deprecate encode_point and migrate all internal callers (#4720)

author: Paul Kehrer <paul.l.kehrer@gmail.com> 2019-01-20 17:24:41 -0600
committer: Alex Gaynor <alex.gaynor@gmail.com> 2019-01-20 17:24:41 -0600
commit: 2de450a2166e6a390f2d9e121b3d660b049b1807 (patch)
tree: eae6eb157b62d6181364bbdeaf490aa48d9648d9
parent: a07b1f5463361570c3248c1096ffd8b3bff0bfa5 (diff)
download: cryptography-2de450a2166e6a390f2d9e121b3d660b049b1807.tar.gz
cryptography-2de450a2166e6a390f2d9e121b3d660b049b1807.tar.bz2
cryptography-2de450a2166e6a390f2d9e121b3d660b049b1807.zip
6 files changed, 28 insertions, 4 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 88e2aaf5..d77cf15c 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -50,7 +50,8 @@ Changelog
   :meth:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PublicKey.public_bytes`
   with no arguments has been deprecated.
 * Added support for encoding compressed and uncompressed points via
-  :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.public_bytes`.
+  :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.public_bytes`. Deprecated the previous method
+  :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers.encode_point`.
 
 
 .. _v2-4-2:
diff --git a/docs/hazmat/primitives/asymmetric/ec.rst b/docs/hazmat/primitives/asymmetric/ec.rst
index a356dcaa..d89fde3d 100644
--- a/docs/hazmat/primitives/asymmetric/ec.rst
+++ b/docs/hazmat/primitives/asymmetric/ec.rst
@@ -194,6 +194,12 @@ Elliptic Curve Signature Algorithms
 
     .. method:: encode_point()
 
+        .. warning::
+
+            This method is deprecated as of version 2.5. Callers should migrate
+            to using
+            :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.public_bytes`.
+
         .. versionadded:: 1.1
 
         Encodes an elliptic curve point to a byte string as described in
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index b5232ba0..64a91f03 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -1885,10 +1885,15 @@ class Backend(object):
                     "Only SECP256R1, SECP384R1, and SECP521R1 curves are "
                     "supported by the SSH public key format"
                 )
+
+            point = key.public_bytes(
+                serialization.Encoding.X962,
+                serialization.PublicFormat.UncompressedPoint
+            )
             return b"ecdsa-sha2-" + curve_name + b" " + base64.b64encode(
                 ssh._ssh_write_string(b"ecdsa-sha2-" + curve_name) +
                 ssh._ssh_write_string(curve_name) +
-                ssh._ssh_write_string(public_numbers.encode_point())
+                ssh._ssh_write_string(point)
             )
 
     def _parameter_bytes(self, encoding, format, cdata):
diff --git a/src/cryptography/hazmat/primitives/asymmetric/ec.py b/src/cryptography/hazmat/primitives/asymmetric/ec.py
index c93cc090..1de0976a 100644
--- a/src/cryptography/hazmat/primitives/asymmetric/ec.py
+++ b/src/cryptography/hazmat/primitives/asymmetric/ec.py
@@ -359,6 +359,14 @@ class EllipticCurvePublicNumbers(object):
         return backend.load_elliptic_curve_public_numbers(self)
 
     def encode_point(self):
+        warnings.warn(
+            "encode_point has been deprecated on EllipticCurvePublicNumbers"
+            " and will be removed in a future version. Please use "
+            "EllipticCurvePublicKey.public_bytes to obtain both "
+            "compressed and uncompressed point encoding.",
+            utils.DeprecatedIn25,
+            stacklevel=2,
+        )
         # key_size is in bits. Convert to bytes and round up
         byte_length = (self.curve.key_size + 7) // 8
         return (
diff --git a/src/cryptography/x509/extensions.py b/src/cryptography/x509/extensions.py
index bdd445d9..88afa310 100644
--- a/src/cryptography/x509/extensions.py
+++ b/src/cryptography/x509/extensions.py
@@ -35,7 +35,10 @@ def _key_identifier_from_public_key(public_key):
             serialization.PublicFormat.PKCS1,
         )
     elif isinstance(public_key, EllipticCurvePublicKey):
-        data = public_key.public_numbers().encode_point()
+        data = public_key.public_bytes(
+            serialization.Encoding.X962,
+            serialization.PublicFormat.UncompressedPoint
+        )
     else:
         # This is a very slow way to do this.
         serialized = public_key.public_bytes(
diff --git a/tests/hazmat/primitives/test_ec.py b/tests/hazmat/primitives/test_ec.py
index 471ef267..7a6d6aff 100644
--- a/tests/hazmat/primitives/test_ec.py
+++ b/tests/hazmat/primitives/test_ec.py
@@ -175,7 +175,8 @@ def test_encode_point():
         16
     )
     pn = ec.EllipticCurvePublicNumbers(x, y, ec.SECP256R1())
-    data = pn.encode_point()
+    with pytest.warns(utils.DeprecatedIn25):
+        data = pn.encode_point()
     assert data == binascii.unhexlify(
         "04233ea3b0027127084cd2cd336a13aeef69c598d8af61369a36454a17c6c22ae"
         "c3ea2c10a84153862be4ec82940f0543f9ba866af9751a6ee79d38460b35f442e"
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2019-01-20 17:24:41 -0600
committer	Alex Gaynor <alex.gaynor@gmail.com>	2019-01-20 17:24:41 -0600
commit	2de450a2166e6a390f2d9e121b3d660b049b1807 (patch)
tree	eae6eb157b62d6181364bbdeaf490aa48d9648d9
parent	a07b1f5463361570c3248c1096ffd8b3bff0bfa5 (diff)
download	cryptography-2de450a2166e6a390f2d9e121b3d660b049b1807.tar.gz cryptography-2de450a2166e6a390f2d9e121b3d660b049b1807.tar.bz2 cryptography-2de450a2166e6a390f2d9e121b3d660b049b1807.zip