Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-cryptography for
openSUSE:Factory checked in at 2025-05-13 20:12:01
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-cryptography (Old)
and /work/SRC/openSUSE:Factory/.python-cryptography.new.30101 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-cryptography"
Tue May 13 20:12:01 2025 rev:101 rq:1276716 version:44.0.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-cryptography/python-cryptography.changes
2025-03-25 22:08:12.140187696 +0100
+++
/work/SRC/openSUSE:Factory/.python-cryptography.new.30101/python-cryptography.changes
2025-05-13 20:12:05.411509313 +0200
@@ -1,0 +2,6 @@
+Wed May 7 15:45:10 UTC 2025 - Nico Krapp <nico.kr...@suse.com>
+
+- Update to 44.0.3
+ * Fixed compilation when using LibreSSL 4.1.0.
+
+-------------------------------------------------------------------
Old:
----
cryptography-44.0.2.tar.gz
New:
----
cryptography-44.0.3.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-cryptography.spec ++++++
--- /var/tmp/diff_new_pack.489Zyw/_old 2025-05-13 20:12:07.715606017 +0200
+++ /var/tmp/diff_new_pack.489Zyw/_new 2025-05-13 20:12:07.731606688 +0200
@@ -28,7 +28,7 @@
%{?sle15_python_module_pythons}
Name: python-cryptography%{psuffix}
# ALWAYS KEEP IN SYNC WITH python-cryptography-vectors!
-Version: 44.0.2
+Version: 44.0.3
Release: 0
Summary: Python library which exposes cryptographic recipes and
primitives
License: Apache-2.0 OR BSD-3-Clause
++++++ cryptography-44.0.2.tar.gz -> cryptography-44.0.3.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-44.0.2/CHANGELOG.rst
new/cryptography-44.0.3/CHANGELOG.rst
--- old/cryptography-44.0.2/CHANGELOG.rst 2025-03-02 00:53:51.000000000
+0100
+++ new/cryptography-44.0.3/CHANGELOG.rst 2025-05-02 21:28:28.000000000
+0200
@@ -1,6 +1,13 @@
Changelog
=========
+.. _v44-0-3:
+
+44.0.3 - 2025-05-02
+~~~~~~~~~~~~~~~~~~~
+
+* Fixed compilation when using LibreSSL 4.1.0.
+
.. _v44-0-2:
44.0.2 - 2025-03-01
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-44.0.2/Cargo.lock
new/cryptography-44.0.3/Cargo.lock
--- old/cryptography-44.0.2/Cargo.lock 2025-03-02 00:53:51.000000000 +0100
+++ new/cryptography-44.0.3/Cargo.lock 2025-05-02 21:28:28.000000000 +0200
@@ -215,9 +215,9 @@
[[package]]
name = "openssl-sys"
-version = "0.9.104"
+version = "0.9.108"
source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "45abf306cbf99debc8195b66b7346498d7b10c210de50418b5ccd7ceba08c741"
+checksum = "e145e1651e858e820e4860f7b9c5e169bc1d8ce1c86043be79fa7b7634821847"
dependencies = [
"cc",
"libc",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-44.0.2/Cargo.toml
new/cryptography-44.0.3/Cargo.toml
--- old/cryptography-44.0.2/Cargo.toml 2025-03-02 00:53:51.000000000 +0100
+++ new/cryptography-44.0.3/Cargo.toml 2025-05-02 21:28:28.000000000 +0200
@@ -21,6 +21,8 @@
[workspace.dependencies]
asn1 = { version = "0.20.0", default-features = false }
pyo3 = { version = "0.23.5", features = ["abi3"] }
+openssl = "0.10.72"
+openssl-sys = "0.9.108"
[profile.release]
overflow-checks = true
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-44.0.2/PKG-INFO
new/cryptography-44.0.3/PKG-INFO
