diff options
| -rw-r--r-- | cryptography/hazmat/backends/openssl/backend.py | 24 | ||||
| -rw-r--r-- | docs/hazmat/primitives/asymmetric/ec.rst | 2 |
2 files changed, 16 insertions, 10 deletions
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index 047ea8b2..81f944e5 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -995,19 +995,25 @@ class Backend(object): Generate a new private key on the named curve. """ - curve_nid = self._elliptic_curve_to_nid(curve) + if backend.elliptic_curve_supported(curve): + curve_nid = self._elliptic_curve_to_nid(curve) - ctx = self._lib.EC_KEY_new_by_curve_name(curve_nid) - assert ctx != self._ffi.NULL - ctx = self._ffi.gc(ctx, self._lib.EC_KEY_free) + ctx = self._lib.EC_KEY_new_by_curve_name(curve_nid) + assert ctx != self._ffi.NULL + ctx = self._ffi.gc(ctx, self._lib.EC_KEY_free) - res = self._lib.EC_KEY_generate_key(ctx) - assert res == 1 + res = self._lib.EC_KEY_generate_key(ctx) + assert res == 1 - res = self._lib.EC_KEY_check_key(ctx) - assert res == 1 + res = self._lib.EC_KEY_check_key(ctx) + assert res == 1 - return _EllipticCurvePrivateKey(self, ctx, curve) + return _EllipticCurvePrivateKey(self, ctx, curve) + else: + raise UnsupportedAlgorithm( + "Backend object does not support {0}.".format(curve.name), + _Reasons.UNSUPPORTED_ELLIPTIC_CURVE + ) def elliptic_curve_private_key_from_numbers(self, numbers): ec_key = self._ec_key_cdata_from_private_numbers(numbers) diff --git a/docs/hazmat/primitives/asymmetric/ec.rst b/docs/hazmat/primitives/asymmetric/ec.rst index 5dc7e2f0..4b3c460e 100644 --- a/docs/hazmat/primitives/asymmetric/ec.rst +++ b/docs/hazmat/primitives/asymmetric/ec.rst @@ -116,7 +116,7 @@ Elliptic Curve Signature Algorithms >>> from cryptography.hazmat.primitives import hashes >>> from cryptography.hazmat.primitives.asymmetric import ec >>> private_key = ec.generate_private_key( - ... ec.SECT283K1(), default_backend() + ... ec.SECP384R1(), default_backend() ... ) >>> signer = private_key.signer(ec.ECDSA(hashes.SHA256())) >>> signer.update(b"this is some data I'd like") |