From d60796a38fe7b08b84e62203e91945c87b6d1a8e Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Sun, 7 May 2023 08:27:29 -0500 Subject: Use parameters instead of oids in another place (#8880) --- src/rust/cryptography-x509/src/common.rs | 2 +- src/rust/src/x509/ocsp.rs | 17 ++++++++++------- src/rust/src/x509/ocsp_req.rs | 2 +- src/rust/src/x509/ocsp_resp.rs | 2 +- 4 files changed, 13 insertions(+), 10 deletions(-) diff --git a/src/rust/cryptography-x509/src/common.rs b/src/rust/cryptography-x509/src/common.rs index f44308a85..65e583f11 100644 --- a/src/rust/cryptography-x509/src/common.rs +++ b/src/rust/cryptography-x509/src/common.rs @@ -19,7 +19,7 @@ impl AlgorithmIdentifier<'_> { } } -#[derive(asn1::Asn1DefinedByRead, asn1::Asn1DefinedByWrite, PartialEq, Hash, Clone)] +#[derive(asn1::Asn1DefinedByRead, asn1::Asn1DefinedByWrite, PartialEq, Eq, Hash, Clone)] pub enum AlgorithmParameters<'a> { #[defined_by(oid::SHA1_OID)] Sha1(asn1::Null), diff --git a/src/rust/src/x509/ocsp.rs b/src/rust/src/x509/ocsp.rs index 53a0f2c4e..afa0b026e 100644 --- a/src/rust/src/x509/ocsp.rs +++ b/src/rust/src/x509/ocsp.rs @@ -5,20 +5,23 @@ use crate::error::CryptographyResult; use crate::x509; use crate::x509::certificate::Certificate; +use cryptography_x509::common; use cryptography_x509::ocsp_req::CertID; -use cryptography_x509::{common, oid}; use once_cell::sync::Lazy; use std::collections::HashMap; -pub(crate) static OIDS_TO_HASH: Lazy> = Lazy::new(|| { +pub(crate) static ALGORITHM_PARAMETERS_TO_HASH: Lazy< + HashMap, &str>, +> = Lazy::new(|| { let mut h = HashMap::new(); - h.insert(&oid::SHA1_OID, "SHA1"); - h.insert(&oid::SHA224_OID, "SHA224"); - h.insert(&oid::SHA256_OID, "SHA256"); - h.insert(&oid::SHA384_OID, "SHA384"); - h.insert(&oid::SHA512_OID, "SHA512"); + h.insert(common::AlgorithmParameters::Sha1(()), "SHA1"); + h.insert(common::AlgorithmParameters::Sha224(()), "SHA224"); + h.insert(common::AlgorithmParameters::Sha256(()), "SHA256"); + h.insert(common::AlgorithmParameters::Sha384(()), "SHA384"); + h.insert(common::AlgorithmParameters::Sha512(()), "SHA512"); h }); + pub(crate) static HASH_NAME_TO_ALGORITHM_IDENTIFIERS: Lazy< HashMap<&str, common::AlgorithmIdentifier<'_>>, > = Lazy::new(|| { diff --git a/src/rust/src/x509/ocsp_req.rs b/src/rust/src/x509/ocsp_req.rs index b8faedb09..235ac6ee1 100644 --- a/src/rust/src/x509/ocsp_req.rs +++ b/src/rust/src/x509/ocsp_req.rs @@ -86,7 +86,7 @@ impl OCSPRequest { let cert_id = self.cert_id(); let hashes = py.import(pyo3::intern!(py, "cryptography.hazmat.primitives.hashes"))?; - match ocsp::OIDS_TO_HASH.get(&cert_id.hash_algorithm.oid()) { + match ocsp::ALGORITHM_PARAMETERS_TO_HASH.get(&cert_id.hash_algorithm.params) { Some(alg_name) => Ok(hashes.getattr(*alg_name)?.call0()?), None => Err(CryptographyError::from( exceptions::UnsupportedAlgorithm::new_err(format!( diff --git a/src/rust/src/x509/ocsp_resp.rs b/src/rust/src/x509/ocsp_resp.rs index 15cf99d9f..942822b48 100644 --- a/src/rust/src/x509/ocsp_resp.rs +++ b/src/rust/src/x509/ocsp_resp.rs @@ -479,7 +479,7 @@ fn singleresp_py_hash_algorithm<'p>( py: pyo3::Python<'p>, ) -> Result<&'p pyo3::PyAny, CryptographyError> { let hashes = py.import(pyo3::intern!(py, "cryptography.hazmat.primitives.hashes"))?; - match ocsp::OIDS_TO_HASH.get(&resp.cert_id.hash_algorithm.oid()) { + match ocsp::ALGORITHM_PARAMETERS_TO_HASH.get(&resp.cert_id.hash_algorithm.params) { Some(alg_name) => Ok(hashes.getattr(*alg_name)?.call0()?), None => Err(CryptographyError::from( exceptions::UnsupportedAlgorithm::new_err(format!( -- cgit v1.2.1