Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
convert the rest of the openssl backend to using openssl_assert
  • Loading branch information
@reaperhulk
reaperhulk committed Sep 25, 2015
1 parent 71c2f2c commit 2917e46
Show file tree
Hide file tree
Showing 8 changed files with 90 additions and 87 deletions.
21 changes: 10 additions & 11 deletions src/cryptography/hazmat/backends/openssl/ciphers.py
View file
Expand Up @@ -66,24 +66,24 @@ def __init__(self, backend, cipher, mode, operation):
self._backend._ffi.NULL,
self._backend._ffi.NULL,
operation)
assert res != 0
self._backend.openssl_assert(res != 0)
# set the key length to handle variable key ciphers
res = self._backend._lib.EVP_CIPHER_CTX_set_key_length(
ctx, len(cipher.key)
)
assert res != 0
self._backend.openssl_assert(res != 0)
if isinstance(mode, modes.GCM):
res = self._backend._lib.EVP_CIPHER_CTX_ctrl(
ctx, self._backend._lib.EVP_CTRL_GCM_SET_IVLEN,
len(iv_nonce), self._backend._ffi.NULL
)
assert res != 0
self._backend.openssl_assert(res != 0)
if operation == self._DECRYPT:
res = self._backend._lib.EVP_CIPHER_CTX_ctrl(
ctx, self._backend._lib.EVP_CTRL_GCM_SET_TAG,
len(mode.tag), mode.tag
)
assert res != 0
self._backend.openssl_assert(res != 0)

# pass key/iv
res = self._backend._lib.EVP_CipherInit_ex(
Expand All @@ -94,7 +94,7 @@ def __init__(self, backend, cipher, mode, operation):
iv_nonce,
operation
)
assert res != 0
self._backend.openssl_assert(res != 0)
# We purposely disable padding here as it's handled higher up in the
# API.
self._backend._lib.EVP_CIPHER_CTX_set_padding(ctx, 0)
Expand All @@ -115,7 +115,7 @@ def update(self, data):
outlen = self._backend._ffi.new("int *")
res = self._backend._lib.EVP_CipherUpdate(self._ctx, buf, outlen, data,
len(data))
assert res != 0
self._backend.openssl_assert(res != 0)
return self._backend._ffi.buffer(buf)[:outlen[0]]

def finalize(self):
Expand Down Expand Up @@ -164,19 +164,19 @@ def finalize(self):
self._ctx, self._backend._lib.EVP_CTRL_GCM_GET_TAG,
block_byte_size, tag_buf
)
assert res != 0
self._backend.openssl_assert(res != 0)
self._tag = self._backend._ffi.buffer(tag_buf)[:]

res = self._backend._lib.EVP_CIPHER_CTX_cleanup(self._ctx)
assert res == 1
self._backend.openssl_assert(res == 1)
return self._backend._ffi.buffer(buf)[:outlen[0]]

def authenticate_additional_data(self, data):
outlen = self._backend._ffi.new("int *")
res = self._backend._lib.EVP_CipherUpdate(
self._ctx, self._backend._ffi.NULL, outlen, data, len(data)
)
assert res != 0
self._backend.openssl_assert(res != 0)

tag = utils.read_only_property("_tag")

Expand All @@ -191,11 +191,10 @@ def __init__(self, backend, cipher, mode):
self._backend = backend

self._key = self._backend._ffi.new("AES_KEY *")
assert self._key != self._backend._ffi.NULL
res = self._backend._lib.AES_set_encrypt_key(
cipher.key, len(cipher.key) * 8, self._key
)
assert res == 0
self._backend.openssl_assert(res == 0)
self._ecount = self._backend._ffi.new("char[]", 16)
self._nonce = self._backend._ffi.new("char[16]", mode.nonce)
self._num = self._backend._ffi.new("unsigned int *", 0)
Expand Down
8 changes: 4 additions & 4 deletions src/cryptography/hazmat/backends/openssl/cmac.py
View file
Expand Up @@ -33,7 +33,7 @@ def __init__(self, backend, algorithm, ctx=None):

ctx = self._backend._lib.CMAC_CTX_new()

assert ctx != self._backend._ffi.NULL
self._backend.openssl_assert(ctx != self._backend._ffi.NULL)
ctx = self._backend._ffi.gc(ctx, self._backend._lib.CMAC_CTX_free)

self._backend._lib.CMAC_Init(
Expand All @@ -47,15 +47,15 @@ def __init__(self, backend, algorithm, ctx=None):

def update(self, data):
res = self._backend._lib.CMAC_Update(self._ctx, data, len(data))
assert res == 1
self._backend.openssl_assert(res == 1)

def finalize(self):
buf = self._backend._ffi.new("unsigned char[]", self._output_length)
length = self._backend._ffi.new("size_t *", self._output_length)
res = self._backend._lib.CMAC_Final(
self._ctx, buf, length
)
assert res == 1
self._backend.openssl_assert(res == 1)

