Skip to content

Commit

Permalink
Fix OpenSSL 3.0 change with EVP_PKEY_size() to work with cffi also
Browse files Browse the repository at this point in the history
  • Loading branch information
@wbond
wbond committed Mar 9, 2022
1 parent 13cc9fa commit e074131
Show file tree
Hide file tree
Showing 3 changed files with 33 additions and 10 deletions.
10 changes: 9 additions & 1 deletion oscrypto/_openssl/_libcrypto_cffi.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,6 @@
EVP_PKEY *X509_get_pubkey(X509 *x);
void X509_free(X509 *a);
int EVP_PKEY_size(EVP_PKEY *pkey);
RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
void RSA_free(RSA *r);
Expand Down Expand Up @@ -205,6 +204,15 @@
void EC_KEY_free(EC_KEY *key);
""")

if version_info < (3, ):
ffi.cdef("""
int EVP_PKEY_size(EVP_PKEY *pkey);
""")
else:
ffi.cdef("""
int EVP_PKEY_get_size(EVP_PKEY *pkey);
""")

if version_info < (1, 1):
ffi.cdef("""
EVP_MD_CTX *EVP_MD_CTX_create(void);
Expand Down
1 change: 0 additions & 1 deletion oscrypto/_openssl/_libcrypto_ctypes.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -317,7 +317,6 @@
P_EVP_PKEY
]
libcrypto.EVP_PKEY_get_size.restype = c_int
libcrypto.EVP_PKEY_size = libcrypto.EVP_PKEY_get_size

libcrypto.EVP_PKEY_get1_RSA.argtypes = [
P_EVP_PKEY
Expand Down
32 changes: 24 additions & 8 deletions oscrypto/_openssl/asymmetric.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -928,6 +928,22 @@ def rsa_oaep_decrypt(private_key, ciphertext):
return _decrypt(private_key, ciphertext, LibcryptoConst.RSA_PKCS1_OAEP_PADDING)


def _evp_pkey_get_size(evp_pkey):
"""
Handles the function name change from OpenSSL 1.1 -> 3.0
:param evp_pkey:
The EVP_PKEY of the Certificte or PublicKey to get the size of
:return:
An int of the number of bytes necessary for the key
"""

if libcrypto_version_info < (3, ):
return libcrypto.EVP_PKEY_size(evp_pkey)
return libcrypto.EVP_PKEY_get_size(evp_pkey)


def _encrypt(certificate_or_public_key, data, padding):
"""
Encrypts plaintext using an RSA public key or certificate
Expand Down Expand Up @@ -970,7 +986,7 @@ def _encrypt(certificate_or_public_key, data, padding):
rsa = None

try:
buffer_size = libcrypto.EVP_PKEY_size(certificate_or_public_key.evp_pkey)
buffer_size = _evp_pkey_get_size(certificate_or_public_key.evp_pkey)
buffer = buffer_from_bytes(buffer_size)

rsa = libcrypto.EVP_PKEY_get1_RSA(certificate_or_public_key.evp_pkey)
Expand Down Expand Up @@ -1025,7 +1041,7 @@ def _decrypt(private_key, ciphertext, padding):
rsa = None

try:
buffer_size = libcrypto.EVP_PKEY_size(private_key.evp_pkey)
buffer_size = _evp_pkey_get_size(private_key.evp_pkey)
buffer = buffer_from_bytes(buffer_size)

rsa = libcrypto.EVP_PKEY_get1_RSA(private_key.evp_pkey)
Expand Down Expand Up @@ -1279,7 +1295,7 @@ def _verify(certificate_or_public_key, signature, data, hash_algorithm, rsa_pss_
if is_null(rsa):
handle_openssl_error(0)

buffer_size = libcrypto.EVP_PKEY_size(certificate_or_public_key.evp_pkey)
buffer_size = _evp_pkey_get_size(certificate_or_public_key.evp_pkey)
decrypted_buffer = buffer_from_bytes(buffer_size)
decrypted_length = libcrypto.RSA_public_decrypt(
len(signature),
Expand Down Expand Up @@ -1330,7 +1346,7 @@ def _verify(certificate_or_public_key, signature, data, hash_algorithm, rsa_pss_
if is_null(rsa):
handle_openssl_error(0)

buffer_size = libcrypto.EVP_PKEY_size(certificate_or_public_key.evp_pkey)
buffer_size = _evp_pkey_get_size(certificate_or_public_key.evp_pkey)
decoded_buffer = buffer_from_bytes(buffer_size)
decoded_length = libcrypto.RSA_public_decrypt(
len(signature),
Expand Down Expand Up @@ -1682,7 +1698,7 @@ def _sign(private_key, data, hash_algorithm, rsa_pss_padding=False):
if is_null(rsa):
handle_openssl_error(0)

buffer_size = libcrypto.EVP_PKEY_size(private_key.evp_pkey)
buffer_size = _evp_pkey_get_size(private_key.evp_pkey)

signature_buffer = buffer_from_bytes(buffer_size)
signature_length = libcrypto.RSA_private_encrypt(
Expand Down Expand Up @@ -1730,7 +1746,7 @@ def _sign(private_key, data, hash_algorithm, rsa_pss_padding=False):
if is_null(rsa):
handle_openssl_error(0)

buffer_size = libcrypto.EVP_PKEY_size(private_key.evp_pkey)
buffer_size = _evp_pkey_get_size(private_key.evp_pkey)
em_buffer = buffer_from_bytes(buffer_size)
res = libcrypto.RSA_padding_add_PKCS1_PSS(
rsa,
Expand All @@ -1752,7 +1768,7 @@ def _sign(private_key, data, hash_algorithm, rsa_pss_padding=False):
handle_openssl_error(signature_length)

elif private_key.algorithm == 'rsa':
buffer_size = libcrypto.EVP_PKEY_size(private_key.evp_pkey)
buffer_size = _evp_pkey_get_size(private_key.evp_pkey)
signature_buffer = buffer_from_bytes(buffer_size)
signature_length = new(libcrypto, 'unsigned int *')

Expand Down Expand Up @@ -1807,7 +1823,7 @@ def _sign(private_key, data, hash_algorithm, rsa_pss_padding=False):
handle_openssl_error(signature_length)

else:
buffer_size = libcrypto.EVP_PKEY_size(private_key.evp_pkey)
buffer_size = _evp_pkey_get_size(private_key.evp_pkey)
signature_buffer = buffer_from_bytes(buffer_size)
signature_length = new(libcrypto, 'size_t *', buffer_size)

Expand Down

0 comments on commit e074131

Please sign in to comment.