diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2014-12-17 16:34:38 -0800 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2014-12-17 16:34:38 -0800 |
| commit | a165cd99894a728b4c0ee5a53f46eae25880bc73 (patch) | |
| tree | fc5a865a195840e4265fe1cfa48a0ecda90ca7c2 | |
| parent | 230174cec0a9a909bbf8e8f9137da29275d27ba9 (diff) | |
| parent | 6906582dc8526b55c597500e209527b4477e0261 (diff) | |
| download | cryptography-a165cd99894a728b4c0ee5a53f46eae25880bc73.tar.gz | |
Merge pull request #1539 from reaperhulk/move-ec-named-curve-check
move the NID_undef check for EC named curve
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/ec.py | 8 | ||||
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/x509.py | 19 |
2 files changed, 7 insertions, 20 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/ec.py b/src/cryptography/hazmat/backends/openssl/ec.py index 56b7893e8..e70c7c943 100644 --- a/src/cryptography/hazmat/backends/openssl/ec.py +++ b/src/cryptography/hazmat/backends/openssl/ec.py @@ -43,7 +43,13 @@ def _ec_key_curve_sn(backend, ec_key): assert group != backend._ffi.NULL nid = backend._lib.EC_GROUP_get_curve_name(group) - assert nid != backend._lib.NID_undef + # The following check is to find EC keys with unnamed curves and raise + # an error for now. + if nid == backend._lib.NID_undef: + raise NotImplementedError( + "ECDSA certificates with unnamed curves are unsupported " + "at this time" + ) curve_name = backend._lib.OBJ_nid2sn(nid) assert curve_name != backend._ffi.NULL diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index 0828f3cc0..66c99c9fe 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -63,25 +63,6 @@ class _Certificate(object): pkey = self._backend._lib.X509_get_pubkey(self._x509) assert pkey != self._backend._ffi.NULL pkey = self._backend._ffi.gc(pkey, self._backend._lib.EVP_PKEY_free) - # The following check is to find ECDSA certificates with unnamed - # curves and raise an error for now. - if ( - self._backend._lib.Cryptography_HAS_EC == 1 and - pkey.type == self._backend._lib.EVP_PKEY_EC - ): - ec_cdata = self._backend._lib.EVP_PKEY_get1_EC_KEY(pkey) - assert ec_cdata != self._backend._ffi.NULL - ec_cdata = self._backend._ffi.gc( - ec_cdata, self._backend._lib.EC_KEY_free - ) - group = self._backend._lib.EC_KEY_get0_group(ec_cdata) - assert group != self._backend._ffi.NULL - nid = self._backend._lib.EC_GROUP_get_curve_name(group) - if nid == self._backend._lib.NID_undef: - raise NotImplementedError( - "ECDSA certificates with unnamed curves are unsupported " - "at this time" - ) return self._backend._evp_pkey_to_public_key(pkey) |