Address review comments

CHANGELOG.rst

@@ -26,7 +26,8 @@ Changelog
   and :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ARC4` into
   :doc:`/hazmat/decrepit/index` and deprecated them in the ``cipher`` module.
   They will be removed from the ``cipher`` module in 48.0.0.
-* Added support for deterministic ECDSA (:rfc:`6979`)
+* Added support for deterministic
+  :class:`~cryptography.hazmat.primitives.asymmetric.ec.ECDSA` (:rfc:`6979`)
 
 .. _v42-0-4:
 

src/rust/src/backend/ec.rs

@@ -273,7 +273,7 @@ impl ECPrivateKey {
                 )),
             ));
         }
-        let (data, _algo) = utils::calculate_digest_and_algorithm(
+        let (data, algo) = utils::calculate_digest_and_algorithm(
             py,
             data.as_bytes(),
             signature_algorithm.getattr(pyo3::intern!(py, "algorithm"))?,
@@ -287,7 +287,7 @@ impl ECPrivateKey {
         cfg_if::cfg_if! {
             if #[cfg(CRYPTOGRAPHY_OPENSSL_320_OR_GREATER)]{
                 if deterministic {
-                    let hash_function_name = _algo
+                    let hash_function_name = algo
                         .getattr(pyo3::intern!(py, "name"))?
                         .extract::<&str>()?;
                     let hash_function = openssl::md::Md::fetch(None, hash_function_name, None)?;
@@ -299,6 +299,7 @@ impl ECPrivateKey {
                     signer.set_nonce_type(openssl::pkey_ctx::NonceType::RANDOM_K)?;
                 }
             } else {
+                let _ = algo;
                 assert!(!deterministic);
             }
         }

tests/hazmat/primitives/test_ec.py

@@ -513,7 +513,7 @@ def test_signature_failures(self, backend, subtests):
                         signature, vector["message"], ec.ECDSA(hash_type())
                     )
 
-    def test_unsupported_deterministic_nonce(self, backend, subtests):
+    def test_unsupported_deterministic_nonce(self, backend):
         if backend.ecdsa_deterministic_supported():
             pytest.skip(
                 f"ECDSA deterministic signing is supported by this"
@@ -529,14 +529,12 @@ def test_deterministic_nonce(self, backend, subtests):
                 f" backend {backend}"
             )
 
-        supported_hash_algorithms: typing.Dict[
-            str, typing.Type[hashes.HashAlgorithm]
-        ] = {
-            "SHA1": hashes.SHA1,
-            "SHA224": hashes.SHA224,
-            "SHA256": hashes.SHA256,
-            "SHA384": hashes.SHA384,
-            "SHA512": hashes.SHA512,
+        supported_hash_algorithms = {
+            "SHA1": hashes.SHA1(),
+            "SHA224": hashes.SHA224(),
+            "SHA256": hashes.SHA256(),
+            "SHA384": hashes.SHA384(),
+            "SHA512": hashes.SHA512(),
         }
         vectors = load_vectors_from_file(
             os.path.join(
@@ -551,10 +549,9 @@ def test_deterministic_nonce(self, backend, subtests):
             key = bytes("\n".join(vector["key"]), "utf-8")
             if "digest_sign" in vector:
                 algorithm = vector["digest_sign"]
-                assert algorithm in supported_hash_algorithms
                 hash_algorithm = supported_hash_algorithms[algorithm]
                 algorithm = ec.ECDSA(
-                    hash_algorithm(),
+                    hash_algorithm,
                     deterministic_signing=vector["deterministic_nonce"],
                 )
                 private_key = serialization.load_pem_private_key(
@@ -568,7 +565,7 @@ def test_deterministic_nonce(self, backend, subtests):
                 algorithm = vector["digest_verify"]
                 assert algorithm in supported_hash_algorithms
                 hash_algorithm = supported_hash_algorithms[algorithm]
-                algorithm = ec.ECDSA(hash_algorithm())
+                algorithm = ec.ECDSA(hash_algorithm)
                 public_key = serialization.load_pem_public_key(key)
                 assert isinstance(public_key, EllipticCurvePublicKey)
                 if vector["verify_error"]: