diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2014-09-25 18:09:24 -0400 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2014-09-25 18:09:24 -0400 |
| commit | ebcb0a2c83bb373dd6be2022b2c7646f5f4599f5 (patch) | |
| tree | 845117930f42934e327e2719b52a00116a346662 | |
| parent | d31446085ba34f5bacf2631c8adab1ab491bee2e (diff) | |
| parent | 610da6e4ebbd803086a4f52500458d30916a849a (diff) | |
| download | cryptography-ebcb0a2c83bb373dd6be2022b2c7646f5f4599f5.tar.gz cryptography-ebcb0a2c83bb373dd6be2022b2c7646f5f4599f5.tar.bz2 cryptography-ebcb0a2c83bb373dd6be2022b2c7646f5f4599f5.zip | |
Merge pull request #1349 from reaperhulk/more-ctx-mger
switch truncate_digest_for_ecdsa to context manager
| -rw-r--r-- | cryptography/hazmat/backends/openssl/ec.py | 22 |
1 files changed, 13 insertions, 9 deletions
diff --git a/cryptography/hazmat/backends/openssl/ec.py b/cryptography/hazmat/backends/openssl/ec.py index b7cd9802..51fc8f4b 100644 --- a/cryptography/hazmat/backends/openssl/ec.py +++ b/cryptography/hazmat/backends/openssl/ec.py @@ -24,6 +24,13 @@ from cryptography.hazmat.primitives.asymmetric import ec def _truncate_digest_for_ecdsa(ec_key_cdata, digest, backend): + """ + This function truncates digests that are longer than a given elliptic + curve key's length so they can be signed. Since elliptic curve keys are + much shorter than RSA keys many digests (e.g. SHA-512) may require + truncation. + """ + _lib = backend._lib _ffi = backend._ffi @@ -31,17 +38,14 @@ def _truncate_digest_for_ecdsa(ec_key_cdata, digest, backend): group = _lib.EC_KEY_get0_group(ec_key_cdata) - bn_ctx = _lib.BN_CTX_new() - assert bn_ctx != _ffi.NULL - bn_ctx = _ffi.gc(bn_ctx, _lib.BN_CTX_free) - - order = _lib.BN_CTX_get(bn_ctx) - assert order != _ffi.NULL + with backend._bn_ctx_manager() as bn_ctx: + order = _lib.BN_CTX_get(bn_ctx) + assert order != _ffi.NULL - res = _lib.EC_GROUP_get_order(group, order, bn_ctx) - assert res == 1 + res = _lib.EC_GROUP_get_order(group, order, bn_ctx) + assert res == 1 - order_bits = _lib.BN_num_bits(order) + order_bits = _lib.BN_num_bits(order) if 8 * digest_len > order_bits: digest_len = (order_bits + 7) // 8 |