diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2023-01-29 17:16:35 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-01-29 22:16:35 +0000 |
| commit | 6458c38a6b96b808a0e1d0a5b0feda50bb7da4d9 (patch) | |
| tree | a71fd9c2bff1c39c4352f1354b9fce2acbed6c43 /src/cryptography/hazmat | |
| parent | 957524e02eb38a32fe03de384806393d06ba81c5 (diff) | |
| download | cryptography-6458c38a6b96b808a0e1d0a5b0feda50bb7da4d9.tar.gz | |
Use Rust for CRL::is_signature_valid (#8162)
Diffstat (limited to 'src/cryptography/hazmat')
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/backend.py | 35 |
1 files changed, 0 insertions, 35 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index 737415a35..b75bb9e71 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -78,7 +78,6 @@ from cryptography.hazmat.primitives.asymmetric.padding import ( PKCS1v15, ) from cryptography.hazmat.primitives.asymmetric.types import ( - CERTIFICATE_ISSUER_PUBLIC_KEY_TYPES, PRIVATE_KEY_TYPES, PUBLIC_KEY_TYPES, ) @@ -1102,40 +1101,6 @@ class Backend: self.openssl_assert(res == 1) return rust_x509.load_der_x509_certificate(self._read_mem_bio(bio)) - def _crl2ossl(self, crl: x509.CertificateRevocationList) -> typing.Any: - data = crl.public_bytes(serialization.Encoding.DER) - mem_bio = self._bytes_to_bio(data) - x509_crl = self._lib.d2i_X509_CRL_bio(mem_bio.bio, self._ffi.NULL) - self.openssl_assert(x509_crl != self._ffi.NULL) - x509_crl = self._ffi.gc(x509_crl, self._lib.X509_CRL_free) - return x509_crl - - def _crl_is_signature_valid( - self, - crl: x509.CertificateRevocationList, - public_key: CERTIFICATE_ISSUER_PUBLIC_KEY_TYPES, - ) -> bool: - if not isinstance( - public_key, - ( - _DSAPublicKey, - _RSAPublicKey, - _EllipticCurvePublicKey, - ), - ): - raise TypeError( - "Expecting one of DSAPublicKey, RSAPublicKey," - " or EllipticCurvePublicKey." - ) - x509_crl = self._crl2ossl(crl) - res = self._lib.X509_CRL_verify(x509_crl, public_key._evp_pkey) - - if res != 1: - self._consume_errors() - return False - - return True - def _check_keys_correspond(self, key1, key2): if self._lib.EVP_PKEY_cmp(key1._evp_pkey, key2._evp_pkey) != 1: raise ValueError("Keys do not correspond") |