aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--cryptography/hazmat/backends/openssl/backend.py69
-rw-r--r--cryptography/hazmat/backends/openssl/ec.py38
-rw-r--r--tests/hazmat/backends/test_openssl.py3
3 files changed, 56 insertions, 54 deletions
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index 582623f5..9a36674a 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -479,9 +479,7 @@ class Backend(object):
ec_cdata = self._lib.EVP_PKEY_get1_EC_KEY(evp_pkey)
assert ec_cdata != self._ffi.NULL
ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free)
- sn = self._ec_key_curve_sn(ec_cdata)
- curve = self._sn_to_elliptic_curve(sn)
- return _EllipticCurvePrivateKey(self, ec_cdata, curve)
+ return _EllipticCurvePrivateKey(self, ec_cdata)
else:
raise UnsupportedAlgorithm("Unsupported key type.")
@@ -508,25 +506,10 @@ class Backend(object):
ec_cdata = self._lib.EVP_PKEY_get1_EC_KEY(evp_pkey)
assert ec_cdata != self._ffi.NULL
ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free)
- sn = self._ec_key_curve_sn(ec_cdata)
- curve = self._sn_to_elliptic_curve(sn)
- return _EllipticCurvePublicKey(self, ec_cdata, curve)
+ return _EllipticCurvePublicKey(self, ec_cdata)
else:
raise UnsupportedAlgorithm("Unsupported key type.")
- def _ec_key_curve_sn(self, ec_key):
- group = self._lib.EC_KEY_get0_group(ec_key)
- assert group != self._ffi.NULL
-
- nid = self._lib.EC_GROUP_get_curve_name(group)
- assert nid != self._lib.NID_undef
-
- curve_name = self._lib.OBJ_nid2sn(nid)
- assert curve_name != self._ffi.NULL
-
- sn = self._ffi.string(curve_name).decode('ascii')
- return sn
-
def _pem_password_cb(self, password):
"""
Generate a pem_password_cb function pointer that copied the password to
@@ -997,17 +980,17 @@ class Backend(object):
if self.elliptic_curve_supported(curve):
curve_nid = self._elliptic_curve_to_nid(curve)
- ctx = self._lib.EC_KEY_new_by_curve_name(curve_nid)
- assert ctx != self._ffi.NULL
- ctx = self._ffi.gc(ctx, self._lib.EC_KEY_free)
+ ec_cdata = self._lib.EC_KEY_new_by_curve_name(curve_nid)
+ assert ec_cdata != self._ffi.NULL
+ ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free)
- res = self._lib.EC_KEY_generate_key(ctx)
+ res = self._lib.EC_KEY_generate_key(ec_cdata)
assert res == 1
- res = self._lib.EC_KEY_check_key(ctx)
+ res = self._lib.EC_KEY_check_key(ec_cdata)
assert res == 1
- return _EllipticCurvePrivateKey(self, ctx, curve)
+ return _EllipticCurvePrivateKey(self, ec_cdata)
else:
raise UnsupportedAlgorithm(
"Backend object does not support {0}.".format(curve.name),
@@ -1028,19 +1011,18 @@ class Backend(object):
curve_nid = self._elliptic_curve_to_nid(public.curve)
- ctx = self._lib.EC_KEY_new_by_curve_name(curve_nid)
- assert ctx != self._ffi.NULL
- ctx = self._ffi.gc(ctx, self._lib.EC_KEY_free)
+ ec_cdata = self._lib.EC_KEY_new_by_curve_name(curve_nid)
+ assert ec_cdata != self._ffi.NULL
+ ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free)
- ctx = self._ec_key_set_public_key_affine_coordinates(
- ctx, public.x, public.y)
+ ec_cdata = self._ec_key_set_public_key_affine_coordinates(
+ ec_cdata, public.x, public.y)
res = self._lib.EC_KEY_set_private_key(
- ctx, self._int_to_bn(numbers.private_value))
+ ec_cdata, self._int_to_bn(numbers.private_value))
assert res == 1
- return _EllipticCurvePrivateKey(self, ctx,
- numbers.public_numbers.curve)
+ return _EllipticCurvePrivateKey(self, ec_cdata)
def elliptic_curve_public_key_from_numbers(self, numbers):
warnings.warn(
@@ -1054,14 +1036,14 @@ class Backend(object):
def load_elliptic_curve_public_numbers(self, numbers):
curve_nid = self._elliptic_curve_to_nid(numbers.curve)
- ctx = self._lib.EC_KEY_new_by_curve_name(curve_nid)
- assert ctx != self._ffi.NULL
- ctx = self._ffi.gc(ctx, self._lib.EC_KEY_free)
+ ec_cdata = self._lib.EC_KEY_new_by_curve_name(curve_nid)
+ assert ec_cdata != self._ffi.NULL
+ ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free)
