17 files changed, 107 insertions, 72 deletions

diff --git a/cryptography/hazmat/backends/interfaces.py b/cryptography/hazmat/backends/interfaces.py
index 524e0a5b..e4faf32c 100644
--- a/cryptography/hazmat/backends/interfaces.py
+++ b/cryptography/hazmat/backends/interfaces.py
@@ -196,6 +196,24 @@ class DSABackend(object):
         Return True if the parameters are supported by the backend for DSA.
         """
 
+    @abc.abstractmethod
+    def load_dsa_private_numbers(self, numbers):
+        """
+        Returns a DSAPrivateKey provider.
+        """
+
+    @abc.abstractmethod
+    def load_dsa_public_numbers(self, numbers):
+        """
+        Returns a DSAPublicKey provider.
+        """
+
+    @abc.abstractmethod
+    def load_dsa_parameter_numbers(self, numbers):
+        """
+        Returns a DSAParameters provider.
+        """
+
 
 @six.add_metaclass(abc.ABCMeta)
 class TraditionalOpenSSLSerializationBackend(object):
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index 53d92be3..2a7e3cc4 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -930,8 +930,28 @@ class Backend(object):
         if self._lib.Cryptography_HAS_EC != 1:
             return False
 
-        curves = self._supported_curves()
-        return curve.name.encode("ascii") in curves
+        try:
+            curve_nid = self._elliptic_curve_to_nid(curve)
+        except UnsupportedAlgorithm:
+            curve_nid = self._lib.NID_undef
+
+        ctx = self._lib.EC_GROUP_new_by_curve_name(curve_nid)
+
+        if ctx == self._ffi.NULL:
+            errors = self._consume_errors()
+            assert (
+                curve_nid == self._lib.NID_undef or
+                errors[0][1:] == (
+                    self._lib.ERR_LIB_EC,
+                    self._lib.EC_F_EC_GROUP_NEW_BY_CURVE_NAME,
+                    self._lib.EC_R_UNKNOWN_GROUP
+                )
+            )
+            return False
+        else:
+            assert curve_nid != self._lib.NID_undef
+            self._lib.EC_GROUP_free(ctx)
+            return True
 
     def elliptic_curve_signature_algorithm_supported(
         self, signature_algorithm, curve
@@ -952,30 +972,6 @@ class Backend(object):
 
         return self.elliptic_curve_supported(curve)
 
-    def _supported_curves(self):
-        if self._lib.Cryptography_HAS_EC != 1:
-            return []
-
-        num_curves = self._lib.EC_get_builtin_curves(self._ffi.NULL, 0)
-        curve_array = self._ffi.new("EC_builtin_curve[]", num_curves)
-        num_curves_assigned = self._lib.EC_get_builtin_curves(
-            curve_array, num_curves)
-        assert num_curves == num_curves_assigned
-
-        curves = [
-            self._ffi.string(self._lib.OBJ_nid2sn(curve.nid)).decode()
-            for curve in curve_array
-        ]
-
-        curve_aliases = {
-            "prime192v1": "secp192r1",
-            "prime256v1": "secp256r1"
-        }
-        return [
-            curve_aliases.get(curve, curve)
-            for curve in curves
-        ]
-
     def _create_ecdsa_signature_ctx(self, private_key, ecdsa):
         return _ECDSASignatureContext(self, private_key, ecdsa.algorithm)
 
@@ -2014,7 +2010,7 @@ def _truncate_digest_for_ecdsa(ec_key_cdata, digest, backend):
         mask = 0xFF >> rshift << rshift
 
         # Set the bottom rshift bits to 0
-        digest = digest[:-1] + six.int2byte(six.byte2int(digest[-1]) & mask)
+        digest = digest[:-1] + six.int2byte(six.indexbytes(digest, -1) & mask)
 
     return digest
 
diff --git a/cryptography/hazmat/bindings/commoncrypto/common_cryptor.py b/cryptography/hazmat/bindings/commoncrypto/common_cryptor.py
index 9bd03a7c..713bc566 100644
--- a/cryptography/hazmat/bindings/commoncrypto/common_cryptor.py
+++ b/cryptography/hazmat/bindings/commoncrypto/common_cryptor.py
@@ -101,7 +101,7 @@ MACROS = """
 """
 
