handle unnamed-but-really-named curves in 1.0.2u (#5362)

* handle unnamed-but-really-named curves in 1.0.2u

* handle openssl 1.0.2 not supporting better install commands on make

* do what openssl didn't feel was necessary in 1.0.2t/u

I didn't bind the named curve constant, fight me.

.travis.yml

@@ -30,6 +30,8 @@ matrix:
           dist: xenial
         - python: pypy3.6-7.3.1
           env: TOXENV=pypy3-nocoverage
+        - python: 3.8
+          env: TOXENV=py38 OPENSSL=1.0.2u
         - python: 2.7
           env: TOXENV=py27 OPENSSL=1.1.0l
         - python: 2.7

.travis/install.sh

@@ -25,9 +25,14 @@ if [ -n "${OPENSSL}" ]; then
         shlib_sed
         make depend
         make -j"$(nproc)"
-        # avoid installing the docs
-        # https://github.com/openssl/openssl/issues/6685#issuecomment-403838728
-        make install_sw install_ssldirs
+        # CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
+        if [ "${OPENSSL}" == "1.0.2u" ]; then
+            make install
+        else
+            # avoid installing the docs on versions of OpenSSL that aren't ancient.
+            # https://github.com/openssl/openssl/issues/6685#issuecomment-403838728
+            make install_sw install_ssldirs
+        fi
         popd
     fi
 elif [ -n "${LIBRESSL}" ]; then

src/_cffi_src/openssl/cryptography.py

@@ -35,6 +35,8 @@
 
 #define CRYPTOGRAPHY_OPENSSL_102L_OR_GREATER \
     (OPENSSL_VERSION_NUMBER >= 0x100020cf && !CRYPTOGRAPHY_IS_LIBRESSL)
+#define CRYPTOGRAPHY_OPENSSL_102U_OR_GREATER \
+    (OPENSSL_VERSION_NUMBER >= 0x1000215fL && !CRYPTOGRAPHY_IS_LIBRESSL)
 #define CRYPTOGRAPHY_OPENSSL_110_OR_GREATER \
     (OPENSSL_VERSION_NUMBER >= 0x10100000 && !CRYPTOGRAPHY_IS_LIBRESSL)
 #define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER \
@@ -62,6 +64,7 @@
 
 TYPES = """
 static const int CRYPTOGRAPHY_OPENSSL_102L_OR_GREATER;
+static const int CRYPTOGRAPHY_OPENSSL_102U_OR_GREATER;
 static const int CRYPTOGRAPHY_OPENSSL_110_OR_GREATER;
 static const int CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER;
 

src/cryptography/hazmat/backends/openssl/backend.py

@@ -1578,8 +1578,19 @@ def derive_elliptic_curve_private_key(self, private_value, curve):
 
     def _ec_key_new_by_curve(self, curve):
         curve_nid = self._elliptic_curve_to_nid(curve)
+        return self._ec_key_new_by_curve_nid(curve_nid)
+
+    def _ec_key_new_by_curve_nid(self, curve_nid):
         ec_cdata = self._lib.EC_KEY_new_by_curve_name(curve_nid)
         self.openssl_assert(ec_cdata != self._ffi.NULL)
+        # Setting the ASN.1 flag to OPENSSL_EC_NAMED_CURVE is
+        # only necessary on OpenSSL 1.0.2t/u. Once we drop support for 1.0.2
+        # we can remove this as it's done automatically when getting an EC_KEY
+        # from new_by_curve_name
+        # CRYPTOGRAPHY_OPENSSL_102U_OR_GREATER
+        self._lib.EC_KEY_set_asn1_flag(
+            ec_cdata, backend._lib.OPENSSL_EC_NAMED_CURVE
+        )
         return self._ffi.gc(ec_cdata, self._lib.EC_KEY_free)
 
     def load_der_ocsp_request(self, data):

src/cryptography/hazmat/backends/openssl/ec.py

@@ -47,7 +47,7 @@ def _ec_key_curve_sn(backend, ec_key):
     # explicitly encoded a curve with the same parameters as a named curve.
     # Don't do that.
     if (
-        backend._lib.CRYPTOGRAPHY_OPENSSL_110_OR_GREATER
+        backend._lib.CRYPTOGRAPHY_OPENSSL_102U_OR_GREATER
         and backend._lib.EC_GROUP_get_asn1_flag(group) == 0
     ):
         raise NotImplementedError(
@@ -199,12 +199,7 @@ def public_key(self):
         self._backend.openssl_assert(group != self._backend._ffi.NULL)
 
         curve_nid = self._backend._lib.EC_GROUP_get_curve_name(group)
-
-        public_ec_key = self._backend._lib.EC_KEY_new_by_curve_name(curve_nid)
-        self._backend.openssl_assert(public_ec_key != self._backend._ffi.NULL)
-        public_ec_key = self._backend._ffi.gc(
-            public_ec_key, self._backend._lib.EC_KEY_free
-        )
+        public_ec_key = self._backend._ec_key_new_by_curve_nid(curve_nid)
 
         point = self._backend._lib.EC_KEY_get0_public_key(self._ec_key)
         self._backend.openssl_assert(point != self._backend._ffi.NULL)