diff options
author | Alex Gaynor <alex.gaynor@gmail.com> | 2016-12-13 21:05:35 -0500 |
---|---|---|
committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2016-12-13 20:05:35 -0600 |
commit | 0e8cdf1023f6e2045de444b1c7e09f40cccf019e (patch) | |
tree | eb6241baa5c66447c988a5c45fed7f0cb77b8022 /src/cryptography/hazmat/backends/openssl/ec.py | |
parent | 874445aea9e2d07a94444855ccfeaa3082de26a9 (diff) | |
download | cryptography-0e8cdf1023f6e2045de444b1c7e09f40cccf019e.tar.gz cryptography-0e8cdf1023f6e2045de444b1c7e09f40cccf019e.tar.bz2 cryptography-0e8cdf1023f6e2045de444b1c7e09f40cccf019e.zip |
Drop 1.0.0 (#3312)
* delete the 1.0.0 support
* drop the version check
* drop the AES-CTR stuff
* Update the example
* openssl truncates for us now
* delete unused test
* unused imports
* Remove a bunch of conditional bindings for NPN
* no more 1.0.0 builders
* libressl fix
* update the docs
* remove dead branches
* oops
* this is a word, damnit
* spelling
* try removing this
* this test is not needed
* unused import
Diffstat (limited to 'src/cryptography/hazmat/backends/openssl/ec.py')
-rw-r--r-- | src/cryptography/hazmat/backends/openssl/ec.py | 39 |
1 files changed, 1 insertions, 38 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/ec.py b/src/cryptography/hazmat/backends/openssl/ec.py index 5969f2a3..f2b52492 100644 --- a/src/cryptography/hazmat/backends/openssl/ec.py +++ b/src/cryptography/hazmat/backends/openssl/ec.py @@ -9,7 +9,7 @@ from cryptography.exceptions import ( InvalidSignature, UnsupportedAlgorithm, _Reasons ) from cryptography.hazmat.backends.openssl.utils import ( - _calculate_digest_and_algorithm, _truncate_digest + _calculate_digest_and_algorithm ) from cryptography.hazmat.primitives import hashes, serialization from cryptography.hazmat.primitives.asymmetric import ( @@ -17,31 +17,6 @@ from cryptography.hazmat.primitives.asymmetric import ( ) -def _truncate_digest_for_ecdsa(ec_key_cdata, digest, backend): - """ - This function truncates digests that are longer than a given elliptic - curve key's length so they can be signed. Since elliptic curve keys are - much shorter than RSA keys many digests (e.g. SHA-512) may require - truncation. - """ - - _lib = backend._lib - _ffi = backend._ffi - - group = _lib.EC_KEY_get0_group(ec_key_cdata) - - with backend._tmp_bn_ctx() as bn_ctx: - order = _lib.BN_CTX_get(bn_ctx) - backend.openssl_assert(order != _ffi.NULL) - - res = _lib.EC_GROUP_get_order(group, order, bn_ctx) - backend.openssl_assert(res == 1) - - order_bits = _lib.BN_num_bits(order) - - return _truncate_digest(digest, order_bits) - - def _check_signature_algorithm(signature_algorithm): if not isinstance(signature_algorithm, ec.ECDSA): raise UnsupportedAlgorithm( @@ -127,9 +102,6 @@ class _ECDSASignatureContext(object): def finalize(self): digest = self._digest.finalize() - digest = _truncate_digest_for_ecdsa( - self._private_key._ec_key, digest, self._backend - ) return _ecdsa_sig_sign(self._backend, self._private_key, digest) @@ -146,9 +118,6 @@ class _ECDSAVerificationContext(object): def verify(self): digest = self._digest.finalize() - digest = _truncate_digest_for_ecdsa( - self._public_key._ec_key, digest, self._backend - ) return _ecdsa_sig_verify( self._backend, self._public_key, self._signature, digest ) @@ -247,9 +216,6 @@ class _EllipticCurvePrivateKey(object): data, algorithm = _calculate_digest_and_algorithm( self._backend, data, signature_algorithm._algorithm ) - data = _truncate_digest_for_ecdsa( - self._ec_key, data, self._backend - ) return _ecdsa_sig_sign(self._backend, self, data) @@ -317,7 +283,4 @@ class _EllipticCurvePublicKey(object): data, algorithm = _calculate_digest_and_algorithm( self._backend, data, signature_algorithm._algorithm ) - data = _truncate_digest_for_ecdsa( - self._ec_key, data, self._backend - ) return _ecdsa_sig_verify(self._backend, self, signature, data) |