at #2"
+
+  if digest then
+    if not digest_lib.istype(digest) then
+      return false, "x509.crl:sign: expect a digest instance at #2"
+    elseif not digest.dtyp then
+      return false, "x509.crl:sign: expect a digest instance to have dtyp member"
+    end
   end
 
   -- returns size of signature if success
-  if C.X509_CRL_sign(self.ctx, pkey.ctx, digest and digest.ctx) == 0 then
+  if C.X509_CRL_sign(self.ctx, pkey.ctx, digest and digest.dtyp) == 0 then
     return false, format_error("x509.crl:sign")
   end
 

diff --git a/lib/resty/openssl/x509/csr.lua b/lib/resty/openssl/x509/csr.lua
@@ -169,12 +169,17 @@ function _M:sign(pkey, digest)
   if not pkey_lib.istype(pkey) then
     return false, "x509.csr:sign: expect a pkey instance at #1"
   end
-  if digest and not digest_lib.istype(digest) then
-    return false, "x509.csr:sign: expect a digest instance at #2"
+
+  if digest then
+    if not digest_lib.istype(digest) then
+      return false, "x509.csr:sign: expect a digest instance at #2"
+    elseif not digest.dtyp then
+      return false, "x509.csr:sign: expect a digest instance to have dtyp member"
+    end
   end
 
   -- returns size of signature if success
-  if C.X509_REQ_sign(self.ctx, pkey.ctx, digest and digest.ctx) == 0 then
+  if C.X509_REQ_sign(self.ctx, pkey.ctx, digest and digest.dtyp) == 0 then
     return false, format_error("x509.csr:sign")
   end
 

diff --git a/lib/resty/openssl/x509/init.lua b/lib/resty/openssl/x509/init.lua
@@ -334,12 +334,17 @@ function _M:sign(pkey, digest)
   if not pkey_lib.istype(pkey) then
     return false, "x509:sign: expect a pkey instance at #1"
   end
-  if digest and not digest_lib.istype(digest) then
-    return false, "x509:sign: expect a digest instance at #2"
+
+  if digest then
+    if not digest_lib.istype(digest) then
+      return false, "x509:sign: expect a digest instance at #2"
+    elseif not digest.dtyp then
+      return false, "x509:sign: expect a digest instance to have dtyp member"
+    end
   end
 
   -- returns size of signature if success
-  if C.X509_sign(self.ctx, pkey.ctx, digest and digest.ctx) == 0 then
+  if C.X509_sign(self.ctx, pkey.ctx, digest and digest.dtyp) == 0 then
     return false, format_error("x509:sign")
   end
 

diff --git a/scripts/templates/x509_functions.j2 b/scripts/templates/x509_functions.j2
@@ -4,12 +4,17 @@ function _M:sign(pkey, digest)
   if not pkey_lib.istype(pkey) then
     return false, "{{modname}}:sign: expect a pkey instance at #1"
   end
-  if digest and not digest_lib.istype(digest) then
-    return false, "{{modname}}:sign: expect a digest instance at #2"
+
+  if digest then
+    if not digest_lib.istype(digest) then
+      return false, "{{modname}}:sign: expect a digest instance at #2"
+    elseif not digest.dtyp then
+      return false, "{{modname}}:sign: expect a digest instance to have dtyp member"
+    end
   end
 
   -- returns size of signature if success
-  if C.{{ module.type }}_sign(self.ctx, pkey.ctx, digest and digest.ctx) == 0 then
+  if C.{{ module.type }}_sign(self.ctx, pkey.ctx, digest and digest.dtyp) == 0 then
     return false, format_error("{{ modname }}:sign")
   end
 

diff --git a/t/openssl/helper.lua b/t/openssl/helper.lua
@@ -25,7 +25,7 @@ local function create_self_signed(key_opts, names)
   cert:set_subject_name(nm)
   cert:set_issuer_name(nm)
 
-  cert:sign(key)
+  assert(cert:sign(key))
 
   return cert, key
 end