diff options
| -rw-r--r-- | cryptography/hazmat/backends/openssl/backend.py | 24 | ||||
| -rw-r--r-- | docs/hazmat/primitives/asymmetric/ec.rst | 2 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_ec.py | 10 |
3 files changed, 26 insertions, 10 deletions
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index 2a7e3cc4..41be88a0 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -984,19 +984,25 @@ class Backend(object): Generate a new private key on the named curve. """ - curve_nid = self._elliptic_curve_to_nid(curve) + if backend.elliptic_curve_supported(curve): + curve_nid = self._elliptic_curve_to_nid(curve) - ctx = self._lib.EC_KEY_new_by_curve_name(curve_nid) - assert ctx != self._ffi.NULL - ctx = self._ffi.gc(ctx, self._lib.EC_KEY_free) + ctx = self._lib.EC_KEY_new_by_curve_name(curve_nid) + assert ctx != self._ffi.NULL + ctx = self._ffi.gc(ctx, self._lib.EC_KEY_free) - res = self._lib.EC_KEY_generate_key(ctx) - assert res == 1 + res = self._lib.EC_KEY_generate_key(ctx) + assert res == 1 - res = self._lib.EC_KEY_check_key(ctx) - assert res == 1 + res = self._lib.EC_KEY_check_key(ctx) + assert res == 1 - return _EllipticCurvePrivateKey(self, ctx, curve) + return _EllipticCurvePrivateKey(self, ctx, curve) + else: + raise UnsupportedAlgorithm( + "Backend object does not support {0}.".format(curve.name), + _Reasons.UNSUPPORTED_ELLIPTIC_CURVE + ) def elliptic_curve_private_key_from_numbers(self, numbers): ec_key = self._ec_key_cdata_from_private_numbers(numbers) diff --git a/docs/hazmat/primitives/asymmetric/ec.rst b/docs/hazmat/primitives/asymmetric/ec.rst index 5dc7e2f0..4b3c460e 100644 --- a/docs/hazmat/primitives/asymmetric/ec.rst +++ b/docs/hazmat/primitives/asymmetric/ec.rst @@ -116,7 +116,7 @@ Elliptic Curve Signature Algorithms >>> from cryptography.hazmat.primitives import hashes >>> from cryptography.hazmat.primitives.asymmetric import ec >>> private_key = ec.generate_private_key( - ... ec.SECT283K1(), default_backend() + ... ec.SECP384R1(), default_backend() ... ) >>> signer = private_key.signer(ec.ECDSA(hashes.SHA256())) >>> signer.update(b"this is some data I'd like") diff --git a/tests/hazmat/primitives/test_ec.py b/tests/hazmat/primitives/test_ec.py index 2690e794..e425ec8d 100644 --- a/tests/hazmat/primitives/test_ec.py +++ b/tests/hazmat/primitives/test_ec.py @@ -302,3 +302,13 @@ class TestECDSAVectors(object): verifier.verify() else: verifier.verify() + + +@pytest.mark.elliptic +def test_generate_elliptic_curve_private_key(backend): + with raises_unsupported_algorithm( + exceptions._Reasons.UNSUPPORTED_ELLIPTIC_CURVE + ): + ec.generate_private_key( + DummyCurve(), backend + ) |