diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2019-10-16 11:51:09 +0800 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2019-10-15 23:51:09 -0400 |
| commit | 9c759d08870d972f1d84e8543130bfb26be4e442 (patch) | |
| tree | 9b4a5e322f9101af20ffa9d570fa79bc9d4b39ad /src | |
| parent | e575e3d482f976c4a1f3203d63ea0f5007a49a2a (diff) | |
| download | cryptography-9c759d08870d972f1d84e8543130bfb26be4e442.tar.gz cryptography-9c759d08870d972f1d84e8543130bfb26be4e442.tar.bz2 cryptography-9c759d08870d972f1d84e8543130bfb26be4e442.zip | |
update openssls (#4995)
* update openssls
* missed one
* what will this do
* only do this check for 1.1.0+
Diffstat (limited to 'src')
| -rw-r--r-- | src/_cffi_src/openssl/ec.py | 2 | ||||
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/ec.py | 18 |
2 files changed, 17 insertions, 3 deletions
diff --git a/src/_cffi_src/openssl/ec.py b/src/_cffi_src/openssl/ec.py index 258afa21..52f60014 100644 --- a/src/_cffi_src/openssl/ec.py +++ b/src/_cffi_src/openssl/ec.py @@ -105,6 +105,8 @@ int EC_POINT_mul(const EC_GROUP *, EC_POINT *, const BIGNUM *, int EC_METHOD_get_field_type(const EC_METHOD *); const char *EC_curve_nid2nist(int); + +int EC_GROUP_get_asn1_flag(const EC_GROUP *); """ CUSTOMIZATIONS = """ diff --git a/src/cryptography/hazmat/backends/openssl/ec.py b/src/cryptography/hazmat/backends/openssl/ec.py index 2ca48091..3d8681b4 100644 --- a/src/cryptography/hazmat/backends/openssl/ec.py +++ b/src/cryptography/hazmat/backends/openssl/ec.py @@ -34,7 +34,19 @@ def _ec_key_curve_sn(backend, ec_key): # an error for now. if nid == backend._lib.NID_undef: raise NotImplementedError( - "ECDSA certificates with unnamed curves are unsupported " + "ECDSA keys with unnamed curves are unsupported " + "at this time" + ) + + # This is like the above check, but it also catches the case where you + # explicitly encoded a curve with the same parameters as a named curve. + # Don't do that. + if ( + backend._lib.CRYPTOGRAPHY_OPENSSL_110_OR_GREATER and + backend._lib.EC_GROUP_get_asn1_flag(group) == 0 + ): + raise NotImplementedError( + "ECDSA keys with unnamed curves are unsupported " "at this time" ) @@ -127,12 +139,12 @@ class _ECDSAVerificationContext(object): class _EllipticCurvePrivateKey(object): def __init__(self, backend, ec_key_cdata, evp_pkey): self._backend = backend - _mark_asn1_named_ec_curve(backend, ec_key_cdata) self._ec_key = ec_key_cdata self._evp_pkey = evp_pkey sn = _ec_key_curve_sn(backend, ec_key_cdata) self._curve = _sn_to_elliptic_curve(backend, sn) + _mark_asn1_named_ec_curve(backend, ec_key_cdata) curve = utils.read_only_property("_curve") @@ -229,12 +241,12 @@ class _EllipticCurvePrivateKey(object): class _EllipticCurvePublicKey(object): def __init__(self, backend, ec_key_cdata, evp_pkey): self._backend = backend - _mark_asn1_named_ec_curve(backend, ec_key_cdata) self._ec_key = ec_key_cdata self._evp_pkey = evp_pkey sn = _ec_key_curve_sn(backend, ec_key_cdata) self._curve = _sn_to_elliptic_curve(backend, sn) + _mark_asn1_named_ec_curve(backend, ec_key_cdata) curve = utils.read_only_property("_curve") |