- ctx = self._ec_key_set_public_key_affine_coordinates(
- ctx, numbers.x, numbers.y)
+ ec_cdata = self._ec_key_set_public_key_affine_coordinates(
+ ec_cdata, numbers.x, numbers.y)
- return _EllipticCurvePublicKey(self, ctx, numbers.curve)
+ return _EllipticCurvePublicKey(self, ec_cdata)
def _elliptic_curve_to_nid(self, curve):
"""
@@ -1083,15 +1065,6 @@ class Backend(object):
)
return curve_nid
- def _sn_to_elliptic_curve(self, sn):
- try:
- return ec._CURVE_TYPES[sn]()
- except KeyError:
- raise UnsupportedAlgorithm(
- "{0} is not a supported elliptic curve".format(sn),
- _Reasons.UNSUPPORTED_ELLIPTIC_CURVE
- )
-
@contextmanager
def _tmp_bn_ctx(self):
bn_ctx = self._lib.BN_CTX_new()
diff --git a/cryptography/hazmat/backends/openssl/ec.py b/cryptography/hazmat/backends/openssl/ec.py
index 369b185b..9371a9a9 100644
--- a/cryptography/hazmat/backends/openssl/ec.py
+++ b/cryptography/hazmat/backends/openssl/ec.py
@@ -63,6 +63,30 @@ def _truncate_digest_for_ecdsa(ec_key_cdata, digest, backend):
return digest
+def _ec_key_curve_sn(backend, ec_key):
+ group = backend._lib.EC_KEY_get0_group(ec_key)
+ assert group != backend._ffi.NULL
+
+ nid = backend._lib.EC_GROUP_get_curve_name(group)
+ assert nid != backend._lib.NID_undef
+
+ curve_name = backend._lib.OBJ_nid2sn(nid)
+ assert curve_name != backend._ffi.NULL
+
+ sn = backend._ffi.string(curve_name).decode('ascii')
+ return sn
+
+
+def _sn_to_elliptic_curve(backend, sn):
+ try:
+ return ec._CURVE_TYPES[sn]()
+ except KeyError:
+ raise UnsupportedAlgorithm(
+ "{0} is not a supported elliptic curve".format(sn),
+ _Reasons.UNSUPPORTED_ELLIPTIC_CURVE
+ )
+
+
@utils.register_interface(interfaces.AsymmetricSignatureContext)
class _ECDSASignatureContext(object):
def __init__(self, backend, private_key, algorithm):
@@ -131,10 +155,12 @@ class _ECDSAVerificationContext(object):
@utils.register_interface(interfaces.EllipticCurvePrivateKeyWithNumbers)
class _EllipticCurvePrivateKey(object):
- def __init__(self, backend, ec_key_cdata, curve):
+ def __init__(self, backend, ec_key_cdata):
self._backend = backend
self._ec_key = ec_key_cdata
- self._curve = curve
+
+ sn = _ec_key_curve_sn(backend, ec_key_cdata)
+ self._curve = _sn_to_elliptic_curve(backend, sn)
@property
def curve(self):
@@ -169,7 +195,7 @@ class _EllipticCurvePrivateKey(object):
assert res == 1
return _EllipticCurvePublicKey(
- self._backend, public_ec_key, self._curve
+ self._backend, public_ec_key
)
def private_numbers(self):
@@ -183,10 +209,12 @@ class _EllipticCurvePrivateKey(object):
@utils.register_interface(interfaces.EllipticCurvePublicKeyWithNumbers)
class _EllipticCurvePublicKey(object):
- def __init__(self, backend, ec_key_cdata, curve):
+ def __init__(self, backend, ec_key_cdata):
self._backend = backend
self._ec_key = ec_key_cdata
- self._curve = curve
+
+ sn = _ec_key_curve_sn(backend, ec_key_cdata)
+ self._curve = _sn_to_elliptic_curve(backend, sn)
@property
def curve(self):
diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
index bfe6040e..b00543fe 100644
--- a/tests/hazmat/backends/test_openssl.py
+++ b/tests/hazmat/backends/test_openssl.py
@@ -27,6 +27,7 @@ from cryptography.exceptions import InternalError, _Reasons
from cryptography.hazmat.backends.openssl.backend import (
Backend, backend
)
+from cryptography.hazmat.backends.openssl.ec import _sn_to_elliptic_curve
from cryptography.hazmat.primitives import hashes, interfaces
from cryptography.hazmat.primitives.asymmetric import dsa, ec, padding, rsa
from cryptography.hazmat.primitives.ciphers import Cipher
@@ -509,7 +510,7 @@ class TestOpenSSLEllipticCurve(object):
def test_sn_to_elliptic_curve_not_supported(self):
with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_ELLIPTIC_CURVE):
- backend._sn_to_elliptic_curve(b"fake")
+ _sn_to_elliptic_curve(backend, b"fake")
class TestDeprecatedRSABackendMethods(object):
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-06 12:42:09 +0000