 CUSTOMIZATIONS = """
-// Not defined in the public header
+/* Not defined in the public header */
 enum {
     kCCModeGCM = 11
 };
diff --git a/cryptography/hazmat/bindings/openssl/aes.py b/cryptography/hazmat/bindings/openssl/aes.py
index 58ef0cf1..e4071523 100644
--- a/cryptography/hazmat/bindings/openssl/aes.py
+++ b/cryptography/hazmat/bindings/openssl/aes.py
@@ -49,7 +49,7 @@ void AES_ctr128_encrypt(const unsigned char *, unsigned char *,
 """
 
 CUSTOMIZATIONS = """
-// OpenSSL 0.9.8h+
+/* OpenSSL 0.9.8h+ */
 #if OPENSSL_VERSION_NUMBER >= 0x0090808fL
 static const long Cryptography_HAS_AES_WRAP = 1;
 #else
diff --git a/cryptography/hazmat/bindings/openssl/cms.py b/cryptography/hazmat/bindings/openssl/cms.py
index a3760f2c..cbf4b283 100644
--- a/cryptography/hazmat/bindings/openssl/cms.py
+++ b/cryptography/hazmat/bindings/openssl/cms.py
@@ -15,8 +15,8 @@ from __future__ import absolute_import, division, print_function
 
 INCLUDES = """
 #if !defined(OPENSSL_NO_CMS) && OPENSSL_VERSION_NUMBER >= 0x0090808fL
-// The next define should really be in the OpenSSL header, but it is missing.
-// Failing to include this on Windows causes compilation failures.
+/* The next define should really be in the OpenSSL header, but it is missing.
+   Failing to include this on Windows causes compilation failures. */
 #if defined(OPENSSL_SYS_WINDOWS)
 #include <windows.h>
 #endif
diff --git a/cryptography/hazmat/bindings/openssl/dh.py b/cryptography/hazmat/bindings/openssl/dh.py
index a0f99479..e2e8976e 100644
--- a/cryptography/hazmat/bindings/openssl/dh.py
+++ b/cryptography/hazmat/bindings/openssl/dh.py
@@ -19,13 +19,13 @@ INCLUDES = """
 
 TYPES = """
 typedef struct dh_st {
-    // prime number (shared)
+    /* Prime number (shared) */
     BIGNUM *p;
-    // generator of Z_p (shared)
+    /* Generator of Z_p (shared) */
     BIGNUM *g;
-    // private DH value x
+    /* Private DH value x */
     BIGNUM *priv_key;
-    // public DH value g^x
+    /* Public DH value g^x */
     BIGNUM *pub_key;
     ...;
 } DH;
diff --git a/cryptography/hazmat/bindings/openssl/dsa.py b/cryptography/hazmat/bindings/openssl/dsa.py
index 7db03326..c9aa8882 100644
--- a/cryptography/hazmat/bindings/openssl/dsa.py
+++ b/cryptography/hazmat/bindings/openssl/dsa.py
@@ -19,15 +19,15 @@ INCLUDES = """
 
 TYPES = """
 typedef struct dsa_st {
-    // prime number (public)
+    /* Prime number (public) */
     BIGNUM *p;
-    // 160-bit subprime, q | p-1 (public)
+    /* Subprime (160-bit, q | p-1, public) */
     BIGNUM *q;
-    // generator of subgroup (public)
+    /* Generator of subgroup (public) */
     BIGNUM *g;
-    // private key x
+    /* Private key x */
     BIGNUM *priv_key;
-    // public key y = g^x
+    /* Public key y = g^x */
     BIGNUM *pub_key;
     ...;
 } DSA;
diff --git a/cryptography/hazmat/bindings/openssl/err.py b/cryptography/hazmat/bindings/openssl/err.py
index 8ed97d0b..232060a2 100644
--- a/cryptography/hazmat/bindings/openssl/err.py
+++ b/cryptography/hazmat/bindings/openssl/err.py
@@ -21,6 +21,7 @@ TYPES = """
 static const int Cryptography_HAS_REMOVE_THREAD_STATE;
 static const int Cryptography_HAS_098H_ERROR_CODES;
 static const int Cryptography_HAS_098C_CAMELLIA_CODES;
+static const int Cryptography_HAS_EC_CODES;
 
 struct ERR_string_data_st {
     unsigned long error;
@@ -29,6 +30,7 @@ struct ERR_string_data_st {
 typedef struct ERR_string_data_st ERR_STRING_DATA;
 
 static const int ERR_LIB_EVP;
+static const int ERR_LIB_EC;
 static const int ERR_LIB_PEM;
 static const int ERR_LIB_ASN1;
 static const int ERR_LIB_RSA;
@@ -172,6 +174,10 @@ static const int EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM;
 static const int EVP_R_WRONG_FINAL_BLOCK_LENGTH;
 static const int EVP_R_WRONG_PUBLIC_KEY_TYPE;
 
