def _truncate_digest_for_dsa(dsa_cdata, digest, backend): """ This function truncates digests that are longer than a given DS key's length so they can be signed. OpenSSL does this for us in 1.0.0c+ and it isn't needed in 0.9.8, but that leaves us with three releases (1.0.0, 1.0.0a, and 1.0.0b) where this is a problem. This truncation is not required in 0.9.8 because DSA is limited to SHA-1. """ order_bits = backend._lib.BN_num_bits(dsa_cdata.q) return _truncate_digest(digest, order_bits)
def _truncate_digest_for_dsa(dsa_cdata, digest, backend): """ This function truncates digests that are longer than a given DS key's length so they can be signed. OpenSSL does this for us in 1.0.0c+ and it isn't needed in 0.9.8, but that leaves us with three releases (1.0.0, 1.0.0a, and 1.0.0b) where this is a problem. This truncation is not required in 0.9.8 because DSA is limited to SHA-1. """ order_bits = backend._lib.BN_num_bits(dsa_cdata.q) return _truncate_digest(digest, order_bits)
def _truncate_digest_for_dsa(dsa_cdata, digest, backend): """ This function truncates digests that are longer than a given DS key's length so they can be signed. OpenSSL does this for us in 1.0.0c+, leaving us with three releases (1.0.0, 1.0.0a, and 1.0.0b) where this is a problem. """ q = backend._ffi.new("BIGNUM **") backend._lib.DSA_get0_pqg(dsa_cdata, backend._ffi.NULL, q, backend._ffi.NULL) backend.openssl_assert(q[0] != backend._ffi.NULL) order_bits = backend._lib.BN_num_bits(q[0]) return _truncate_digest(digest, order_bits)
def _truncate_digest_for_dsa(dsa_cdata, digest, backend): """ This function truncates digests that are longer than a given DS key's length so they can be signed. OpenSSL does this for us in 1.0.0c+, leaving us with three releases (1.0.0, 1.0.0a, and 1.0.0b) where this is a problem. """ q = backend._ffi.new("BIGNUM **") backend._lib.DSA_get0_pqg( dsa_cdata, backend._ffi.NULL, q, backend._ffi.NULL ) backend.openssl_assert(q[0] != backend._ffi.NULL) order_bits = backend._lib.BN_num_bits(q[0]) return _truncate_digest(digest, order_bits)
def _truncate_digest_for_dsa(dsa_cdata, digest, backend): """ This function truncates digests that are longer than a given DS key's length so they can be signed. OpenSSL does this for us in 1.0.0c+ and it isn't needed in 0.9.8, but that leaves us with three releases (1.0.0, 1.0.0a, and 1.0.0b) where this is a problem. This truncation is not required in 0.9.8 because DSA is limited to SHA-1. """ q = backend._ffi.new("BIGNUM **") backend._lib.DSA_get0_pqg(dsa_cdata, backend._ffi.NULL, q, backend._ffi.NULL) backend.openssl_assert(q[0] != backend._ffi.NULL) order_bits = backend._lib.BN_num_bits(q[0]) return _truncate_digest(digest, order_bits)
def _truncate_digest_for_dsa(dsa_cdata, digest, backend): """ This function truncates digests that are longer than a given DS key's length so they can be signed. OpenSSL does this for us in 1.0.0c+ and it isn't needed in 0.9.8, but that leaves us with three releases (1.0.0, 1.0.0a, and 1.0.0b) where this is a problem. This truncation is not required in 0.9.8 because DSA is limited to SHA-1. """ q = backend._ffi.new("BIGNUM **") backend._lib.DSA_get0_pqg( dsa_cdata, backend._ffi.NULL, q, backend._ffi.NULL ) backend.openssl_assert(q[0] != backend._ffi.NULL) order_bits = backend._lib.BN_num_bits(q[0]) return _truncate_digest(digest, order_bits)
def _truncate_digest_for_ecdsa(ec_key_cdata, digest, backend): """ This function truncates digests that are longer than a given elliptic curve key's length so they can be signed. Since elliptic curve keys are much shorter than RSA keys many digests (e.g. SHA-512) may require truncation. """ _lib = backend._lib _ffi = backend._ffi group = _lib.EC_KEY_get0_group(ec_key_cdata) with backend._tmp_bn_ctx() as bn_ctx: order = _lib.BN_CTX_get(bn_ctx) backend.openssl_assert(order != _ffi.NULL) res = _lib.EC_GROUP_get_order(group, order, bn_ctx) backend.openssl_assert(res == 1) order_bits = _lib.BN_num_bits(order) return _truncate_digest(digest, order_bits)