diff options
Diffstat (limited to 'src/cryptography/hazmat/backends/openssl/backend.py')
-rw-r--r-- | src/cryptography/hazmat/backends/openssl/backend.py | 46 |
1 files changed, 18 insertions, 28 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index bd414fde..19734a54 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -181,7 +181,7 @@ class Backend(object): def create_hmac_ctx(self, key, algorithm): return _HMACContext(self, key, algorithm) - def _build_openssl_digest_name(self, algorithm): + def _evp_md_from_algorithm(self, algorithm): if algorithm.name == "blake2b" or algorithm.name == "blake2s": alg = "{0}{1}".format( algorithm.name, algorithm.digest_size * 8 @@ -189,12 +189,17 @@ class Backend(object): else: alg = algorithm.name.encode("ascii") - return alg + evp_md = self._lib.EVP_get_digestbyname(alg) + return evp_md + + def _evp_md_non_null_from_algorithm(self, algorithm): + evp_md = self._evp_md_from_algorithm(algorithm) + self.openssl_assert(evp_md != self._ffi.NULL) + return evp_md def hash_supported(self, algorithm): - name = self._build_openssl_digest_name(algorithm) - digest = self._lib.EVP_get_digestbyname(name) - return digest != self._ffi.NULL + evp_md = self._evp_md_from_algorithm(algorithm) + return evp_md != self._ffi.NULL def hmac_supported(self, algorithm): return self.hash_supported(algorithm) @@ -286,9 +291,7 @@ class Backend(object): def derive_pbkdf2_hmac(self, algorithm, length, salt, iterations, key_material): buf = self._ffi.new("unsigned char[]", length) - evp_md = self._lib.EVP_get_digestbyname( - algorithm.name.encode("ascii")) - self.openssl_assert(evp_md != self._ffi.NULL) + evp_md = self._evp_md_non_null_from_algorithm(algorithm) res = self._lib.PKCS5_PBKDF2_HMAC( key_material, len(key_material), @@ -685,10 +688,7 @@ class Backend(object): ) # Resolve the signature algorithm. - evp_md = self._lib.EVP_get_digestbyname( - algorithm.name.encode('ascii') - ) - self.openssl_assert(evp_md != self._ffi.NULL) + evp_md = self._evp_md_non_null_from_algorithm(algorithm) # Create an empty request. x509_req = self._lib.X509_REQ_new() @@ -767,10 +767,7 @@ class Backend(object): ) # Resolve the signature algorithm. - evp_md = self._lib.EVP_get_digestbyname( - algorithm.name.encode('ascii') - ) - self.openssl_assert(evp_md != self._ffi.NULL) + evp_md = self._evp_md_non_null_from_algorithm(algorithm) # Create an empty certificate. x509_cert = self._lib.X509_new() @@ -875,10 +872,7 @@ class Backend(object): "MD5 is not a supported hash algorithm for EC/DSA CRLs" ) - evp_md = self._lib.EVP_get_digestbyname( - algorithm.name.encode('ascii') - ) - self.openssl_assert(evp_md != self._ffi.NULL) + evp_md = self._evp_md_non_null_from_algorithm(algorithm) # Create an empty CRL. x509_crl = self._lib.X509_CRL_new() @@ -1452,9 +1446,7 @@ class Backend(object): self.openssl_assert(ocsp_req != self._ffi.NULL) ocsp_req = self._ffi.gc(ocsp_req, self._lib.OCSP_REQUEST_free) cert, issuer, algorithm = builder._request - evp_md = self._lib.EVP_get_digestbyname( - algorithm.name.encode("ascii")) - self.openssl_assert(evp_md != self._ffi.NULL) + evp_md = self._evp_md_non_null_from_algorithm(algorithm) certid = self._lib.OCSP_cert_to_id( evp_md, cert._x509, issuer._x509 ) @@ -1474,10 +1466,9 @@ class Backend(object): basic = self._lib.OCSP_BASICRESP_new() self.openssl_assert(basic != self._ffi.NULL) basic = self._ffi.gc(basic, self._lib.OCSP_BASICRESP_free) - evp_md = self._lib.EVP_get_digestbyname( - builder._response._algorithm.name.encode("ascii") + evp_md = self._evp_md_non_null_from_algorithm( + builder._response._algorithm ) - self.openssl_assert(evp_md != self._ffi.NULL) certid = self._lib.OCSP_cert_to_id( evp_md, builder._response._cert._x509, builder._response._issuer._x509 @@ -1516,8 +1507,7 @@ class Backend(object): ) self.openssl_assert(res != self._ffi.NULL) # okay, now sign the basic structure - evp_md = self._lib.EVP_get_digestbyname(algorithm.name.encode("ascii")) - self.openssl_assert(evp_md != self._ffi.NULL) + evp_md = self._evp_md_non_null_from_algorithm(algorithm) responder_cert, responder_encoding = builder._responder_id flags = self._lib.OCSP_NOCERTS if responder_encoding is ocsp.OCSPResponderEncoding.HASH: |