From 798c03456d6f1fa8f27433a7e3928d583e1e120f Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Wed, 19 Mar 2014 18:41:35 -0400
Subject: document the ValueError

---
 cryptography/hazmat/backends/openssl/backend.py | 4 ++--
 docs/hazmat/primitives/asymmetric/rsa.rst       | 6 ++++++
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index d7c0f882..fa50fcab 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -712,7 +712,6 @@ class _RSASignatureContext(object):
     def __init__(self, backend, private_key, padding, algorithm):
         self._backend = backend
         self._private_key = private_key
-        key_size_bytes = int(math.ceil(private_key.key_size / 8.0))
 
         if not isinstance(padding, interfaces.AsymmetricPadding):
             raise TypeError(
@@ -732,6 +731,7 @@ class _RSASignatureContext(object):
 
             # Size of key in bytes - 2 is the maximum
             # PSS signature length (salt length is checked later)
+            key_size_bytes = int(math.ceil(private_key.key_size / 8.0))
             if key_size_bytes - algorithm.digest_size - 2 < 0:
                 raise ValueError("Digest too large for key size.")
 
@@ -891,7 +891,6 @@ class _RSAVerificationContext(object):
         self._backend = backend
         self._public_key = public_key
         self._signature = signature
-        key_size_bytes = int(math.ceil(public_key.key_size / 8.0))
 
         if not isinstance(padding, interfaces.AsymmetricPadding):
             raise TypeError(
@@ -911,6 +910,7 @@ class _RSAVerificationContext(object):
 
             # Size of key in bytes - 2 is the maximum
             # PSS signature length (salt length is checked later)
+            key_size_bytes = int(math.ceil(public_key.key_size / 8.0))
             if key_size_bytes - algorithm.digest_size - 2 < 0:
                 raise ValueError("Digest too large for key size.")
 
diff --git a/docs/hazmat/primitives/asymmetric/rsa.rst b/docs/hazmat/primitives/asymmetric/rsa.rst
index dbb0da4f..57c8eec2 100644
--- a/docs/hazmat/primitives/asymmetric/rsa.rst
+++ b/docs/hazmat/primitives/asymmetric/rsa.rst
@@ -108,6 +108,9 @@ RSA
             :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
             provider.
 
+        :raises ValueError: This is raised when the chosen hash algorithm is
+            too large for the key size.
+
         :raises UnsupportedHash: This is raised when the backend does not
             support the chosen hash algorithm. If the padding is
             :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`
@@ -210,6 +213,9 @@ RSA
             :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding`
             provider.
 
+        :raises ValueError: This is raised when the chosen hash algorithm is
+            too large for the key size.
+
         :raises UnsupportedHash: This is raised when the backend does not
             support the chosen hash algorithm. If the padding is
             :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`
-- 
cgit v1.2.3