diff options
-rw-r--r-- | src/cryptography/hazmat/backends/openssl/ec.py | 8 | ||||
-rw-r--r-- | src/cryptography/hazmat/backends/openssl/x509.py | 19 | ||||
-rw-r--r-- | src/cryptography/hazmat/primitives/serialization.py | 4 |
3 files changed, 9 insertions, 22 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/ec.py b/src/cryptography/hazmat/backends/openssl/ec.py index e413d525..33d5b498 100644 --- a/src/cryptography/hazmat/backends/openssl/ec.py +++ b/src/cryptography/hazmat/backends/openssl/ec.py @@ -43,7 +43,13 @@ def _ec_key_curve_sn(backend, ec_key): assert group != backend._ffi.NULL nid = backend._lib.EC_GROUP_get_curve_name(group) - assert nid != backend._lib.NID_undef + # The following check is to find EC keys with unnamed curves and raise + # an error for now. + if nid == backend._lib.NID_undef: + raise NotImplementedError( + "ECDSA certificates with unnamed curves are unsupported " + "at this time" + ) curve_name = backend._lib.OBJ_nid2sn(nid) assert curve_name != backend._ffi.NULL diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index 0828f3cc..66c99c9f 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -63,25 +63,6 @@ class _Certificate(object): pkey = self._backend._lib.X509_get_pubkey(self._x509) assert pkey != self._backend._ffi.NULL pkey = self._backend._ffi.gc(pkey, self._backend._lib.EVP_PKEY_free) - # The following check is to find ECDSA certificates with unnamed - # curves and raise an error for now. - if ( - self._backend._lib.Cryptography_HAS_EC == 1 and - pkey.type == self._backend._lib.EVP_PKEY_EC - ): - ec_cdata = self._backend._lib.EVP_PKEY_get1_EC_KEY(pkey) - assert ec_cdata != self._backend._ffi.NULL - ec_cdata = self._backend._ffi.gc( - ec_cdata, self._backend._lib.EC_KEY_free - ) - group = self._backend._lib.EC_KEY_get0_group(ec_cdata) - assert group != self._backend._ffi.NULL - nid = self._backend._lib.EC_GROUP_get_curve_name(group) - if nid == self._backend._lib.NID_undef: - raise NotImplementedError( - "ECDSA certificates with unnamed curves are unsupported " - "at this time" - ) return self._backend._evp_pkey_to_public_key(pkey) diff --git a/src/cryptography/hazmat/primitives/serialization.py b/src/cryptography/hazmat/primitives/serialization.py index 9d384fc7..f080ea86 100644 --- a/src/cryptography/hazmat/primitives/serialization.py +++ b/src/cryptography/hazmat/primitives/serialization.py @@ -85,7 +85,7 @@ def _load_ssh_rsa_public_key(decoded_data, backend): if rest: raise ValueError('Key body contains extra bytes.') - return backend.load_rsa_public_numbers(RSAPublicNumbers(e, n)) + return RSAPublicNumbers(e, n).public_key(backend) def _load_ssh_dss_public_key(decoded_data, backend): @@ -105,7 +105,7 @@ def _load_ssh_dss_public_key(decoded_data, backend): parameter_numbers = DSAParameterNumbers(p, q, g) public_numbers = DSAPublicNumbers(y, parameter_numbers) - return backend.load_dsa_public_numbers(public_numbers) + return public_numbers.public_key(backend) def _read_next_string(data): |