Merge pull request #1712 from reaperhulk/serialize-dsa-private-key

serialize DSA private keys
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 053e755..ccc2e20 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -78,6 +78,7 @@
   support loading DER encoded public keys.
 * Fixed building against LibreSSL, a compile-time substitute for OpenSSL.
 * FreeBSD 9.2 was removed from the continuous integration system.
+* Updated Windows wheels to be compiled against OpenSSL 1.0.2.
 * Added
   :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKeyWithSerialization`
   and deprecated
diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst
index a0849a4..3d40a21 100644
--- a/docs/development/test-vectors.rst
+++ b/docs/development/test-vectors.rst
@@ -33,6 +33,9 @@
     `unenc-rsa-pkcs8.pem`_, `pkcs12_s2k_pem.c`_. The contents of
     `enc2-rsa-pkcs8.pem`_ was re-encrypted using a stronger PKCS#8 cipher.
   * `Botan's ECC private keys`_.
+* `asymmetric/public/PKCS1/dsa.pub.pem`_ is a PKCS1 DSA public key from the
+  Ruby test suite.
+
 
 Custom Asymmetric Vectors
 ~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -71,7 +74,9 @@
   `OpenSSL example key`_ for RSA.
 * DER conversions of `enc-rsa-pkcs8.pem`_, `enc2-rsa-pkcs8.pem`_, and
   `unenc-rsa-pkcs8.pem`_.
-
+* ``asymmetric/public/PKCS1/rsa.pub.pem`` and
+  ``asymmetric/public/PKCS1/rsa.pub.der`` are PKCS1 conversions of the public
+  key from ``asymmetric/PKCS8/unenc-rsa-pkcs8.pem`` using PEM and DER encoding.
 
 X.509
 ~~~~~
@@ -221,7 +226,7 @@
 .. _`draft RFC`: https://tools.ietf.org/html/draft-josefsson-scrypt-kdf-01
 .. _`Specification repository`: https://github.com/fernet/spec
 .. _`errata`: http://www.rfc-editor.org/errata_search.php?rfc=6238
-.. _`OpenSSL example key`: http://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=test/testrsa.pem;h=aad21067a8f7cb93a52a511eb9162fd83be39135;hb=66e8211c0b1347970096e04b18aa52567c325200
+.. _`OpenSSL example key`: https://github.com/openssl/openssl/blob/d02b48c63a58ea4367a0e905979f140b7d090f86/test/testrsa.pem
 .. _`GnuTLS key parsing tests`: https://gitorious.org/gnutls/gnutls/commit/f16ef39ef0303b02d7fa590a37820440c466ce8d
 .. _`enc-rsa-pkcs8.pem`: https://gitorious.org/gnutls/gnutls/source/f8d943b38bf74eaaa11d396112daf43cb8aa82ae:tests/pkcs8-decode/encpkcs8.pem
 .. _`enc2-rsa-pkcs8.pem`: https://gitorious.org/gnutls/gnutls/source/f8d943b38bf74eaaa11d396112daf43cb8aa82ae:tests/pkcs8-decode/enc2pkcs8.pem
@@ -237,3 +242,4 @@
 .. _`testx509.pem`: https://github.com/openssl/openssl/blob/master/test/testx509.pem
 .. _`DigiCert Global Root G3`: http://cacerts.digicert.com/DigiCertGlobalRootG3.crt
 .. _`root data`: https://hg.mozilla.org/projects/nss/file/25b2922cc564/security/nss/lib/ckfw/builtins/certdata.txt#l2053
+.. _`asymmetric/public/PKCS1/dsa.pub.pem`: https://github.com/ruby/ruby/blob/4ccb387f3bc436a08fc6d72c4931994f5de95110/test/openssl/test_pkey_dsa.rb#L53
diff --git a/docs/limitations.rst b/docs/limitations.rst
index ce61d89..0dfc49c 100644
--- a/docs/limitations.rst
+++ b/docs/limitations.rst
@@ -16,4 +16,4 @@
 consider this a high risk for most users.
