diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2017-09-09 07:03:50 +0800 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2017-09-08 19:03:50 -0400 |
| commit | d4bde9ce6668bb019f9c9db4cd26280e6cf7fa21 (patch) | |
| tree | 767e7044ffb9b2fb92c425300b0388f3980fe418 /src | |
| parent | 52067bc300ec37c1b4a4b889fd7828600f5b9ce1 (diff) | |
| download | cryptography-d4bde9ce6668bb019f9c9db4cd26280e6cf7fa21.tar.gz cryptography-d4bde9ce6668bb019f9c9db4cd26280e6cf7fa21.tar.bz2 cryptography-d4bde9ce6668bb019f9c9db4cd26280e6cf7fa21.zip | |
RSA OAEP label support for OpenSSL 1.0.2+ (#3897)
* RSA OAEP label support for OpenSSL 1.0.2+
* changelog
* move around tests, address review feedback, use backend supported method
* unsupported padding catches this now
Diffstat (limited to 'src')
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/backend.py | 6 | ||||
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/rsa.py | 18 |
2 files changed, 20 insertions, 4 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index 6c9ef84f..d9a5bdf2 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -547,7 +547,11 @@ class Backend(object): elif isinstance(padding, OAEP) and isinstance(padding._mgf, MGF1): return ( self._oaep_hash_supported(padding._mgf._algorithm) and - self._oaep_hash_supported(padding._algorithm) + self._oaep_hash_supported(padding._algorithm) and + ( + (padding._label is None or len(padding._label) == 0) or + self._lib.Cryptography_HAS_RSA_OAEP_LABEL == 1 + ) ) else: return False diff --git a/src/cryptography/hazmat/backends/openssl/rsa.py b/src/cryptography/hazmat/backends/openssl/rsa.py index 839ef147..05b4e9dc 100644 --- a/src/cryptography/hazmat/backends/openssl/rsa.py +++ b/src/cryptography/hazmat/backends/openssl/rsa.py @@ -57,9 +57,6 @@ def _enc_dec_rsa(backend, key, data, padding): _Reasons.UNSUPPORTED_PADDING ) - if padding._label is not None and padding._label != b"": - raise ValueError("This backend does not support OAEP labels.") - else: raise UnsupportedAlgorithm( "{0} is not supported by this backend.".format( @@ -106,6 +103,21 @@ def _enc_dec_rsa_pkey_ctx(backend, key, data, padding_enum, padding): res = backend._lib.EVP_PKEY_CTX_set_rsa_oaep_md(pkey_ctx, oaep_md) backend.openssl_assert(res > 0) + if ( + isinstance(padding, OAEP) and + padding._label is not None and + len(padding._label) > 0 + ): + # set0_rsa_oaep_label takes ownership of the char * so we need to + # copy it into some new memory + labelptr = backend._lib.OPENSSL_malloc(len(padding._label)) + backend.openssl_assert(labelptr != backend._ffi.NULL) + backend._ffi.memmove(labelptr, padding._label, len(padding._label)) + res = backend._lib.EVP_PKEY_CTX_set0_rsa_oaep_label( + pkey_ctx, labelptr, len(padding._label) + ) + backend.openssl_assert(res == 1) + outlen = backend._ffi.new("size_t *", buf_size) buf = backend._ffi.new("unsigned char[]", buf_size) res = crypt(pkey_ctx, buf, outlen, data, len(data)) |