+static const int EC_F_EC_GROUP_NEW_BY_CURVE_NAME;
+
+static const int EC_R_UNKNOWN_GROUP;
+
 static const int PEM_F_D2I_PKCS8PRIVATEKEY_BIO;
 static const int PEM_F_D2I_PKCS8PRIVATEKEY_FP;
 static const int PEM_F_DO_PK8PKEY;
@@ -284,7 +290,7 @@ typedef uint32_t CRYPTO_THREADID;
 void (*ERR_remove_thread_state)(const CRYPTO_THREADID *) = NULL;
 #endif
 
-// OpenSSL 0.9.8h+
+/* OpenSSL 0.9.8h+ */
 #if OPENSSL_VERSION_NUMBER >= 0x0090808fL
 static const long Cryptography_HAS_098H_ERROR_CODES = 1;
 #else
@@ -298,7 +304,7 @@ static const int ASN1_R_NO_MULTIPART_BODY_FAILURE = 0;
 static const int ASN1_R_NO_MULTIPART_BOUNDARY = 0;
 #endif
 
-// OpenSSL 0.9.8c+
+/* OpenSSL 0.9.8c+ */
 #ifdef EVP_F_CAMELLIA_INIT_KEY
 static const long Cryptography_HAS_098C_CAMELLIA_CODES = 1;
 #else
@@ -306,6 +312,15 @@ static const long Cryptography_HAS_098C_CAMELLIA_CODES = 0;
 static const int EVP_F_CAMELLIA_INIT_KEY = 0;
 static const int EVP_R_CAMELLIA_KEY_SETUP_FAILED = 0;
 #endif
+
+// OpenSSL without EC. e.g. RHEL
+#ifndef OPENSSL_NO_EC
+static const long Cryptography_HAS_EC_CODES = 1;
+#else
+static const long Cryptography_HAS_EC_CODES = 0;
+static const int EC_R_UNKNOWN_GROUP = 0;
+static const int EC_F_EC_GROUP_NEW_BY_CURVE_NAME = 0;
+#endif
 """
 
 CONDITIONAL_NAMES = {
@@ -324,5 +339,9 @@ CONDITIONAL_NAMES = {
     "Cryptography_HAS_098C_CAMELLIA_CODES": [
         "EVP_F_CAMELLIA_INIT_KEY",
         "EVP_R_CAMELLIA_KEY_SETUP_FAILED"
+    ],
+    "Cryptography_HAS_EC_CODES": [
+        "EC_R_UNKNOWN_GROUP",
+        "EC_F_EC_GROUP_NEW_BY_CURVE_NAME"
     ]
 }
diff --git a/cryptography/hazmat/bindings/openssl/evp.py b/cryptography/hazmat/bindings/openssl/evp.py
index b3d958e6..11834509 100644
--- a/cryptography/hazmat/bindings/openssl/evp.py
+++ b/cryptography/hazmat/bindings/openssl/evp.py
@@ -139,7 +139,8 @@ int PKCS5_PBKDF2_HMAC(const char *, int, const unsigned char *, int, int,
 
 int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *, const EVP_MD *);
 
-// not macros but must be in this section since they're not available in 0.9.8
+/* These aren't macros, but must be in this section because they're not
+   available in 0.9.8. */
 EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *, ENGINE *);
 EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int, ENGINE *);
 EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *);
diff --git a/cryptography/hazmat/bindings/openssl/nid.py b/cryptography/hazmat/bindings/openssl/nid.py
index ea6fd4d6..7fa08660 100644
--- a/cryptography/hazmat/bindings/openssl/nid.py
+++ b/cryptography/hazmat/bindings/openssl/nid.py
@@ -193,7 +193,7 @@ MACROS = """
 """
 
