4 files changed, 22 insertions, 7 deletions

diff --git a/ext/openssl/ossl.h b/ext/openssl/ossl.h
index 97095f7d6f..f8023bc8c6 100644
--- a/ext/openssl/ossl.h
+++ b/ext/openssl/ossl.h
@@ -74,6 +74,11 @@ extern "C" {
 #  include <openssl/ocsp.h>
 #endif
 
+/* OpenSSL requires passwords for PEM-encoded files to be at least four
+ * characters long
+ */
+#define OSSL_MIN_PWD_LEN 4
+
 /*
  * Common Module
  */
diff --git a/ext/openssl/ossl_pkey_dsa.c b/ext/openssl/ossl_pkey_dsa.c
index 6fc3a44bbc..d3e91f00e3 100644
--- a/ext/openssl/ossl_pkey_dsa.c
+++ b/ext/openssl/ossl_pkey_dsa.c
@@ -318,7 +318,10 @@ ossl_dsa_export(int argc, VALUE *argv, VALUE self)
     if (!NIL_P(cipher)) {
 	ciph = GetCipherPtr(cipher);
 	if (!NIL_P(pass)) {
-	    passwd = StringValuePtr(pass);
+	    StringValue(pass);
+	    if (RSTRING_LENINT(pass) < OSSL_MIN_PWD_LEN)
+		ossl_raise(eOSSLError, "OpenSSL requires passwords to be at least four characters long");
+	    passwd = RSTRING_PTR(pass);
 	}
     }
     if (!(out = BIO_new(BIO_s_mem()))) {
diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c
index cfcaf97ab5..63bb8200e6 100644
--- a/ext/openssl/ossl_pkey_ec.c
+++ b/ext/openssl/ossl_pkey_ec.c
@@ -493,7 +493,10 @@ static VALUE ossl_ec_key_to_string(VALUE self, VALUE ciph, VALUE pass, int forma
 	    if (!NIL_P(ciph)) {
 		cipher = GetCipherPtr(ciph);
 		if (!NIL_P(pass)) {
-		    password = StringValuePtr(pass);
+		    StringValue(pass);
+		    if (RSTRING_LENINT(pass) < OSSL_MIN_PWD_LEN)
+			ossl_raise(eOSSLError, "OpenSSL requires passwords to be at least four characters long");
+		    password = RSTRING_PTR(pass);
 		}
 	    }
 	    else {
@@ -530,8 +533,8 @@ static VALUE ossl_ec_key_to_string(VALUE self, VALUE ciph, VALUE pass, int forma
 
 /*
  *  call-seq:
- *     key.to_pem   => String
- *     key.to_pem(cipher, pass_phrase) => String
+ *     key.export   => String
+ *     key.export(cipher, pass_phrase) => String
  *
  * Outputs the EC key in PEM encoding.  If +cipher+ and +pass_phrase+ are
  * given they will be used to encrypt the key.  +cipher+ must be an
@@ -540,7 +543,7 @@ static VALUE ossl_ec_key_to_string(VALUE self, VALUE ciph, VALUE pass, int forma
  * text.
  *
  */
-static VALUE ossl_ec_key_to_pem(int argc, VALUE *argv, VALUE self)
+static VALUE ossl_ec_key_export(int argc, VALUE *argv, VALUE self)
 {
     VALUE cipher, passwd;
     rb_scan_args(argc, argv, "02", &cipher, &passwd);
@@ -1533,7 +1536,8 @@ void Init_ossl_ec()
     rb_define_method(cEC, "dsa_verify_asn1", ossl_ec_key_dsa_verify_asn1, 2);
 /* do_sign/do_verify */
 
-    rb_define_method(cEC, "to_pem", ossl_ec_key_to_pem, -1);
+    rb_define_method(cEC, "export", ossl_ec_key_export, -1);
+    rb_define_alias(cEC, "to_pem", "export");
     rb_define_method(cEC, "to_der", ossl_ec_key_to_der, 0);
     rb_define_method(cEC, "to_text", ossl_ec_key_to_text, 0);
 
diff --git a/ext/openssl/ossl_pkey_rsa.c b/ext/openssl/ossl_pkey_rsa.c
index d3d69134bc..3fbd87fb48 100644
--- a/ext/openssl/ossl_pkey_rsa.c
+++ b/ext/openssl/ossl_pkey_rsa.c
@@ -314,7 +314,10 @@ ossl_rsa_export(int argc, VALUE *argv, VALUE self)
     if (!NIL_P(cipher)) {
 	ciph = GetCipherPtr(cipher);
 	if (!NIL_P(pass)) {
-	    passwd = StringValuePtr(pass);
+	    StringValue(pass);
+	    if (RSTRING_LENINT(pass) < OSSL_MIN_PWD_LEN)
+		ossl_raise(eOSSLError, "OpenSSL requires passwords to be at least four characters long");
+	    passwd = RSTRING_PTR(pass);
 	}
     }
     if (!(out = BIO_new(BIO_s_mem()))) {