Set OPENSSL_EC_NAMED_CURVE on our EC_KEY instances

This means any X.509 certs generated from our keys will be encoded along with the curve OID so that we can still load them afterwards.
author: Alex Stapleton <alexs@prol.etari.at> 2014-12-13 19:58:25 +0000
committer: Paul Kehrer <paul.l.kehrer@gmail.com> 2014-12-17 16:10:03 -0600
commit: d7cc80f22f9be184e4ce61c51fd7555b127a8e32 (patch)
tree: d0d44f60649434c6caf5410399c80e1a87e403da /src/cryptography/hazmat/backends
parent: 4d8de138910628db04a1c861303e744e7f10729a (diff)
download: cryptography-d7cc80f22f9be184e4ce61c51fd7555b127a8e32.tar.gz
cryptography-d7cc80f22f9be184e4ce61c51fd7555b127a8e32.tar.bz2
cryptography-d7cc80f22f9be184e4ce61c51fd7555b127a8e32.zip
2 files changed, 20 insertions, 0 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index daccf5ca..95e31264 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -896,6 +896,8 @@ class Backend(object):
             res = self._lib.EC_KEY_check_key(ec_cdata)
             assert res == 1
 
+            self._mark_asn1_named_ec_curve(ec_cdata)
+
             return _EllipticCurvePrivateKey(self, ec_cdata)
         else:
             raise UnsupportedAlgorithm(
@@ -928,6 +930,8 @@ class Backend(object):
             ec_cdata, self._int_to_bn(numbers.private_value))
         assert res == 1
 
+        self._mark_asn1_named_ec_curve(ec_cdata)
+
         return _EllipticCurvePrivateKey(self, ec_cdata)
 
     def elliptic_curve_public_key_from_numbers(self, numbers):
@@ -949,6 +953,8 @@ class Backend(object):
         ec_cdata = self._ec_key_set_public_key_affine_coordinates(
             ec_cdata, numbers.x, numbers.y)
 
+        self._mark_asn1_named_ec_curve(ec_cdata)
+
         return _EllipticCurvePublicKey(self, ec_cdata)
 
     def _elliptic_curve_to_nid(self, curve):
@@ -971,6 +977,18 @@ class Backend(object):
             )
         return curve_nid
 
+    def _mark_asn1_named_ec_curve(self, ec_cdata):
+        """
+        Set the named curve flag on the EC_KEY. This causes OpenSSL to
+        serialise EC keys along with their curve OID which makes
+        deserialisation easier.
+        """
+
+        self._lib.EC_KEY_set_asn1_flag(
+            ec_cdata,
+            self._backend._lib.OPENSSL_EC_NAMED_CURVE
+        )
+
     @contextmanager
     def _tmp_bn_ctx(self):
         bn_ctx = self._lib.BN_CTX_new()
diff --git a/src/cryptography/hazmat/backends/openssl/ec.py b/src/cryptography/hazmat/backends/openssl/ec.py
index 56b7893e..9c616a30 100644
--- a/src/cryptography/hazmat/backends/openssl/ec.py
+++ b/src/cryptography/hazmat/backends/openssl/ec.py
@@ -167,6 +167,8 @@ class _EllipticCurvePrivateKey(object):
         res = self._backend._lib.EC_KEY_set_public_key(public_ec_key, point)
         assert res == 1
 
+        self._backend._mark_asn1_named_ec_curve(public_ec_key)
+
         return _EllipticCurvePublicKey(
             self._backend, public_ec_key
         )
author	Alex Stapleton <alexs@prol.etari.at>	2014-12-13 19:58:25 +0000
committer	Paul Kehrer <paul.l.kehrer@gmail.com>	2014-12-17 16:10:03 -0600
commit	d7cc80f22f9be184e4ce61c51fd7555b127a8e32 (patch)
tree	d0d44f60649434c6caf5410399c80e1a87e403da /src/cryptography/hazmat/backends
parent	4d8de138910628db04a1c861303e744e7f10729a (diff)
download	cryptography-d7cc80f22f9be184e4ce61c51fd7555b127a8e32.tar.gz cryptography-d7cc80f22f9be184e4ce61c51fd7555b127a8e32.tar.bz2 cryptography-d7cc80f22f9be184e4ce61c51fd7555b127a8e32.zip