Cleanup _encode_asn1_str_gc: don't require the length as an argument (#4484)
* Cleanup _encode_asn1_str_gc: don't require the length as an argument
* Apply the same cleanup to _encode_asn1_str
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index f374a8e..8118cad 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -961,17 +961,15 @@
def _create_x509_extension(self, handlers, extension):
if isinstance(extension.value, x509.UnrecognizedExtension):
- value = _encode_asn1_str_gc(
- self, extension.value.value, len(extension.value.value)
- )
+ value = _encode_asn1_str_gc(self, extension.value.value)
return self._create_raw_x509_extension(extension, value)
elif isinstance(extension.value, x509.TLSFeature):
asn1 = _Integers([x.value for x in extension.value]).dump()
- value = _encode_asn1_str_gc(self, asn1, len(asn1))
+ value = _encode_asn1_str_gc(self, asn1)
return self._create_raw_x509_extension(extension, value)
elif isinstance(extension.value, x509.PrecertPoison):
asn1 = asn1crypto.core.Null().dump()
- value = _encode_asn1_str_gc(self, asn1, len(asn1))
+ value = _encode_asn1_str_gc(self, asn1)
return self._create_raw_x509_extension(extension, value)
else:
try:
diff --git a/src/cryptography/hazmat/backends/openssl/encode_asn1.py b/src/cryptography/hazmat/backends/openssl/encode_asn1.py
index 896ea05..91852df 100644
--- a/src/cryptography/hazmat/backends/openssl/encode_asn1.py
+++ b/src/cryptography/hazmat/backends/openssl/encode_asn1.py
@@ -44,12 +44,12 @@
return i
-def _encode_asn1_str(backend, data, length):
+def _encode_asn1_str(backend, data):
"""
Create an ASN1_OCTET_STRING from a Python byte string.
"""
s = backend._lib.ASN1_OCTET_STRING_new()
- res = backend._lib.ASN1_OCTET_STRING_set(s, data, length)
+ res = backend._lib.ASN1_OCTET_STRING_set(s, data, len(data))
backend.openssl_assert(res == 1)
return s
@@ -68,8 +68,8 @@
return s
-def _encode_asn1_str_gc(backend, data, length):
- s = _encode_asn1_str(backend, data, length)
+def _encode_asn1_str_gc(backend, data):
+ s = _encode_asn1_str(backend, data)
s = backend._ffi.gc(s, backend._lib.ASN1_OCTET_STRING_free)
return s
@@ -184,7 +184,6 @@
pqi.d.cpsuri = _encode_asn1_str(
backend,
qualifier.encode("ascii"),
- len(qualifier.encode("ascii"))
)
else:
assert isinstance(qualifier, x509.UserNotice)
@@ -289,7 +288,6 @@
akid.keyid = _encode_asn1_str(
backend,
authority_keyid.key_identifier,
- len(authority_keyid.key_identifier)
)
if authority_keyid.authority_cert_issuer is not None:
@@ -359,7 +357,7 @@
def _encode_subject_key_identifier(backend, ski):
- return _encode_asn1_str_gc(backend, ski.digest, len(ski.digest))
+ return _encode_asn1_str_gc(backend, ski.digest)
def _encode_general_name(backend, name):
@@ -407,7 +405,7 @@
)
else:
packed = name.value.packed
- ipaddr = _encode_asn1_str(backend, packed, len(packed))
+ ipaddr = _encode_asn1_str(backend, packed)
gn.type = backend._lib.GEN_IPADD
gn.d.iPAddress = ipaddr
elif isinstance(name, x509.OtherName):
@@ -439,7 +437,7 @@
# ia5strings are supposed to be ITU T.50 but to allow round-tripping
# of broken certs that encode utf8 we'll encode utf8 here too.
data = name.value.encode("utf8")
- asn1_str = _encode_asn1_str(backend, data, len(data))
+ asn1_str = _encode_asn1_str(backend, data)
gn.type = backend._lib.GEN_EMAIL
gn.d.rfc822Name = asn1_str
elif isinstance(name, x509.UniformResourceIdentifier):
@@ -448,7 +446,7 @@
# ia5strings are supposed to be ITU T.50 but to allow round-tripping
# of broken certs that encode utf8 we'll encode utf8 here too.
data = name.value.encode("utf8")
- asn1_str = _encode_asn1_str(backend, data, len(data))
+ asn1_str = _encode_asn1_str(backend, data)
gn.type = backend._lib.GEN_URI
gn.d.uniformResourceIdentifier = asn1_str
else: