diff options
author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2016-10-01 07:12:27 -0500 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2016-10-01 08:12:27 -0400 |
commit | 3feeec87b370958ea24595aa30d8d8e953a601f5 (patch) | |
tree | 7d51baa75e060f4d0cb00358db4f781ae06638cd /src | |
parent | 9e66d10732f96eb24861b1a252c8783e75121929 (diff) | |
download | cryptography-3feeec87b370958ea24595aa30d8d8e953a601f5.tar.gz cryptography-3feeec87b370958ea24595aa30d8d8e953a601f5.tar.bz2 cryptography-3feeec87b370958ea24595aa30d8d8e953a601f5.zip |
support encoding IPv4Network and IPv6Network, useful for NameConstraints (#3182)
* support encoding IPv4Network and IPv6Network, useful for NameConstraints
* add changelog entry
* add more networks with full and no masking (/32, /128, /0)
* parametrize the nc tests to fix coverage
Diffstat (limited to 'src')
-rw-r--r-- | src/cryptography/hazmat/backends/openssl/encode_asn1.py | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/encode_asn1.py b/src/cryptography/hazmat/backends/openssl/encode_asn1.py index 467aa88e..284c760c 100644 --- a/src/cryptography/hazmat/backends/openssl/encode_asn1.py +++ b/src/cryptography/hazmat/backends/openssl/encode_asn1.py @@ -5,12 +5,13 @@ from __future__ import absolute_import, division, print_function import calendar +import ipaddress import idna import six -from cryptography import x509 +from cryptography import utils, x509 from cryptography.hazmat.backends.openssl.decode_asn1 import ( _CRL_ENTRY_REASON_ENUM_TO_CODE, _DISTPOINT_TYPE_FULLNAME, _DISTPOINT_TYPE_RELATIVENAME @@ -402,9 +403,19 @@ def _encode_general_name(backend, name): elif isinstance(name, x509.IPAddress): gn = backend._lib.GENERAL_NAME_new() backend.openssl_assert(gn != backend._ffi.NULL) - ipaddr = _encode_asn1_str( - backend, name.value.packed, len(name.value.packed) - ) + if isinstance(name.value, ipaddress.IPv4Network): + packed = ( + name.value.network_address.packed + + utils.int_to_bytes(((1 << 32) - name.value.num_addresses), 4) + ) + elif isinstance(name.value, ipaddress.IPv6Network): + packed = ( + name.value.network_address.packed + + utils.int_to_bytes((1 << 128) - name.value.num_addresses, 16) + ) + else: + packed = name.value.packed + ipaddr = _encode_asn1_str(backend, packed, len(packed)) gn.type = backend._lib.GEN_IPADD gn.d.iPAddress = ipaddr elif isinstance(name, x509.OtherName): |