--- old/cryptography-44.0.2/PKG-INFO 1970-01-01 01:00:00.000000000 +0100
+++ new/cryptography-44.0.3/PKG-INFO 1970-01-01 01:00:00.000000000 +0100
@@ -1,6 +1,6 @@
Metadata-Version: 2.3
Name: cryptography
-Version: 44.0.2
+Version: 44.0.3
Classifier: Development Status :: 5 - Production/Stable
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: Apache Software License
@@ -28,7 +28,7 @@
Requires-Dist: bcrypt >=3.1.5 ; extra == 'ssh'
Requires-Dist: nox >=2024.4.15 ; extra == 'nox'
Requires-Dist: nox[uv] >=2024.3.2 ; python_version >= '3.8' and extra == 'nox'
-Requires-Dist: cryptography-vectors ==44.0.2 ; extra == 'test'
+Requires-Dist: cryptography-vectors ==44.0.3 ; extra == 'test'
Requires-Dist: pytest >=7.4.0 ; extra == 'test'
Requires-Dist: pytest-benchmark >=4.0 ; extra == 'test'
Requires-Dist: pytest-cov >=2.10.1 ; extra == 'test'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-44.0.2/pyproject.toml
new/cryptography-44.0.3/pyproject.toml
--- old/cryptography-44.0.2/pyproject.toml 2025-03-02 00:53:51.000000000
+0100
+++ new/cryptography-44.0.3/pyproject.toml 2025-05-02 21:28:28.000000000
+0200
@@ -14,7 +14,7 @@
[project]
name = "cryptography"
-version = "44.0.2"
+version = "44.0.3"
authors = [
{name = "The Python Cryptographic Authority and individual contributors",
email = "cryptography-...@python.org"}
]
@@ -65,7 +65,7 @@
# All the following are used for our own testing.
nox = ["nox >=2024.04.15", "nox[uv] >=2024.03.02; python_version >= '3.8'"]
test = [
- "cryptography_vectors==44.0.2",
+ "cryptography_vectors==44.0.3",
"pytest >=7.4.0",
"pytest-benchmark >=4.0",
"pytest-cov >=2.10.1",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-44.0.2/src/cryptography/__about__.py
new/cryptography-44.0.3/src/cryptography/__about__.py
--- old/cryptography-44.0.2/src/cryptography/__about__.py 2025-03-02
00:53:51.000000000 +0100
+++ new/cryptography-44.0.3/src/cryptography/__about__.py 2025-05-02
21:28:28.000000000 +0200
@@ -10,7 +10,7 @@
"__version__",
]
-__version__ = "44.0.2"
+__version__ = "44.0.3"
__author__ = "The Python Cryptographic Authority and individual contributors"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/cryptography-44.0.2/src/cryptography/hazmat/backends/openssl/backend.py
new/cryptography-44.0.3/src/cryptography/hazmat/backends/openssl/backend.py
--- old/cryptography-44.0.2/src/cryptography/hazmat/backends/openssl/backend.py
2025-03-02 00:53:51.000000000 +0100
+++ new/cryptography-44.0.3/src/cryptography/hazmat/backends/openssl/backend.py
2025-05-02 21:28:28.000000000 +0200
@@ -169,14 +169,17 @@
if isinstance(padding, PKCS1v15):
return True
elif isinstance(padding, PSS) and isinstance(padding._mgf, MGF1):
- # SHA1 is permissible in MGF1 in FIPS even when SHA1 is blocked
- # as signature algorithm.
- if self._fips_enabled and isinstance(
- padding._mgf._algorithm, hashes.SHA1
+ # FIPS 186-4 only allows salt length == digest length for PSS
+ # It is technically acceptable to set an explicit salt length
+ # equal to the digest length and this will incorrectly fail, but
+ # since we don't do that in the tests and this method is
+ # private, we'll ignore that until we need to do otherwise.