 CUSTOMIZATIONS = """
-// OpenSSL 0.9.8g+
+/* OpenSSL 0.9.8g+ */
 #if OPENSSL_VERSION_NUMBER >= 0x0090807fL
 static const long Cryptography_HAS_ECDSA_SHA2_NIDS = 1;
 #else
diff --git a/cryptography/hazmat/bindings/openssl/rsa.py b/cryptography/hazmat/bindings/openssl/rsa.py
index c6356101..cb8e701e 100644
--- a/cryptography/hazmat/bindings/openssl/rsa.py
+++ b/cryptography/hazmat/bindings/openssl/rsa.py
@@ -80,7 +80,7 @@ CUSTOMIZATIONS = """
 #if OPENSSL_VERSION_NUMBER >= 0x10000000
 static const long Cryptography_HAS_PSS_PADDING = 1;
 #else
-// see evp.py for the definition of Cryptography_HAS_PKEY_CTX
+/* see evp.py for the definition of Cryptography_HAS_PKEY_CTX */
 static const long Cryptography_HAS_PSS_PADDING = 0;
 int (*EVP_PKEY_CTX_set_rsa_padding)(EVP_PKEY_CTX *, int) = NULL;
 int (*EVP_PKEY_CTX_set_rsa_pss_saltlen)(EVP_PKEY_CTX *, int) = NULL;
diff --git a/cryptography/hazmat/bindings/openssl/ssl.py b/cryptography/hazmat/bindings/openssl/ssl.py
index 018a1413..7d805e78 100644
--- a/cryptography/hazmat/bindings/openssl/ssl.py
+++ b/cryptography/hazmat/bindings/openssl/ssl.py
@@ -456,7 +456,7 @@ static const long Cryptography_HAS_SSL_OP_NO_TICKET = 0;
 const long SSL_OP_NO_TICKET = 0;
 #endif
 
-// OpenSSL 0.9.8f+
+/* OpenSSL 0.9.8f+ */
 #if OPENSSL_VERSION_NUMBER >= 0x00908070L
 static const long Cryptography_HAS_SSL_SET_SSL_CTX = 1;
 #else
@@ -483,7 +483,7 @@ static const long Cryptography_HAS_NETBSD_D1_METH = 1;
 static const long Cryptography_HAS_NETBSD_D1_METH = 1;
 #endif
 
-// Workaround for #794 caused by cffi const** bug.
+/* Workaround for #794 caused by cffi const** bug. */
 const SSL_METHOD* Cryptography_SSL_CTX_get_method(const SSL_CTX* ctx) {
     return ctx->method;
 }
@@ -519,7 +519,7 @@ void (*SSL_get0_next_proto_negotiated)(const SSL *,
 static const long Cryptography_HAS_NEXTPROTONEG = 1;
 #endif
 
-// ALPN was added in OpenSSL 1.0.2.
+/* ALPN was added in OpenSSL 1.0.2. */
 #if OPENSSL_VERSION_NUMBER < 0x10002001L
 int (*SSL_CTX_set_alpn_protos)(SSL_CTX *,
                                const unsigned char*,
diff --git a/cryptography/hazmat/bindings/openssl/x509.py b/cryptography/hazmat/bindings/openssl/x509.py
index cf38df32..b74c118b 100644
--- a/cryptography/hazmat/bindings/openssl/x509.py
+++ b/cryptography/hazmat/bindings/openssl/x509.py
@@ -245,7 +245,7 @@ int i2d_ECPrivateKey_bio(BIO *, EC_KEY *);
 """
 
 CUSTOMIZATIONS = """
-// OpenSSL 0.9.8e does not have this definition
+/* OpenSSL 0.9.8e does not have this definition. */
 #if OPENSSL_VERSION_NUMBER <= 0x0090805fL
 typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS;
 #endif
diff --git a/cryptography/hazmat/bindings/openssl/x509_vfy.py b/cryptography/hazmat/bindings/openssl/x509_vfy.py
index ed35b1bc..a53716b0 100644
--- a/cryptography/hazmat/bindings/openssl/x509_vfy.py
+++ b/cryptography/hazmat/bindings/openssl/x509_vfy.py
@@ -45,7 +45,7 @@ typedef ... X509_VERIFY_PARAM;
    as longs, just in case they ever grow to large, such as what we saw
    with OP_ALL. */
 