self._ctx = None

Expand All @@ -69,7 +69,7 @@ def copy(self):
res = self._backend._lib.CMAC_CTX_copy(
copied_ctx, self._ctx
)
assert res == 1
self._backend.openssl_assert(res == 1)
return _CMACContext(
self._backend, self._algorithm, ctx=copied_ctx
)
Expand Down
8 changes: 4 additions & 4 deletions src/cryptography/hazmat/backends/openssl/dsa.py
View file
Expand Up @@ -82,7 +82,7 @@ def finalize(self):
res = self._backend._lib.DSA_sign(
0, data_to_sign, len(data_to_sign), sig_buf,
buflen, self._private_key._dsa_cdata)
assert res == 1
self._backend.openssl_assert(res == 1)
assert buflen[0]

return self._backend._ffi.buffer(sig_buf)[:buflen[0]]
Expand Down Expand Up @@ -133,7 +133,7 @@ def private_numbers(self):

def public_key(self):
dsa_cdata = self._backend._lib.DSA_new()
assert dsa_cdata != self._backend._ffi.NULL
self._backend.openssl_assert(dsa_cdata != self._backend._ffi.NULL)
dsa_cdata = self._backend._ffi.gc(
dsa_cdata, self._backend._lib.DSA_free
)
Expand All @@ -146,7 +146,7 @@ def public_key(self):

def parameters(self):
dsa_cdata = self._backend._lib.DSA_new()
assert dsa_cdata != self._backend._ffi.NULL
self._backend.openssl_assert(dsa_cdata != self._backend._ffi.NULL)
dsa_cdata = self._backend._ffi.gc(
dsa_cdata, self._backend._lib.DSA_free
)
Expand Down Expand Up @@ -195,7 +195,7 @@ def public_numbers(self):

def parameters(self):
dsa_cdata = self._backend._lib.DSA_new()
assert dsa_cdata != self._backend._ffi.NULL
self._backend.openssl_assert(dsa_cdata != self._backend._ffi.NULL)
dsa_cdata = self._backend._ffi.gc(
dsa_cdata, self._backend._lib.DSA_free
)
Expand Down
24 changes: 12 additions & 12 deletions src/cryptography/hazmat/backends/openssl/ec.py
View file
Expand Up @@ -30,10 +30,10 @@ def _truncate_digest_for_ecdsa(ec_key_cdata, digest, backend):

with backend._tmp_bn_ctx() as bn_ctx:
order = _lib.BN_CTX_get(bn_ctx)
assert order != _ffi.NULL
backend.openssl_assert(order != _ffi.NULL)

res = _lib.EC_GROUP_get_order(group, order, bn_ctx)
assert res == 1
backend.openssl_assert(res == 1)

order_bits = _lib.BN_num_bits(order)

Expand All @@ -42,7 +42,7 @@ def _truncate_digest_for_ecdsa(ec_key_cdata, digest, backend):

def _ec_key_curve_sn(backend, ec_key):
group = backend._lib.EC_KEY_get0_group(ec_key)
assert group != backend._ffi.NULL
backend.openssl_assert(group != backend._ffi.NULL)

nid = backend._lib.EC_GROUP_get_curve_name(group)
# The following check is to find EC keys with unnamed curves and raise
Expand All @@ -54,7 +54,7 @@ def _ec_key_curve_sn(backend, ec_key):
)

curve_name = backend._lib.OBJ_nid2sn(nid)
assert curve_name != backend._ffi.NULL
backend.openssl_assert(curve_name != backend._ffi.NULL)

sn = backend._ffi.string(curve_name).decode('ascii')
return sn
Expand Down Expand Up @@ -100,7 +100,7 @@ def finalize(self):
digest = _truncate_digest_for_ecdsa(ec_key, digest, self._backend)

max_size = self._backend._lib.ECDSA_size(ec_key)
assert max_size > 0
self._backend.openssl_assert(max_size > 0)

sigbuf = self._backend._ffi.new("char[]", max_size)
siglen_ptr = self._backend._ffi.new("unsigned int[]", 1)
Expand All @@ -112,7 +112,7 @@ def finalize(self):
siglen_ptr,
ec_key
)
assert res == 1
self._backend.openssl_assert(res == 1)
return self._backend._ffi.buffer(sigbuf)[:siglen_ptr[0]]


