check method of private keys

Bug #376051 reported by rick_dean
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Fix Released

Bug Description

Here is a patch to implement the RSA key checking functionality
of "openssl rsa -in somekey.pem -check -noout".

The openssl library (and applications) do not have the equivalent
functionality for DSA private keys, so attempting to check one produces
a TypeError exception.

Automated unit test cases are included, but I don't actually
have an inconsistent RSA key to test with, so the
failure explanation is not as detailed as the openssl app.

Revision history for this message
rick_dean (rick-fdd) wrote :
Revision history for this message
rick_dean (rick-fdd) wrote :

This patch add support for "openssl rsa -noout -modulus" and
"openssl dsa -noout -modulus". The patch applies on to of the
"-check" patch.

X509 seem to use "get_" in it's method names, but
PKey does not (see type()). This patch continues that
convention, but I'm open to change.

This patch duplicates the _runopenssl() function
definition in it's test case, but there is clearly
a better solution, although it would be
harder to merge.

Revision history for this message
Jean-Paul Calderone (exarkun) wrote :

The modulus patch confuses me a bit. It seems to be a faithful reimplementation of "openssl rsa -modulus" and "openssl dsa -modulus", but *those* options make little sense to me. Or rather, the RSA version makes sense, since RSA keys have something that can be referred to as a "modulus" with little confusion. Why you would make up the name "modulus" for the "public key components" of a DSA key is beyond me, though.

A use case would probably help clarify things. Meanwhile, I'll apply the `check` patch and resolve this ticket and push the `modulus` part to a branch so it can be dealt with easily when someone understands it. :)

Revision history for this message
Jean-Paul Calderone (exarkun) wrote :

PKey.check added. lp:~exarkun/pyopenssl/pkey-modulus has the modulus changes.

Changed in pyopenssl:
milestone: none → 0.13
status: New → Fix Committed
Changed in pyopenssl:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.