Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for serializing/deserializing public keys #382

Merged
merged 13 commits into from Oct 28, 2015
Merged

Conversation

@Lukasa
Copy link
Member

@Lukasa Lukasa commented Oct 27, 2015

This is needed for HPKP in urllib3, to avoid using lots of cryptography private functions. It also adds symmetry to the equivalent private key functions.

@reaperhulk
Copy link
Member

@reaperhulk reaperhulk commented Oct 27, 2015

This needs a changelog entry :)

@codecov-io
Copy link

@codecov-io codecov-io commented Oct 27, 2015

Current coverage is 87.73%

Merging #382 into master will increase coverage by +0.14% as of 4e3c3d1

@@            master    #382   diff @@
======================================
  Files            7       7       
  Stmts         2024    2047    +23
  Branches       371     377     +6
  Methods          0       0       
======================================
+ Hit           1773    1796    +23
  Partial        121     121       
  Missed         130     130       

Review entire Coverage Diff as of 4e3c3d1

Powered by Codecov. Updated on successful CI builds.

@Lukasa
Copy link
Member Author

@Lukasa Lukasa commented Oct 27, 2015

@hynek Thoughts on how to hit that last line of the diff? It's going to be tricky to feed something that will cause write_bio to fail. @reaperhulk has some opinions he'd like to share.

@reaperhulk
Copy link
Member

@reaperhulk reaperhulk commented Oct 27, 2015

Covering these failure conditionals is hard and we should really do it with a function like openssl_assert in cryptography :)

@hynek
Copy link
Contributor

@hynek hynek commented Oct 27, 2015

You can put a pragma no cover on it for now. Also please get rid of those dreadful :py: prefixes. :)

@Lukasa
Copy link
Member Author

@Lukasa Lukasa commented Oct 28, 2015

Hooray, all green! \o/

@Lukasa Lukasa mentioned this pull request Oct 28, 2015
@Lukasa
Copy link
Member Author

@Lukasa Lukasa commented Oct 28, 2015

@hynek Done.

@hynek
Copy link
Contributor

@hynek hynek commented Oct 28, 2015

Cory, what was the very first review comment by Paul? ;)

@Lukasa
Copy link
Member Author

@Lukasa Lukasa commented Oct 28, 2015

@hynek I don't read Paul's comments. ;)

"""
Dump a public key to a buffer.
:param type: The file type (one of :py:data:`FILETYPE_PEM` or

This comment has been minimized.

@hynek

hynek Oct 28, 2015
Contributor

Still :py:

:param type: The file type (one of :py:data:`FILETYPE_PEM`,
:data:`FILETYPE_ASN1`).
:param buffer: The buffer the key is stored in.

This comment has been minimized.

@hynek

hynek Oct 28, 2015
Contributor

Please add an explanation what type buffer can be.

"""
Load a public key from a buffer.
:param type: The file type (one of :py:data:`FILETYPE_PEM`,

This comment has been minimized.

@hynek

hynek Oct 28, 2015
Contributor

Still py

@Lukasa
Copy link
Member Author

@Lukasa Lukasa commented Oct 28, 2015

Updated.

:param type: The file type (one of :data:`FILETYPE_PEM`,
:data:`FILETYPE_ASN1`).
:param buffer: The buffer the key is stored in. Must be a Python string

This comment has been minimized.

@hynek

hynek Oct 28, 2015
Contributor

This si what we have :type buffer: for fine sir :)

:data:`FILETYPE_ASN1`).
:param buffer: The buffer the key is stored in. Must be a Python string
object, either unicode or bytestring.
:return: The :class:`PKey` object.

This comment has been minimized.

@hynek

hynek Oct 28, 2015
Contributor

just make this :rtype: PKey

@@ -54,6 +54,8 @@ Changes:
This will default us to the setting that actually works.
To revert this you can call ``OpenSSL.crypto._lib.ASN1_STRING_set_default_mask_asc(b"default")``.
[`#234 <https://github.com/pyca/pyopenssl/pull/234>`_]
- Added :func:`OpenSSL.crypto.dump_publickey` to dump :class:`OpenSSL.crypto.PKey` objects that represent public keys. [`#382 <https://github.com/pyca/pyopenssl/pull/382>`_]

This comment has been minimized.

@hynek

hynek Oct 28, 2015
Contributor

I wouldn’t bother you if there wasn’t anything else, but since there were more changes: could you put the [#num] in separate lines please?

@hynek
Copy link
Contributor

@hynek hynek commented Oct 28, 2015

  1. please move the changelog entries to the top (within the changes section!) :D you can also make it one entry for all I care.
  2. you forgot to add the autofunction directives to crypto.rst :) (we don't do automodule)
:param type: The file type (one of :data:`FILETYPE_PEM` or
:data:`FILETYPE_ASN1`).
:param pkey: The PKey to dump.
:type pkey: :class:`PKey`

This comment has been minimized.