+ if (
+ self._fips_enabled
+ and padding._salt_length != PSS.DIGEST_LENGTH
):
- return True
- else:
- return self.hash_supported(padding._mgf._algorithm)
+ return False
+ return self.hash_supported(padding._mgf._algorithm)
elif isinstance(padding, OAEP) and isinstance(padding._mgf, MGF1):
return self._oaep_hash_supported(
padding._mgf._algorithm
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/cryptography-44.0.2/src/rust/cryptography-cffi/build.rs
new/cryptography-44.0.3/src/rust/cryptography-cffi/build.rs
--- old/cryptography-44.0.2/src/rust/cryptography-cffi/build.rs 2025-03-02
00:53:51.000000000 +0100
+++ new/cryptography-44.0.3/src/rust/cryptography-cffi/build.rs 2025-05-02
21:28:28.000000000 +0200
@@ -71,7 +71,7 @@
// This is because we don't want a potentially random build path to end up
in the binary because
// CFFI generated code uses the __FILE__ macro in its debug messages.
if let Some(out_dir_str) = Path::new(&out_dir).to_str() {
- build.flag_if_supported(format!("-fmacro-prefix-map={}=.",
out_dir_str).as_str());
+
build.flag_if_supported(format!("-fmacro-prefix-map={out_dir_str}").as_str());
}
for python_include in env::split_paths(&python_includes) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/cryptography-44.0.2/src/rust/cryptography-keepalive/src/lib.rs
new/cryptography-44.0.3/src/rust/cryptography-keepalive/src/lib.rs
--- old/cryptography-44.0.2/src/rust/cryptography-keepalive/src/lib.rs
2025-03-02 00:53:51.000000000 +0100
+++ new/cryptography-44.0.3/src/rust/cryptography-keepalive/src/lib.rs
2025-05-02 21:28:28.000000000 +0200
@@ -4,10 +4,11 @@
#![deny(rust_2018_idioms, clippy::undocumented_unsafe_blocks)]
-use pyo3::pybacked::{PyBackedBytes, PyBackedStr};
use std::cell::UnsafeCell;
use std::ops::Deref;
+use pyo3::pybacked::{PyBackedBytes, PyBackedStr};
+
pub struct KeepAlive<T: StableDeref> {
values: UnsafeCell<Vec<T>>,
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/cryptography-44.0.2/src/rust/cryptography-openssl/src/aead.rs
new/cryptography-44.0.3/src/rust/cryptography-openssl/src/aead.rs
--- old/cryptography-44.0.2/src/rust/cryptography-openssl/src/aead.rs
2025-03-02 00:53:51.000000000 +0100
+++ new/cryptography-44.0.3/src/rust/cryptography-openssl/src/aead.rs
2025-05-02 21:28:28.000000000 +0200
@@ -2,9 +2,10 @@
// 2.0, and the BSD License. See the LICENSE file in the root of this
repository
// for complete details.
-use crate::{cvt, cvt_p, OpenSSLResult};
use foreign_types_shared::{ForeignType, ForeignTypeRef};
+use crate::{cvt, cvt_p, OpenSSLResult};
+
pub enum AeadType {
ChaCha20Poly1305,
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/cryptography-44.0.2/src/rust/cryptography-openssl/src/fips.rs
new/cryptography-44.0.3/src/rust/cryptography-openssl/src/fips.rs
--- old/cryptography-44.0.2/src/rust/cryptography-openssl/src/fips.rs
2025-03-02 00:53:51.000000000 +0100
+++ new/cryptography-44.0.3/src/rust/cryptography-openssl/src/fips.rs
2025-05-02 21:28:28.000000000 +0200
@@ -2,14 +2,15 @@
// 2.0, and the BSD License. See the LICENSE file in the root of this
repository
// for complete details.
-#[cfg(CRYPTOGRAPHY_OPENSSL_300_OR_GREATER)]
-use crate::{cvt, OpenSSLResult};
#[cfg(all(
CRYPTOGRAPHY_OPENSSL_300_OR_GREATER,
not(any(CRYPTOGRAPHY_IS_LIBRESSL, CRYPTOGRAPHY_IS_BORINGSSL))
))]
use std::ptr;
+#[cfg(CRYPTOGRAPHY_OPENSSL_300_OR_GREATER)]
+use crate::{cvt, OpenSSLResult};
+
pub fn is_enabled() -> bool {
cfg_if::cfg_if! {
if #[cfg(any(CRYPTOGRAPHY_IS_LIBRESSL, CRYPTOGRAPHY_IS_BORINGSSL))] {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/cryptography-44.0.2/src/rust/cryptography-x509/src/certificate.rs
new/cryptography-44.0.3/src/rust/cryptography-x509/src/certificate.rs
--- old/cryptography-44.0.2/src/rust/cryptography-x509/src/certificate.rs
2025-03-02 00:53:51.000000000 +0100
+++ new/cryptography-44.0.3/src/rust/cryptography-x509/src/certificate.rs
2025-05-02 21:28:28.000000000 +0200
@@ -2,12 +2,9 @@
// 2.0, and the BSD License. See the LICENSE file in the root of this
repository
// for complete details.
