aboutsummaryrefslogtreecommitdiffstats
path: root/src/cryptography
diff options
context:
space:
mode:
authorPaul Kehrer <paul.l.kehrer@gmail.com>2019-10-16 11:51:09 +0800
committerAlex Gaynor <alex.gaynor@gmail.com>2019-10-15 23:51:09 -0400
commit9c759d08870d972f1d84e8543130bfb26be4e442 (patch)
tree9b4a5e322f9101af20ffa9d570fa79bc9d4b39ad /src/cryptography
parente575e3d482f976c4a1f3203d63ea0f5007a49a2a (diff)
downloadcryptography-9c759d08870d972f1d84e8543130bfb26be4e442.tar.gz
cryptography-9c759d08870d972f1d84e8543130bfb26be4e442.tar.bz2
cryptography-9c759d08870d972f1d84e8543130bfb26be4e442.zip
update openssls (#4995)
* update openssls * missed one * what will this do * only do this check for 1.1.0+
Diffstat (limited to 'src/cryptography')
-rw-r--r--src/cryptography/hazmat/backends/openssl/ec.py18
1 files changed, 15 insertions, 3 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/ec.py b/src/cryptography/hazmat/backends/openssl/ec.py
index 2ca48091..3d8681b4 100644
--- a/src/cryptography/hazmat/backends/openssl/ec.py
+++ b/src/cryptography/hazmat/backends/openssl/ec.py
@@ -34,7 +34,19 @@ def _ec_key_curve_sn(backend, ec_key):
# an error for now.
if nid == backend._lib.NID_undef:
raise NotImplementedError(
- "ECDSA certificates with unnamed curves are unsupported "
+ "ECDSA keys with unnamed curves are unsupported "
+ "at this time"
+ )
+
+ # This is like the above check, but it also catches the case where you
+ # explicitly encoded a curve with the same parameters as a named curve.
+ # Don't do that.
+ if (
+ backend._lib.CRYPTOGRAPHY_OPENSSL_110_OR_GREATER and
+ backend._lib.EC_GROUP_get_asn1_flag(group) == 0
+ ):
+ raise NotImplementedError(
+ "ECDSA keys with unnamed curves are unsupported "
"at this time"
)
@@ -127,12 +139,12 @@ class _ECDSAVerificationContext(object):
class _EllipticCurvePrivateKey(object):
def __init__(self, backend, ec_key_cdata, evp_pkey):
self._backend = backend
- _mark_asn1_named_ec_curve(backend, ec_key_cdata)
self._ec_key = ec_key_cdata
self._evp_pkey = evp_pkey
sn = _ec_key_curve_sn(backend, ec_key_cdata)
self._curve = _sn_to_elliptic_curve(backend, sn)
+ _mark_asn1_named_ec_curve(backend, ec_key_cdata)
curve = utils.read_only_property("_curve")
@@ -229,12 +241,12 @@ class _EllipticCurvePrivateKey(object):
class _EllipticCurvePublicKey(object):
def __init__(self, backend, ec_key_cdata, evp_pkey):
self._backend = backend
- _mark_asn1_named_ec_curve(backend, ec_key_cdata)
self._ec_key = ec_key_cdata
self._evp_pkey = evp_pkey
sn = _ec_key_curve_sn(backend, ec_key_cdata)
self._curve = _sn_to_elliptic_curve(backend, sn)
+ _mark_asn1_named_ec_curve(backend, ec_key_cdata)
curve = utils.read_only_property("_curve")