 
 .. _`Memory wiping`:  http://blogs.msdn.com/b/oldnewthing/archive/2013/05/29/10421912.aspx
-.. _`CERT secure coding guidelines`: https://www.securecoding.cert.org/confluence/display/seccode/MEM03-C.+Clear+sensitive+information+stored+in+reusable+resources
+.. _`CERT secure coding guidelines`: https://www.securecoding.cert.org/confluence/display/c/MEM03-C.+Clear+sensitive+information+stored+in+reusable+resources
diff --git a/src/cryptography/hazmat/primitives/padding.py b/src/cryptography/hazmat/primitives/padding.py
index 8ad64de..6247f7b 100644
--- a/src/cryptography/hazmat/primitives/padding.py
+++ b/src/cryptography/hazmat/primitives/padding.py
@@ -6,6 +6,8 @@
 
 import abc
 
+import os
+
 import six
 
 from cryptography import utils
@@ -13,47 +15,11 @@
 from cryptography.hazmat.bindings.utils import LazyLibrary, build_ffi
 
 
-TYPES = """
-uint8_t Cryptography_check_pkcs7_padding(const uint8_t *, uint8_t);
-"""
+with open(os.path.join(os.path.dirname(__file__), "src/padding.h")) as f:
+    TYPES = f.read()
 
-FUNCTIONS = """
-/* Returns the value of the input with the most-significant-bit copied to all
-   of the bits. */
-static uint8_t Cryptography_DUPLICATE_MSB_TO_ALL(uint8_t a) {
-    return (1 - (a >> (sizeof(uint8_t) * 8 - 1))) - 1;
-}
-
-/* This returns 0xFF if a < b else 0x00, but does so in a constant time
-   fashion */
-static uint8_t Cryptography_constant_time_lt(uint8_t a, uint8_t b) {
-    a -= b;
-    return Cryptography_DUPLICATE_MSB_TO_ALL(a);
-}
-
-uint8_t Cryptography_check_pkcs7_padding(const uint8_t *data,
-                                         uint8_t block_len) {
-    uint8_t i;
-    uint8_t pad_size = data[block_len - 1];
-    uint8_t mismatch = 0;
-    for (i = 0; i < block_len; i++) {
-        unsigned int mask = Cryptography_constant_time_lt(i, pad_size);
-        uint8_t b = data[block_len - 1 - i];
-        mismatch |= (mask & (pad_size ^ b));
-    }
-
-    /* Check to make sure the pad_size was within the valid range. */
-    mismatch |= ~Cryptography_constant_time_lt(0, pad_size);
-    mismatch |= Cryptography_constant_time_lt(block_len, pad_size);
-
-    /* Make sure any bits set are copied to the lowest bit */
-    mismatch |= mismatch >> 4;
-    mismatch |= mismatch >> 2;
-    mismatch |= mismatch >> 1;
-    /* Now check the low bit to see if it's set */
-    return (mismatch & 1) == 0;
-}
-"""
+with open(os.path.join(os.path.dirname(__file__), "src/padding.c")) as f:
+    FUNCTIONS = f.read()
 
 
 _ffi = build_ffi(cdef_source=TYPES, verify_source=FUNCTIONS)
diff --git a/src/cryptography/hazmat/primitives/src/padding.c b/src/cryptography/hazmat/primitives/src/padding.c
new file mode 100644
index 0000000..570bad9
--- /dev/null
+++ b/src/cryptography/hazmat/primitives/src/padding.c
@@ -0,0 +1,39 @@
+// This file is dual licensed under the terms of the Apache License, Version
+// 2.0, and the BSD License. See the LICENSE file in the root of this
+// repository for complete details.
