support DER serialization of public keys

4 files changed, 13 insertions, 11 deletions

diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index f33aba95..25cce6e9 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -1184,8 +1184,7 @@ class Backend(object):
         assert res == 1
         return self._read_mem_bio(bio)
 
-    def _public_key_bytes(self, encoding, format, pkcs1_write_func, evp_pkey,
-                          cdata):
+    def _public_key_bytes(self, encoding, format, evp_pkey, cdata):
         if not isinstance(encoding, serialization.Encoding):
             raise TypeError("encoding must be an item from the Encoding enum")
 
@@ -1194,15 +1193,21 @@ class Backend(object):
                 "format must be an item from the PublicFormat enum"
             )
 
-        # This is a temporary check until we land DER serialization.
-        if encoding is not serialization.Encoding.PEM:
-            raise ValueError("Only PEM encoding is supported by this backend")
-
         if format is serialization.PublicFormat.SubjectPublicKeyInfo:
-            write_bio = self._lib.PEM_write_bio_PUBKEY
+            if encoding is serialization.Encoding.PEM:
+                write_bio = self._lib.PEM_write_bio_PUBKEY
+            elif encoding is serialization.Encoding.DER:
+                write_bio = self._lib.i2d_PUBKEY_bio
+
             key = evp_pkey
         elif format is serialization.PublicFormat.PKCS1:
-            write_bio = pkcs1_write_func
+            # Only RSA is supported here.
+            assert evp_pkey.type == self._lib.EVP_PKEY_RSA
+            if encoding is serialization.Encoding.PEM:
+                write_bio = self._lib.PEM_write_bio_RSAPublicKey
+            elif encoding is serialization.Encoding.DER:
+                write_bio = self._lib.i2d_RSAPublicKey_bio
+
             key = cdata
 
         bio = self._create_mem_bio()
diff --git a/src/cryptography/hazmat/backends/openssl/dsa.py b/src/cryptography/hazmat/backends/openssl/dsa.py
index 0089f58c..4e9ab3df 100644
--- a/src/cryptography/hazmat/backends/openssl/dsa.py
+++ b/src/cryptography/hazmat/backends/openssl/dsa.py
@@ -225,7 +225,6 @@ class _DSAPublicKey(object):
         return self._backend._public_key_bytes(
             encoding,
             format,
-            None,
             evp_pkey,
             None
         )
diff --git a/src/cryptography/hazmat/backends/openssl/ec.py b/src/cryptography/hazmat/backends/openssl/ec.py
index 39b0a555..76c529db 100644
--- a/src/cryptography/hazmat/backends/openssl/ec.py
+++ b/src/cryptography/hazmat/backends/openssl/ec.py
@@ -279,7 +279,6 @@ class _EllipticCurvePublicKey(object):
         return self._backend._public_key_bytes(
             encoding,
             format,
-            None,
             evp_pkey,
             None
         )
diff --git a/src/cryptography/hazmat/backends/openssl/rsa.py b/src/cryptography/hazmat/backends/openssl/rsa.py
index 25168c2f..8aafa8a7 100644
--- a/src/cryptography/hazmat/backends/openssl/rsa.py
+++ b/src/cryptography/hazmat/backends/openssl/rsa.py
@@ -609,7 +609,6 @@ class _RSAPublicKey(object):
         return self._backend._public_key_bytes(
             encoding,
             format,
-            self._backend._lib.PEM_write_bio_RSAPublicKey,
             self._evp_pkey,
             self._rsa_cdata
         )