Address review comments

pyca · Feb 21, 2024 · b8dfa6c · b8dfa6c
1 parent bbb99e0
commit b8dfa6c
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 14 deletions.
diff --git a/docs/hazmat/primitives/asymmetric/ec.rst b/docs/hazmat/primitives/asymmetric/ec.rst
@@ -49,7 +49,10 @@ Elliptic Curve Signature Algorithms
 
     :param bool deterministic_signing: A boolean flag defaulting to ``False``
         that specifies whether the signing procedure should be deterministic
-        or not, as defined in :rfc:`6979`.
+        or not, as defined in :rfc:`6979`. This only impacts the signing
+        process, verification is not affected (the verification process
+        is the same for both deterministic and non-deterministic signed
+        messages).
 
         .. versionadded:: 43.0.0
 

diff --git a/src/rust/src/backend/ec.rs b/src/rust/src/backend/ec.rs
@@ -273,7 +273,6 @@ impl ECPrivateKey {
                 )),
             ));
         }
-
         let (data, _algo) = utils::calculate_digest_and_algorithm(
             py,
             data.as_bytes(),
@@ -287,17 +286,18 @@ impl ECPrivateKey {
             .extract()?;
         cfg_if::cfg_if! {
             if #[cfg(CRYPTOGRAPHY_OPENSSL_320_OR_GREATER)]{
-                match deterministic {
-                    true => {
-                        let hash_function_name = _algo.getattr(pyo3::intern!(py, "name"))?.extract::<&str>()?;
-                        let hash_function = openssl::md::Md::fetch(None, hash_function_name, None)?;
-                        // Setting a deterministic nonce type requires to explicitly set the hash function.
-                        // See https://github.com/openssl/openssl/issues/23205
-                        signer.set_signature_md(&hash_function)?;
-                        signer.set_nonce_type(openssl::pkey_ctx::NonceType::DETERMINISTIC_K)?;
-                        },
-                    false => signer.set_nonce_type(openssl::pkey_ctx::NonceType::RANDOM_K)?,
-                };
+                if deterministic {
+                    let hash_function_name = _algo
+                        .getattr(pyo3::intern!(py, "name"))?
+                        .extract::<&str>()?;
+                    let hash_function = openssl::md::Md::fetch(None, hash_function_name, None)?;
+                    // Setting a deterministic nonce type requires to explicitly set the hash function.
+                    // See https://github.com/openssl/openssl/issues/23205
+                    signer.set_signature_md(&hash_function)?;
+                    signer.set_nonce_type(openssl::pkey_ctx::NonceType::DETERMINISTIC_K)?;
+                } else {
+                    signer.set_nonce_type(openssl::pkey_ctx::NonceType::RANDOM_K)?;
+                }
             } else {
                 assert!(!deterministic);
             }

diff --git a/tests/utils.py b/tests/utils.py
@@ -747,7 +747,7 @@ def load_rfc6979_vectors(vector_data):
         elif not line:
             if data:
                 vectors.append(data)
-                data = dict()
+                data = {}
 
     return vectors