@hynek

hynek Oct 28, 2015
Contributor

How about :param PKey pkey: The public key to dump?

:class: is definitely not necessary if you write type markup (and it's only the one type).

@Lukasa
Copy link
Member Author

@Lukasa Lukasa commented Oct 28, 2015

And updated again. =D

hynek added a commit that referenced this pull request Oct 28, 2015
Support for serializing/deserializing public keys
@hynek hynek merged commit 3ca2eee into pyca:master Oct 28, 2015
2 checks passed
2 checks passed
codecov/patch 100.00% of diff hit (target 100.00%)
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
jsonn pushed a commit to jsonn/pkgsrc that referenced this pull request Apr 20, 2016
Changes:
16.0.0 (2016-03-19)
-------------------
This is the first release under full stewardship of PyCA.
We have made *many* changes to make local development more pleasing.
The test suite now passes both on Linux and OS X with OpenSSL 0.9.8,
1.0.1, and 1.0.2.  It has been moved to `py.test <https://pytest.org/>`_,
all CI test runs are part of `tox <https://testrun.org/tox/>`_ and
the source code has been made fully `flake8
<https://flake8.readthedocs.org/>`_ compliant.

We hope to have lowered the barrier for contributions significantly
but are open to hear about any remaining frustrations.

Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Python 3.2 support has been dropped.
  It never had significant real world usage and has been dropped
  by our main dependency ``cryptography``.  Affected users should
  upgrade to Python 3.3 or later.

Deprecations:
^^^^^^^^^^^^^
- The support for EGD has been removed.
  The only affected function ``OpenSSL.rand.egd()`` now uses
  ``os.urandom()`` to seed the internal PRNG instead.  Please see
  `pyca/cryptography#1636
  <https://github.com/pyca/cryptography/pull/1636>`_ for more
  background information on this decision.  In accordance with our
  backward compatibility policy ``OpenSSL.rand.egd()`` will be
  *removed* no sooner than a year from the release of 16.0.0.
  Please note that you should `use urandom
  <http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/>`_
  for all your secure random number needs.
- Python 2.6 support has been deprecated.
  Our main dependency ``cryptography`` deprecated 2.6 in version
  0.9 (2015-05-14) with no time table for actually dropping it.
  pyOpenSSL will drop Python 2.6 support once ``cryptography``
  does.

Changes:
^^^^^^^^
- Fixed ``OpenSSL.SSL.Context.set_session_id``,
  ``OpenSSL.SSL.Connection.renegotiate``,
  ``OpenSSL.SSL.Connection.renegotiate_pending``, and
  ``OpenSSL.SSL.Context.load_client_ca``.
  They were lacking an implementation since 0.14.  `#422
  <https://github.com/pyca/pyopenssl/pull/422>`_
- Fixed segmentation fault when using keys larger than 4096-bit to sign data.
  `#428 <https://github.com/pyca/pyopenssl/pull/428>`_
- Fixed ``AttributeError`` when ``OpenSSL.SSL.Connection.get_app_data()``
  was called before setting any app data.
  `#304 <https://github.com/pyca/pyopenssl/pull/304>`_
- Added ``OpenSSL.crypto.dump_publickey()`` to dump ``OpenSSL.crypto.PKey``
  objects that represent public keys, and ``OpenSSL.crypto.load_publickey()``
  to load such objects from serialized representations.
  `#382 <https://github.com/pyca/pyopenssl/pull/382>`_
- Added ``OpenSSL.crypto.dump_crl()`` to dump a certificate revocation
  list out to a string buffer.
  `#368 <https://github.com/pyca/pyopenssl/pull/368>`_
- Added ``OpenSSL.SSL.Connection.get_state_string()`` using the
  OpenSSL binding ``state_string_long``.
  `#358 <https://github.com/pyca/pyopenssl/pull/358>`_
- Added support for the ``socket.MSG_PEEK`` flag to
  ``OpenSSL.SSL.Connection.recv()`` and
  ``OpenSSL.SSL.Connection.recv_into()``.
  `#294 <https://github.com/pyca/pyopenssl/pull/294>`_
- Added ``OpenSSL.SSL.Connection.get_protocol_version()`` and
  ``OpenSSL.SSL.Connection.get_protocol_version_name()``.
  `#244 <https://github.com/pyca/pyopenssl/pull/244>`_
- Switched to ``utf8string`` mask by default.
  OpenSSL formerly defaulted to a ``T61String`` if there were UTF-8
  characters present.  This was changed to default to ``UTF8String``
  in the config around 2005, but the actual code didn't change it
  until late last year.  This will default us to the setting that
  actually works.  To revert this you can call
  ``OpenSSL.crypto._lib.ASN1_STRING_set_default_mask_asc(b"default")``.
  `#234 <https://github.com/pyca/pyopenssl/pull/234>`_
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 21, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Linked issues

Successfully merging this pull request may close these issues.

None yet

4 participants