support "PKCS1" RSA public keys

author: Paul Kehrer <paul.l.kehrer@gmail.com> 2015-03-02 15:18:14 -0600
committer: Paul Kehrer <paul.l.kehrer@gmail.com> 2015-03-05 16:01:40 -0600
commit: c5cdc4ef541f5db74fd899cd32c458797ad9ea37 (patch)
tree: 548708c0240509ec6dab8f77f6e6ffc1b7f6bdf9 /src
parent: 7bdb2d8a1f4c8837f06d7f78a04d18c6ac3e5240 (diff)
download: cryptography-c5cdc4ef541f5db74fd899cd32c458797ad9ea37.tar.gz
cryptography-c5cdc4ef541f5db74fd899cd32c458797ad9ea37.tar.bz2
cryptography-c5cdc4ef541f5db74fd899cd32c458797ad9ea37.zip
1 files changed, 36 insertions, 10 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index de653032..613931f7 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -690,12 +690,27 @@ class Backend(object):
         )
 
     def load_pem_public_key(self, data):
-        return self._load_key(
-            self._lib.PEM_read_bio_PUBKEY,
-            self._evp_pkey_to_public_key,
-            data,
-            None,
+        mem_bio = self._bytes_to_bio(data)
+        evp_pkey = self._lib.PEM_read_bio_PUBKEY(
+            mem_bio.bio, self._ffi.NULL, self._ffi.NULL, self._ffi.NULL
         )
+        if evp_pkey != self._ffi.NULL:
+            evp_pkey = self._ffi.gc(evp_pkey, self._lib.EVP_PKEY_free)
+            return self._evp_pkey_to_public_key(evp_pkey)
+        else:
+            # It's not a (RSA/DSA/ECDSA) subjectPublicKeyInfo, but we still
+            # need to check to see if it is a pure PKCS1 RSA public key (not
+            # embedded in a subjectPublicKeyInfo)
+            self._consume_errors()
+            res = self._lib.BIO_reset(mem_bio.bio)
+            assert res == 1
+            rsa_cdata = self._lib.PEM_read_bio_RSAPublicKey(
+                mem_bio.bio, self._ffi.NULL, self._ffi.NULL, self._ffi.NULL
+            )
+            if rsa_cdata != self._ffi.NULL:
+                return _RSAPublicKey(self, rsa_cdata)
+            else:
+                self._handle_key_loading_error()
 
     def load_der_private_key(self, data, password):
         # OpenSSL has a function called d2i_AutoPrivateKey that can simplify
@@ -760,12 +775,23 @@ class Backend(object):
     def load_der_public_key(self, data):
         mem_bio = self._bytes_to_bio(data)
         evp_pkey = self._lib.d2i_PUBKEY_bio(mem_bio.bio, self._ffi.NULL)
-        if evp_pkey == self._ffi.NULL:
+        if evp_pkey != self._ffi.NULL:
+            evp_pkey = self._ffi.gc(evp_pkey, self._lib.EVP_PKEY_free)
+            return self._evp_pkey_to_public_key(evp_pkey)
+        else:
+            # It's not a (RSA/DSA/ECDSA) subjectPublicKeyInfo, but we still
+            # need to check to see if it is a pure PKCS1 RSA public key (not
+            # embedded in a subjectPublicKeyInfo)
             self._consume_errors()
-            raise ValueError("Could not unserialize key data.")
-
-        evp_pkey = self._ffi.gc(evp_pkey, self._lib.EVP_PKEY_free)
-        return self._evp_pkey_to_public_key(evp_pkey)
+            res = self._lib.BIO_reset(mem_bio.bio)
+            assert res == 1
+            rsa_cdata = self._lib.d2i_RSAPublicKey_bio(
+                mem_bio.bio, self._ffi.NULL
+            )
+            if rsa_cdata != self._ffi.NULL:
+                return _RSAPublicKey(self, rsa_cdata)
+            else:
+                self._handle_key_loading_error()
 
     def load_pem_x509_certificate(self, data):
         mem_bio = self._bytes_to_bio(data)
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2015-03-02 15:18:14 -0600
committer	Paul Kehrer <paul.l.kehrer@gmail.com>	2015-03-05 16:01:40 -0600
commit	c5cdc4ef541f5db74fd899cd32c458797ad9ea37 (patch)
tree	548708c0240509ec6dab8f77f6e6ffc1b7f6bdf9 /src
parent	7bdb2d8a1f4c8837f06d7f78a04d18c6ac3e5240 (diff)
download	cryptography-c5cdc4ef541f5db74fd899cd32c458797ad9ea37.tar.gz cryptography-c5cdc4ef541f5db74fd899cd32c458797ad9ea37.tar.bz2 cryptography-c5cdc4ef541f5db74fd899cd32c458797ad9ea37.zip