-// Verification error codes
+/* Verification error codes */
 static const int X509_V_OK;
 static const int X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;
 static const int X509_V_ERR_UNABLE_TO_GET_CRL;
@@ -110,7 +110,7 @@ static const int X509_V_ERR_EMAIL_MISMATCH;
 static const int X509_V_ERR_IP_ADDRESS_MISMATCH;
 static const int X509_V_ERR_APPLICATION_VERIFICATION;
 
-// Verification parameters
+/* Verification parameters */
 static const long X509_V_FLAG_CB_ISSUER_CHECK;
 static const long X509_V_FLAG_USE_CHECK_TIME;
 static const long X509_V_FLAG_CRL_CHECK;
@@ -136,12 +136,12 @@ static const long X509_V_FLAG_PARTIAL_CHAIN;
 FUNCTIONS = """
 int X509_verify_cert(X509_STORE_CTX *);
 
-// X509_STORE
+/* X509_STORE */
 X509_STORE *X509_STORE_new(void);
 void X509_STORE_free(X509_STORE *);
 int X509_STORE_add_cert(X509_STORE *, X509 *);
 
-// X509_STORE_CTX
+/* X509_STORE_CTX */
 X509_STORE_CTX *X509_STORE_CTX_new(void);
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *);
 void X509_STORE_CTX_free(X509_STORE_CTX *);
@@ -165,7 +165,7 @@ X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *);
 int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *, int, void *);
 void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *, int);
 
-// X509_VERIFY_PARAM
+/* X509_VERIFY_PARAM */
 X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void);
 int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *, unsigned long);
 int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *, unsigned long);
@@ -181,11 +181,11 @@ int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *);
 """
 
 MACROS = """
-// X509_STORE_CTX
+/* X509_STORE_CTX */
 void X509_STORE_CTX_set0_crls(X509_STORE_CTX *,
                               Cryptography_STACK_OF_X509_CRL *);
 
-// X509_VERIFY_PARAM
+/* X509_VERIFY_PARAM */
 int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *, const unsigned char *,
                                 size_t);
 void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *, unsigned int);
@@ -197,7 +197,7 @@ int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *, const char *);
 """
 
 CUSTOMIZATIONS = """
-// OpenSSL 1.0.2+, but only some very new releases
+/* OpenSSL 1.0.2+, but only some very new releases */
 #ifdef X509_VERIFY_PARAM_set_hostflags
 static const long Cryptography_HAS_X509_VERIFY_PARAM_SET_HOSTFLAGS = 1;
 #else
@@ -206,7 +206,7 @@ void (*X509_VERIFY_PARAM_set_hostflags)(X509_VERIFY_PARAM *,
                                         unsigned int) = NULL;
 #endif
 
-// OpenSSL 1.0.2+ verification error codes
+/* OpenSSL 1.0.2+ verification error codes */
 #if OPENSSL_VERSION_NUMBER >= 0x10002000L
 static const long Cryptography_HAS_102_VERIFICATION_ERROR_CODES = 1;
 #else
@@ -222,12 +222,13 @@ static const long X509_V_ERR_EMAIL_MISMATCH = 0;
 static const long X509_V_ERR_IP_ADDRESS_MISMATCH = 0;
 #endif
 
-// OpenSSL 1.0.2+ verification parameters
+/* OpenSSL 1.0.2+ verification parameters */
 #if OPENSSL_VERSION_NUMBER >= 0x10002000L
 static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 1;
 #else
 static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 0;
-// X509_V_FLAG_TRUSTED_FIRST is also new in 1.0.2, but added separately below
+/* X509_V_FLAG_TRUSTED_FIRST is also new in 1.0.2+, but it is added separately
+   below because it shows up in some earlier 3rd party OpenSSL packages. */
 static const long X509_V_FLAG_SUITEB_128_LOS_ONLY = 0;
 static const long X509_V_FLAG_SUITEB_192_LOS = 0;
 static const long X509_V_FLAG_SUITEB_128_LOS = 0;
@@ -242,7 +243,7 @@ int (*X509_VERIFY_PARAM_set1_ip)(X509_VERIFY_PARAM *, const unsigned char *,
 int (*X509_VERIFY_PARAM_set1_ip_asc)(X509_VERIFY_PARAM *, const char *) = NULL;
 #endif
 
