diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2016-01-08 07:21:17 -0500 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2016-01-08 07:21:17 -0500 |
| commit | b3913acb3612e5c941924b15d3de47a2280d4011 (patch) | |
| tree | ffbd8595ca370859bbc678a32b5345606f96f942 | |
| parent | 14d125e3dae32ec329fab88d7293c1554d501422 (diff) | |
| parent | 3a2ae678710e7f61c7fe374e1ebc76e0b4705ecb (diff) | |
| download | cryptography-b3913acb3612e5c941924b15d3de47a2280d4011.tar.gz cryptography-b3913acb3612e5c941924b15d3de47a2280d4011.tar.bz2 cryptography-b3913acb3612e5c941924b15d3de47a2280d4011.zip | |
Merge pull request #2647 from reaperhulk/opaque-evp-pkey
opaque EVP_PKEY since EVP_PKEY_id exists
| -rw-r--r-- | src/_cffi_src/openssl/evp.py | 16 | ||||
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/backend.py | 19 | ||||
| -rw-r--r-- | tests/hazmat/backends/test_openssl.py | 4 |
3 files changed, 23 insertions, 16 deletions
diff --git a/src/_cffi_src/openssl/evp.py b/src/_cffi_src/openssl/evp.py index 6d17cb7c..1d37b814 100644 --- a/src/_cffi_src/openssl/evp.py +++ b/src/_cffi_src/openssl/evp.py @@ -21,10 +21,7 @@ typedef struct env_md_ctx_st { ...; } EVP_MD_CTX; -typedef struct evp_pkey_st { - int type; - ...; -} EVP_PKEY; +typedef ... EVP_PKEY; typedef ... EVP_PKEY_CTX; static const int EVP_PKEY_RSA; static const int EVP_PKEY_DSA; @@ -122,6 +119,8 @@ int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *, const char *, int, int EVP_PKEY_cmp(const EVP_PKEY *, const EVP_PKEY *); EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *); + +int Cryptography_EVP_PKEY_id(const EVP_PKEY *); """ MACROS = """ @@ -230,4 +229,13 @@ int (*EVP_PKEY_assign_EC_KEY)(EVP_PKEY *, EC_KEY *) = NULL; EC_KEY *(*EVP_PKEY_get1_EC_KEY)(EVP_PKEY *) = NULL; int (*EVP_PKEY_set1_EC_KEY)(EVP_PKEY *, EC_KEY *) = NULL; #endif +/* EVP_PKEY_id is not available on 0.9.8 so we'll define our own. This can + be removed when we remove 0.9.8 support. */ +int Cryptography_EVP_PKEY_id(const EVP_PKEY *key) { + #if OPENSSL_VERSION_NUMBER >= 0x10000000L + return EVP_PKEY_id(key); + #else + return key->type; + #endif +} """ diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index 02cfda8f..c3e1db66 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -1077,7 +1077,7 @@ class Backend(object): pointer. """ - key_type = evp_pkey.type + key_type = self._lib.Cryptography_EVP_PKEY_id(evp_pkey) if key_type == self._lib.EVP_PKEY_RSA: rsa_cdata = self._lib.EVP_PKEY_get1_RSA(evp_pkey) @@ -1104,7 +1104,7 @@ class Backend(object): pointer. """ - key_type = evp_pkey.type + key_type = self._lib.Cryptography_EVP_PKEY_id(evp_pkey) if key_type == self._lib.EVP_PKEY_RSA: rsa_cdata = self._lib.EVP_PKEY_get1_RSA(evp_pkey) @@ -2132,19 +2132,20 @@ class Backend(object): else: raise ValueError("Unsupported encryption type") + key_type = self._lib.Cryptography_EVP_PKEY_id(evp_pkey) if encoding is serialization.Encoding.PEM: if format is serialization.PrivateFormat.PKCS8: write_bio = self._lib.PEM_write_bio_PKCS8PrivateKey key = evp_pkey else: assert format is serialization.PrivateFormat.TraditionalOpenSSL - if evp_pkey.type == self._lib.EVP_PKEY_RSA: + if key_type == self._lib.EVP_PKEY_RSA: write_bio = self._lib.PEM_write_bio_RSAPrivateKey - elif evp_pkey.type == self._lib.EVP_PKEY_DSA: + elif key_type == self._lib.EVP_PKEY_DSA: write_bio = self._lib.PEM_write_bio_DSAPrivateKey else: assert self._lib.Cryptography_HAS_EC == 1 - assert evp_pkey.type == self._lib.EVP_PKEY_EC + assert key_type == self._lib.EVP_PKEY_EC write_bio = self._lib.PEM_write_bio_ECPrivateKey key = cdata @@ -2158,9 +2159,7 @@ class Backend(object): "traditional OpenSSL keys" ) - return self._private_key_bytes_traditional_der( - evp_pkey.type, cdata - ) + return self._private_key_bytes_traditional_der(key_type, cdata) else: assert format is serialization.PrivateFormat.PKCS8 write_bio = self._lib.i2d_PKCS8PrivateKey_bio @@ -2210,7 +2209,9 @@ class Backend(object): key = evp_pkey elif format is serialization.PublicFormat.PKCS1: # Only RSA is supported here. - assert evp_pkey.type == self._lib.EVP_PKEY_RSA + assert self._lib.Cryptography_EVP_PKEY_id( + evp_pkey + ) == self._lib.EVP_PKEY_RSA if encoding is serialization.Encoding.PEM: write_bio = self._lib.PEM_write_bio_RSAPublicKey else: diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index ad2daf7d..e0555686 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -10,8 +10,6 @@ import subprocess import sys import textwrap -import pretend - import pytest from cryptography import utils, x509 @@ -621,7 +619,7 @@ class TestOpenSSLSerializationWithOpenSSL(object): assert backend._ffi.string(buf, len(password)) == password def test_unsupported_evp_pkey_type(self): - key = pretend.stub(type="unsupported") + key = backend._create_evp_pkey_gc() with raises_unsupported_algorithm(None): backend._evp_pkey_to_private_key(key) with raises_unsupported_algorithm(None): |