diff options
author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2017-09-09 07:03:50 +0800 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2017-09-08 19:03:50 -0400 |
commit | d4bde9ce6668bb019f9c9db4cd26280e6cf7fa21 (patch) | |
tree | 767e7044ffb9b2fb92c425300b0388f3980fe418 /src/cryptography/hazmat/backends/openssl/rsa.py | |
parent | 52067bc300ec37c1b4a4b889fd7828600f5b9ce1 (diff) | |
download | cryptography-d4bde9ce6668bb019f9c9db4cd26280e6cf7fa21.tar.gz cryptography-d4bde9ce6668bb019f9c9db4cd26280e6cf7fa21.tar.bz2 cryptography-d4bde9ce6668bb019f9c9db4cd26280e6cf7fa21.zip |
RSA OAEP label support for OpenSSL 1.0.2+ (#3897)
* RSA OAEP label support for OpenSSL 1.0.2+
* changelog
* move around tests, address review feedback, use backend supported method
* unsupported padding catches this now
Diffstat (limited to 'src/cryptography/hazmat/backends/openssl/rsa.py')
-rw-r--r-- | src/cryptography/hazmat/backends/openssl/rsa.py | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/rsa.py b/src/cryptography/hazmat/backends/openssl/rsa.py index 839ef147..05b4e9dc 100644 --- a/src/cryptography/hazmat/backends/openssl/rsa.py +++ b/src/cryptography/hazmat/backends/openssl/rsa.py @@ -57,9 +57,6 @@ def _enc_dec_rsa(backend, key, data, padding): _Reasons.UNSUPPORTED_PADDING ) - if padding._label is not None and padding._label != b"": - raise ValueError("This backend does not support OAEP labels.") - else: raise UnsupportedAlgorithm( "{0} is not supported by this backend.".format( @@ -106,6 +103,21 @@ def _enc_dec_rsa_pkey_ctx(backend, key, data, padding_enum, padding): res = backend._lib.EVP_PKEY_CTX_set_rsa_oaep_md(pkey_ctx, oaep_md) backend.openssl_assert(res > 0) + if ( + isinstance(padding, OAEP) and + padding._label is not None and + len(padding._label) > 0 + ): + # set0_rsa_oaep_label takes ownership of the char * so we need to + # copy it into some new memory + labelptr = backend._lib.OPENSSL_malloc(len(padding._label)) + backend.openssl_assert(labelptr != backend._ffi.NULL) + backend._ffi.memmove(labelptr, padding._label, len(padding._label)) + res = backend._lib.EVP_PKEY_CTX_set0_rsa_oaep_label( + pkey_ctx, labelptr, len(padding._label) + ) + backend.openssl_assert(res == 1) + outlen = backend._ffi.new("size_t *", buf_size) buf = backend._ffi.new("unsigned char[]", buf_size) res = crypt(pkey_ctx, buf, outlen, data, len(data)) |