diff options
author | Alex Stapleton <alexs@prol.etari.at> | 2014-12-13 19:58:25 +0000 |
---|---|---|
committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2014-12-17 16:10:03 -0600 |
commit | d7cc80f22f9be184e4ce61c51fd7555b127a8e32 (patch) | |
tree | d0d44f60649434c6caf5410399c80e1a87e403da | |
parent | 4d8de138910628db04a1c861303e744e7f10729a (diff) | |
download | cryptography-d7cc80f22f9be184e4ce61c51fd7555b127a8e32.tar.gz |
Set OPENSSL_EC_NAMED_CURVE on our EC_KEY instances
This means any X.509 certs generated from our keys will be encoded
along with the curve OID so that we can still load them afterwards.
-rw-r--r-- | src/cryptography/hazmat/backends/openssl/backend.py | 18 | ||||
-rw-r--r-- | src/cryptography/hazmat/backends/openssl/ec.py | 2 |
2 files changed, 20 insertions, 0 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index daccf5ca5..95e31264f 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -896,6 +896,8 @@ class Backend(object): res = self._lib.EC_KEY_check_key(ec_cdata) assert res == 1 + self._mark_asn1_named_ec_curve(ec_cdata) + return _EllipticCurvePrivateKey(self, ec_cdata) else: raise UnsupportedAlgorithm( @@ -928,6 +930,8 @@ class Backend(object): ec_cdata, self._int_to_bn(numbers.private_value)) assert res == 1 + self._mark_asn1_named_ec_curve(ec_cdata) + return _EllipticCurvePrivateKey(self, ec_cdata) def elliptic_curve_public_key_from_numbers(self, numbers): @@ -949,6 +953,8 @@ class Backend(object): ec_cdata = self._ec_key_set_public_key_affine_coordinates( ec_cdata, numbers.x, numbers.y) + self._mark_asn1_named_ec_curve(ec_cdata) + return _EllipticCurvePublicKey(self, ec_cdata) def _elliptic_curve_to_nid(self, curve): @@ -971,6 +977,18 @@ class Backend(object): ) return curve_nid + def _mark_asn1_named_ec_curve(self, ec_cdata): + """ + Set the named curve flag on the EC_KEY. This causes OpenSSL to + serialise EC keys along with their curve OID which makes + deserialisation easier. + """ + + self._lib.EC_KEY_set_asn1_flag( + ec_cdata, + self._backend._lib.OPENSSL_EC_NAMED_CURVE + ) + @contextmanager def _tmp_bn_ctx(self): bn_ctx = self._lib.BN_CTX_new() diff --git a/src/cryptography/hazmat/backends/openssl/ec.py b/src/cryptography/hazmat/backends/openssl/ec.py index 56b7893e8..9c616a305 100644 --- a/src/cryptography/hazmat/backends/openssl/ec.py +++ b/src/cryptography/hazmat/backends/openssl/ec.py @@ -167,6 +167,8 @@ class _EllipticCurvePrivateKey(object): res = self._backend._lib.EC_KEY_set_public_key(public_ec_key, point) assert res == 1 + self._backend._mark_asn1_named_ec_curve(public_ec_key) + return _EllipticCurvePublicKey( self._backend, public_ec_key ) |