+
+/* Returns the value of the input with the most-significant-bit copied to all
+   of the bits. */
+static uint8_t Cryptography_DUPLICATE_MSB_TO_ALL(uint8_t a) {
+    return (1 - (a >> (sizeof(uint8_t) * 8 - 1))) - 1;
+}
+
+/* This returns 0xFF if a < b else 0x00, but does so in a constant time
+   fashion */
+static uint8_t Cryptography_constant_time_lt(uint8_t a, uint8_t b) {
+    a -= b;
+    return Cryptography_DUPLICATE_MSB_TO_ALL(a);
+}
+
+uint8_t Cryptography_check_pkcs7_padding(const uint8_t *data,
+                                         uint8_t block_len) {
+    uint8_t i;
+    uint8_t pad_size = data[block_len - 1];
+    uint8_t mismatch = 0;
+    for (i = 0; i < block_len; i++) {
+        unsigned int mask = Cryptography_constant_time_lt(i, pad_size);
+        uint8_t b = data[block_len - 1 - i];
+        mismatch |= (mask & (pad_size ^ b));
+    }
+
+    /* Check to make sure the pad_size was within the valid range. */
+    mismatch |= ~Cryptography_constant_time_lt(0, pad_size);
+    mismatch |= Cryptography_constant_time_lt(block_len, pad_size);
+
+    /* Make sure any bits set are copied to the lowest bit */
+    mismatch |= mismatch >> 4;
+    mismatch |= mismatch >> 2;
+    mismatch |= mismatch >> 1;
+    /* Now check the low bit to see if it's set */
+    return (mismatch & 1) == 0;
+}
diff --git a/src/cryptography/hazmat/primitives/src/padding.h b/src/cryptography/hazmat/primitives/src/padding.h
new file mode 100644
index 0000000..4d218b1
--- /dev/null
+++ b/src/cryptography/hazmat/primitives/src/padding.h
@@ -0,0 +1,5 @@
+// This file is dual licensed under the terms of the Apache License, Version
+// 2.0, and the BSD License. See the LICENSE file in the root of this
+// repository for complete details.
+
+uint8_t Cryptography_check_pkcs7_padding(const uint8_t *, uint8_t);
diff --git a/vectors/cryptography_vectors/asymmetric/public/PKCS1/dsa.pub.pem b/vectors/cryptography_vectors/asymmetric/public/PKCS1/dsa.pub.pem
new file mode 100644
index 0000000..a2ce0bb
--- /dev/null
+++ b/vectors/cryptography_vectors/asymmetric/public/PKCS1/dsa.pub.pem
@@ -0,0 +1,7 @@
+-----BEGIN DSA PUBLIC KEY-----
+MIHfAkEAyJSJ+g+P/knVcgDwwTzC7Pwg/pWs2EMd/r+lYlXhNfzg0biuXRul8VR4
+VUC/phySExY0PdcqItkR/xYAYNMbNwJBAOoV57X0FxKO/PrNa/MkoWzkCKV/hzhE
+p0zbFdsicw+hIjJ7S6Sd/FlDlo89HQZ2FuvWJ6wGLM1j00r39+F2qbMCFQCrkhIX
+SG+is37hz1IaBeEudjB2HQJAR0AloavBvtsng8obsjLb7EKnB+pSeHr/BdIQ3VH7
+fWLOqqkzFeRrYMDzUpl36XktY6Yq8EJYlW9pCMmBVNy/dQ==
+-----END DSA PUBLIC KEY-----
diff --git a/vectors/cryptography_vectors/asymmetric/public/PKCS1/rsa.pub.der b/vectors/cryptography_vectors/asymmetric/public/PKCS1/rsa.pub.der
new file mode 100644
index 0000000..4bccbb2
--- /dev/null
+++ b/vectors/cryptography_vectors/asymmetric/public/PKCS1/rsa.pub.der
Binary files differ
diff --git a/vectors/cryptography_vectors/asymmetric/public/PKCS1/rsa.pub.pem b/vectors/cryptography_vectors/asymmetric/public/PKCS1/rsa.pub.pem
new file mode 100644
index 0000000..6db528c
--- /dev/null
+++ b/vectors/cryptography_vectors/asymmetric/public/PKCS1/rsa.pub.pem
@@ -0,0 +1,5 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIGJAoGBALskegl+DrI3Msw5Z63xnj1rgoPR0KykwBi+jZgAwHv/B0TJyhy6NuEn
+af+x442L7lepOqoWQzlUGXyuaSQU9mT/vHTGZ2xM8QJJaccr4eGho0MU9HePyNCF
+WjWVrGKpwSEAd6CLlzC0Wiy4kC9IoAUoS/IPjeyLTQNCddatgcARAgMBAAE=
+-----END RSA PUBLIC KEY-----