From d7cc80f22f9be184e4ce61c51fd7555b127a8e32 Mon Sep 17 00:00:00 2001
From: Alex Stapleton <alexs@prol.etari.at>
Date: Sat, 13 Dec 2014 19:58:25 +0000
Subject: Set OPENSSL_EC_NAMED_CURVE on our EC_KEY instances

This means any X.509 certs generated from our keys will be encoded
along with the curve OID so that we can still load them afterwards.
---
 src/cryptography/hazmat/backends/openssl/backend.py | 18 ++++++++++++++++++
 src/cryptography/hazmat/backends/openssl/ec.py      |  2 ++
 2 files changed, 20 insertions(+)

diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index daccf5ca..95e31264 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -896,6 +896,8 @@ class Backend(object):
             res = self._lib.EC_KEY_check_key(ec_cdata)
             assert res == 1
 
+            self._mark_asn1_named_ec_curve(ec_cdata)
+
             return _EllipticCurvePrivateKey(self, ec_cdata)
         else:
             raise UnsupportedAlgorithm(
@@ -928,6 +930,8 @@ class Backend(object):
             ec_cdata, self._int_to_bn(numbers.private_value))
         assert res == 1
 
+        self._mark_asn1_named_ec_curve(ec_cdata)
+
         return _EllipticCurvePrivateKey(self, ec_cdata)
 
     def elliptic_curve_public_key_from_numbers(self, numbers):
@@ -949,6 +953,8 @@ class Backend(object):
         ec_cdata = self._ec_key_set_public_key_affine_coordinates(
             ec_cdata, numbers.x, numbers.y)
 
+        self._mark_asn1_named_ec_curve(ec_cdata)
+
         return _EllipticCurvePublicKey(self, ec_cdata)
 
     def _elliptic_curve_to_nid(self, curve):
@@ -971,6 +977,18 @@ class Backend(object):
             )
         return curve_nid
 
+    def _mark_asn1_named_ec_curve(self, ec_cdata):
+        """
+        Set the named curve flag on the EC_KEY. This causes OpenSSL to
+        serialise EC keys along with their curve OID which makes
+        deserialisation easier.
+        """
+
+        self._lib.EC_KEY_set_asn1_flag(
+            ec_cdata,
+            self._backend._lib.OPENSSL_EC_NAMED_CURVE
+        )
+
     @contextmanager
     def _tmp_bn_ctx(self):
         bn_ctx = self._lib.BN_CTX_new()
diff --git a/src/cryptography/hazmat/backends/openssl/ec.py b/src/cryptography/hazmat/backends/openssl/ec.py
index 56b7893e..9c616a30 100644
--- a/src/cryptography/hazmat/backends/openssl/ec.py
+++ b/src/cryptography/hazmat/backends/openssl/ec.py
@@ -167,6 +167,8 @@ class _EllipticCurvePrivateKey(object):
         res = self._backend._lib.EC_KEY_set_public_key(public_ec_key, point)
         assert res == 1
 
+        self._backend._mark_asn1_named_ec_curve(public_ec_key)
+
         return _EllipticCurvePublicKey(
             self._backend, public_ec_key
         )
-- 
cgit v1.2.3