Expand Down Expand Up @@ -173,21 +173,21 @@ def signer(self, signature_algorithm):

def public_key(self):
group = self._backend._lib.EC_KEY_get0_group(self._ec_key)
assert group != self._backend._ffi.NULL
self._backend.openssl_assert(group != self._backend._ffi.NULL)

curve_nid = self._backend._lib.EC_GROUP_get_curve_name(group)

public_ec_key = self._backend._lib.EC_KEY_new_by_curve_name(curve_nid)
assert public_ec_key != self._backend._ffi.NULL
self._backend.openssl_assert(public_ec_key != self._backend._ffi.NULL)
public_ec_key = self._backend._ffi.gc(
public_ec_key, self._backend._lib.EC_KEY_free
)

point = self._backend._lib.EC_KEY_get0_public_key(self._ec_key)
assert point != self._backend._ffi.NULL
self._backend.openssl_assert(point != self._backend._ffi.NULL)

res = self._backend._lib.EC_KEY_set_public_key(public_ec_key, point)
assert res == 1
self._backend.openssl_assert(res == 1)

evp_pkey = self._backend._ec_cdata_to_evp_pkey(public_ec_key)

Expand Down Expand Up @@ -242,14 +242,14 @@ def public_numbers(self):
self._backend._ec_key_determine_group_get_set_funcs(self._ec_key)
)
point = self._backend._lib.EC_KEY_get0_public_key(self._ec_key)
assert point != self._backend._ffi.NULL
self._backend.openssl_assert(point != self._backend._ffi.NULL)

with self._backend._tmp_bn_ctx() as bn_ctx:
bn_x = self._backend._lib.BN_CTX_get(bn_ctx)
bn_y = self._backend._lib.BN_CTX_get(bn_ctx)

res = get_func(group, point, bn_x, bn_y, bn_ctx)
assert res == 1
self._backend.openssl_assert(res == 1)

x = self._backend._bn_to_int(bn_x)
y = self._backend._bn_to_int(bn_y)
Expand Down
10 changes: 5 additions & 5 deletions src/cryptography/hazmat/backends/openssl/hashes.py
View file
Expand Up @@ -31,7 +31,7 @@ def __init__(self, backend, algorithm, ctx=None):
)
res = self._backend._lib.EVP_DigestInit_ex(ctx, evp_md,
self._backend._ffi.NULL)
assert res != 0
self._backend.openssl_assert(res != 0)

self._ctx = ctx

Expand All @@ -43,20 +43,20 @@ def copy(self):
copied_ctx, self._backend._lib.EVP_MD_CTX_destroy
)
res = self._backend._lib.EVP_MD_CTX_copy_ex(copied_ctx, self._ctx)
assert res != 0
self._backend.openssl_assert(res != 0)
return _HashContext(self._backend, self.algorithm, ctx=copied_ctx)

def update(self, data):
res = self._backend._lib.EVP_DigestUpdate(self._ctx, data, len(data))
assert res != 0
self._backend.openssl_assert(res != 0)

def finalize(self):
buf = self._backend._ffi.new("unsigned char[]",
self._backend._lib.EVP_MAX_MD_SIZE)
outlen = self._backend._ffi.new("unsigned int *")
res = self._backend._lib.EVP_DigestFinal_ex(self._ctx, buf, outlen)
assert res != 0
self._backend.openssl_assert(res != 0)
assert outlen[0] == self.algorithm.digest_size
res = self._backend._lib.EVP_MD_CTX_cleanup(self._ctx)
assert res == 1
self._backend.openssl_assert(res == 1)
return self._backend._ffi.buffer(buf)[:outlen[0]]
8 changes: 4 additions & 4 deletions src/cryptography/hazmat/backends/openssl/hmac.py
View file
Expand Up @@ -36,7 +36,7 @@ def __init__(self, backend, key, algorithm, ctx=None):
res = self._backend._lib.Cryptography_HMAC_Init_ex(
ctx, key, len(key), evp_md, self._backend._ffi.NULL
)
assert res != 0
self._backend.openssl_assert(res != 0)

self._ctx = ctx
self._key = key
Expand All @@ -52,7 +52,7 @@ def copy(self):
res = self._backend._lib.Cryptography_HMAC_CTX_copy(
copied_ctx, self._ctx
)
assert res != 0
self._backend.openssl_assert(res != 0)
return _HMACContext(
self._backend, self._key, self.algorithm, ctx=copied_ctx
)
Expand All @@ -61,7 +61,7 @@ def update(self, data):
res = self._backend._lib.Cryptography_HMAC_Update(
self._ctx, data, len(data)
)
assert res != 0
self._backend.openssl_assert(res != 0)

def finalize(self):
buf = self._backend._ffi.new("unsigned char[]",
Expand All @@ -70,7 +70,7 @@ def finalize(self):
res = self._backend._lib.Cryptography_HMAC_Final(
self._ctx, buf, outlen
)
assert res != 0
self._backend.openssl_assert(res != 0)
assert outlen[0] == self.algorithm.digest_size
self._backend._lib.HMAC_CTX_cleanup(self._ctx)
return self._backend._ffi.buffer(buf)[:outlen[0]]
Expand Down

0 comments on commit 2917e46

Please sign in to comment.