-// OpenSSL 1.0.2+, *or* Fedora 20's flavor of OpenSSL 1.0.1e...
+/* OpenSSL 1.0.2+, *or* Fedora 20's flavor of OpenSSL 1.0.1e... */
 #ifdef X509_V_FLAG_TRUSTED_FIRST
 static const long Cryptography_HAS_X509_V_FLAG_TRUSTED_FIRST = 1;
 #else
@@ -250,7 +251,7 @@ static const long Cryptography_HAS_X509_V_FLAG_TRUSTED_FIRST = 0;
 static const long X509_V_FLAG_TRUSTED_FIRST = 0;
 #endif
 
-// OpenSSL 1.0.0+ verification error codes
+/* OpenSSL 1.0.0+ verification error codes */
 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
 static const long Cryptography_HAS_100_VERIFICATION_ERROR_CODES = 1;
 #else
@@ -266,7 +267,7 @@ static const long X509_V_ERR_UNSUPPORTED_NAME_SYNTAX = 0;
 static const long X509_V_ERR_CRL_PATH_VALIDATION_ERROR = 0;
 #endif
 
-// OpenSSL 1.0.0+ verification parameters
+/* OpenSSL 1.0.0+ verification parameters */
 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
 static const long Cryptography_HAS_100_VERIFICATION_PARAMS = 1;
 #else
@@ -275,7 +276,7 @@ static const long X509_V_FLAG_EXTENDED_CRL_SUPPORT = 0;
 static const long X509_V_FLAG_USE_DELTAS = 0;
 #endif
 
-// OpenSSL 0.9.8recent+
+/* OpenSSL 0.9.8recent+ */
 #ifdef X509_V_FLAG_CHECK_SS_SIGNATURE
 static const long Cryptography_HAS_X509_V_FLAG_CHECK_SS_SIGNATURE = 1;
 #else
diff --git a/cryptography/hazmat/primitives/asymmetric/rsa.py b/cryptography/hazmat/primitives/asymmetric/rsa.py
index fc117cd4..15ec52ac 100644
--- a/cryptography/hazmat/primitives/asymmetric/rsa.py
+++ b/cryptography/hazmat/primitives/asymmetric/rsa.py
@@ -377,6 +377,9 @@ class RSAPrivateNumbers(object):
     def public_numbers(self):
         return self._public_numbers
 
+    def private_key(self, backend):
+        return backend.load_rsa_private_numbers(self)
+
 
 class RSAPublicNumbers(object):
     def __init__(self, e, n):
@@ -396,3 +399,6 @@ class RSAPublicNumbers(object):
     @property
     def n(self):
         return self._n
+
+    def public_key(self, backend):
+        return backend.load_rsa_public_numbers(self)
diff --git a/cryptography/hazmat/primitives/interfaces.py b/cryptography/hazmat/primitives/interfaces.py
index 71852562..dd901aae 100644
--- a/cryptography/hazmat/primitives/interfaces.py
+++ b/cryptography/hazmat/primitives/interfaces.py
@@ -212,6 +212,7 @@ class RSAPrivateKey(object):
 
 @six.add_metaclass(abc.ABCMeta)
 class RSAPrivateKeyWithNumbers(RSAPrivateKey):
+    @abc.abstractmethod
     def private_numbers(self):
         """
         Returns an RSAPrivateNumbers.
@@ -241,6 +242,7 @@ class RSAPublicKey(object):
 
 @six.add_metaclass(abc.ABCMeta)
 class RSAPublicKeyWithNumbers(RSAPublicKey):
+    @abc.abstractmethod
     def public_numbers(self):
         """
         Returns an RSAPublicNumbers
diff --git a/cryptography/hazmat/primitives/serialization.py b/cryptography/hazmat/primitives/serialization.py
index 056d4a06..ed73c4c4 100644
--- a/cryptography/hazmat/primitives/serialization.py
+++ b/cryptography/hazmat/primitives/serialization.py
@@ -24,11 +24,3 @@ def load_pem_pkcs8_private_key(data, password, backend):
     return backend.load_pkcs8_pem_private_key(
         data, password
     )
-
-
-def load_rsa_private_numbers(numbers, backend):
-    return backend.load_rsa_private_numbers(numbers)
-
-
-def load_rsa_public_numbers(numbers, backend):
-    return backend.load_rsa_public_numbers(numbers)