diff options
author | Alex Stapleton <alexs@prol.etari.at> | 2014-12-13 19:58:25 +0000 |
---|---|---|
committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2014-12-17 16:10:03 -0600 |
commit | d7cc80f22f9be184e4ce61c51fd7555b127a8e32 (patch) | |
tree | d0d44f60649434c6caf5410399c80e1a87e403da /src/cryptography/hazmat/backends | |
parent | 4d8de138910628db04a1c861303e744e7f10729a (diff) | |
download | cryptography-d7cc80f22f9be184e4ce61c51fd7555b127a8e32.tar.gz cryptography-d7cc80f22f9be184e4ce61c51fd7555b127a8e32.tar.bz2 cryptography-d7cc80f22f9be184e4ce61c51fd7555b127a8e32.zip |
Set OPENSSL_EC_NAMED_CURVE on our EC_KEY instances
This means any X.509 certs generated from our keys will be encoded
along with the curve OID so that we can still load them afterwards.
Diffstat (limited to 'src/cryptography/hazmat/backends')
-rw-r--r-- | src/cryptography/hazmat/backends/openssl/backend.py | 18 | ||||
-rw-r--r-- | src/cryptography/hazmat/backends/openssl/ec.py | 2 |
2 files changed, 20 insertions, 0 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index daccf5ca..95e31264 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -896,6 +896,8 @@ class Backend(object): res = self._lib.EC_KEY_check_key(ec_cdata) assert res == 1 + self._mark_asn1_named_ec_curve(ec_cdata) + return _EllipticCurvePrivateKey(self, ec_cdata) else: raise UnsupportedAlgorithm( @@ -928,6 +930,8 @@ class Backend(object): ec_cdata, self._int_to_bn(numbers.private_value)) assert res == 1 + self._mark_asn1_named_ec_curve(ec_cdata) + return _EllipticCurvePrivateKey(self, ec_cdata) def elliptic_curve_public_key_from_numbers(self, numbers): @@ -949,6 +953,8 @@ class Backend(object): ec_cdata = self._ec_key_set_public_key_affine_coordinates( ec_cdata, numbers.x, numbers.y) + self._mark_asn1_named_ec_curve(ec_cdata) + return _EllipticCurvePublicKey(self, ec_cdata) def _elliptic_curve_to_nid(self, curve): @@ -971,6 +977,18 @@ class Backend(object): ) return curve_nid + def _mark_asn1_named_ec_curve(self, ec_cdata): + """ + Set the named curve flag on the EC_KEY. This causes OpenSSL to + serialise EC keys along with their curve OID which makes + deserialisation easier. + """ + + self._lib.EC_KEY_set_asn1_flag( + ec_cdata, + self._backend._lib.OPENSSL_EC_NAMED_CURVE + ) + @contextmanager def _tmp_bn_ctx(self): bn_ctx = self._lib.BN_CTX_new() diff --git a/src/cryptography/hazmat/backends/openssl/ec.py b/src/cryptography/hazmat/backends/openssl/ec.py index 56b7893e..9c616a30 100644 --- a/src/cryptography/hazmat/backends/openssl/ec.py +++ b/src/cryptography/hazmat/backends/openssl/ec.py @@ -167,6 +167,8 @@ class _EllipticCurvePrivateKey(object): res = self._backend._lib.EC_KEY_set_public_key(public_ec_key, point) assert res == 1 + self._backend._mark_asn1_named_ec_curve(public_ec_key) + return _EllipticCurvePublicKey( self._backend, public_ec_key ) |