Skip to content

Commit afdba93

Browse files
alexalex
authored
Remove deprecated EC behavior (#12939)
1 parent a8915b8 commit afdba93

File tree

2 files changed

+10
-29
lines changed

2 files changed

+10
-29
lines changed

src/rust/src/backend/ec.rs

Lines changed: 9 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,6 @@ use pyo3::types::PyAnyMethods;
1010
use crate::backend::utils;
1111
use crate::buf::CffiBuf;
1212
use crate::error::{CryptographyError, CryptographyResult};
13-
use crate::utils::cstr_from_literal;
1413
use crate::{exceptions, types};
1514

1615
#[pyo3::pyclass(frozen, module = "cryptography.hazmat.bindings._rust.openssl.ec")]
@@ -30,18 +29,11 @@ pub(crate) struct ECPublicKey {
3029
fn curve_from_py_curve(
3130
py: pyo3::Python<'_>,
3231
py_curve: pyo3::Bound<'_, pyo3::PyAny>,
33-
allow_curve_class: bool,
3432
) -> CryptographyResult<openssl::ec::EcGroup> {
3533
if !py_curve.is_instance(&types::ELLIPTIC_CURVE.get(py)?)? {
36-
if allow_curve_class {
37-
let warning_cls = types::DEPRECATED_IN_42.get(py)?;
38-
let message = cstr_from_literal!("Curve argument must be an instance of an EllipticCurve class. Did you pass a class by mistake? This will be an exception in a future version of cryptography");
39-
pyo3::PyErr::warn(py, &warning_cls, message, 1)?;
40-
} else {
41-
return Err(CryptographyError::from(
42-
pyo3::exceptions::PyTypeError::new_err("curve must be an EllipticCurve instance"),
43-
));
44-
}
34+
return Err(CryptographyError::from(
35+
pyo3::exceptions::PyTypeError::new_err("curve must be an EllipticCurve instance"),
36+
));
4537
}
4638

4739
let py_curve_name = py_curve.getattr(pyo3::intern!(py, "name"))?;
@@ -119,7 +111,7 @@ fn check_key_infinity(
119111

120112
#[pyo3::pyfunction]
121113
fn curve_supported(py: pyo3::Python<'_>, py_curve: pyo3::Bound<'_, pyo3::PyAny>) -> bool {
122-
curve_from_py_curve(py, py_curve, false).is_ok()
114+
curve_from_py_curve(py, py_curve).is_ok()
123115
}
124116

125117
pub(crate) fn private_key_from_pkey(
@@ -158,7 +150,7 @@ fn generate_private_key(
158150
) -> CryptographyResult<ECPrivateKey> {
159151
let _ = backend;
160152

161-
let ossl_curve = curve_from_py_curve(py, curve, true)?;
153+
let ossl_curve = curve_from_py_curve(py, curve)?;
162154
let key = openssl::ec::EcKey::generate(&ossl_curve)?;
163155

164156
Ok(ECPrivateKey {
@@ -173,7 +165,7 @@ fn derive_private_key(
173165
py_private_value: &pyo3::Bound<'_, pyo3::types::PyInt>,
174166
py_curve: pyo3::Bound<'_, pyo3::PyAny>,
175167
) -> CryptographyResult<ECPrivateKey> {
176-
let curve = curve_from_py_curve(py, py_curve.clone(), false)?;
168+
let curve = curve_from_py_curve(py, py_curve.clone())?;
177169
let private_value = utils::py_int_to_bn(py, py_private_value)?;
178170

179171
let mut point = openssl::ec::EcPoint::new(&curve)?;
@@ -198,7 +190,7 @@ fn from_public_bytes(
198190
py_curve: pyo3::Bound<'_, pyo3::PyAny>,
199191
data: &[u8],
200192
) -> CryptographyResult<ECPublicKey> {
201-
let curve = curve_from_py_curve(py, py_curve.clone(), false)?;
193+
let curve = curve_from_py_curve(py, py_curve.clone())?;
202194

203195
let mut bn_ctx = openssl::bn::BigNumContext::new()?;
204196
let point = openssl::ec::EcPoint::from_bytes(&curve, data, &mut bn_ctx)
@@ -528,8 +520,7 @@ impl EllipticCurvePrivateNumbers {
528520
) -> CryptographyResult<ECPrivateKey> {
529521
let _ = backend;
530522

531-
let curve =
532-
curve_from_py_curve(py, self.public_numbers.get().curve.bind(py).clone(), false)?;
523+
let curve = curve_from_py_curve(py, self.public_numbers.get().curve.bind(py).clone())?;
533524
let public_key = public_key_from_numbers(py, self.public_numbers.get(), &curve)?;
534525
let private_value = utils::py_int_to_bn(py, self.private_value.bind(py))?;
535526

@@ -610,7 +601,7 @@ impl EllipticCurvePublicNumbers {
610601
) -> CryptographyResult<ECPublicKey> {
611602
let _ = backend;
612603

613-
let curve = curve_from_py_curve(py, self.curve.bind(py).clone(), false)?;
604+
let curve = curve_from_py_curve(py, self.curve.bind(py).clone())?;
614605
let public_key = public_key_from_numbers(py, self, &curve)?;
615606

616607
let pkey = openssl::pkey::PKey::from_ec_key(public_key)?;

tests/hazmat/primitives/test_ec.py

Lines changed: 1 addition & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@
1212

1313
import pytest
1414

15-
from cryptography import exceptions, utils, x509
15+
from cryptography import exceptions, x509
1616
from cryptography.hazmat.bindings._rust import openssl as rust_openssl
1717
from cryptography.hazmat.primitives import hashes, serialization
1818
from cryptography.hazmat.primitives.asymmetric import ec
@@ -239,16 +239,6 @@ def test_ec_key_key_size(backend):
239239
assert key.public_key().key_size == 256
240240

241241

242-
def test_deprecated_generate_private_key_with_curve_class(backend):
243-
# This test verifies that if you pass a curve _class_ instead of instance,
244-
# you get a warning and then `key.curve` is still an instance.
245-
_skip_curve_unsupported(backend, ec.SECP256R1())
246-
247-
with pytest.warns(utils.DeprecatedIn42):
248-
key = ec.generate_private_key(ec.SECP256R1) # type: ignore[arg-type]
249-
assert isinstance(key.curve, ec.SECP256R1)
250-
251-
252242
class TestECWithNumbers:
253243
def test_with_numbers(self, backend, subtests):
254244
vectors = itertools.product(

0 commit comments

Comments
 (0)