-use crate::common;
-use crate::extensions;
-use crate::extensions::DuplicateExtensionsError;
-use crate::extensions::Extensions;
-use crate::name;
+use crate::extensions::{DuplicateExtensionsError, Extensions};
use crate::name::NameReadable;
+use crate::{common, extensions, name};
#[derive(asn1::Asn1Read, asn1::Asn1Write, Hash, PartialEq, Eq, Clone)]
pub struct Certificate<'a> {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/cryptography-44.0.2/src/rust/cryptography-x509/src/csr.rs
new/cryptography-44.0.3/src/rust/cryptography-x509/src/csr.rs
--- old/cryptography-44.0.2/src/rust/cryptography-x509/src/csr.rs
2025-03-02 00:53:51.000000000 +0100
+++ new/cryptography-44.0.3/src/rust/cryptography-x509/src/csr.rs
2025-05-02 21:28:28.000000000 +0200
@@ -2,10 +2,7 @@
// 2.0, and the BSD License. See the LICENSE file in the root of this
repository
// for complete details.
-use crate::common;
-use crate::extensions;
-use crate::name;
-use crate::oid;
+use crate::{common, extensions, name, oid};
#[derive(asn1::Asn1Read, asn1::Asn1Write)]
pub struct Csr<'a> {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/cryptography-44.0.2/src/rust/cryptography-x509/src/extensions.rs
new/cryptography-44.0.3/src/rust/cryptography-x509/src/extensions.rs
--- old/cryptography-44.0.2/src/rust/cryptography-x509/src/extensions.rs
2025-03-02 00:53:51.000000000 +0100
+++ new/cryptography-44.0.3/src/rust/cryptography-x509/src/extensions.rs
2025-05-02 21:28:28.000000000 +0200
@@ -4,10 +4,8 @@
use std::collections::HashSet;
-use crate::common;
use crate::common::Asn1Operation;
-use crate::crl;
-use crate::name;
+use crate::{common, crl, name};
pub struct DuplicateExtensionsError(pub asn1::ObjectIdentifier);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/cryptography-44.0.2/src/rust/cryptography-x509/src/pkcs12.rs
new/cryptography-44.0.3/src/rust/cryptography-x509/src/pkcs12.rs
--- old/cryptography-44.0.2/src/rust/cryptography-x509/src/pkcs12.rs
2025-03-02 00:53:51.000000000 +0100
+++ new/cryptography-44.0.3/src/rust/cryptography-x509/src/pkcs12.rs
2025-05-02 21:28:28.000000000 +0200
@@ -55,7 +55,7 @@
#[derive(asn1::Asn1DefinedByWrite)]
pub enum BagValue<'a> {
#[defined_by(CERT_BAG_OID)]
- CertBag(CertBag<'a>),
+ CertBag(Box<CertBag<'a>>),
#[defined_by(KEY_BAG_OID)]
KeyBag(asn1::Tlv<'a>),
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/cryptography-44.0.2/src/rust/cryptography-x509-verification/src/lib.rs
new/cryptography-44.0.3/src/rust/cryptography-x509-verification/src/lib.rs
--- old/cryptography-44.0.2/src/rust/cryptography-x509-verification/src/lib.rs
2025-03-02 00:53:51.000000000 +0100
+++ new/cryptography-44.0.3/src/rust/cryptography-x509-verification/src/lib.rs
2025-05-02 21:28:28.000000000 +0200
@@ -16,21 +16,19 @@
use std::vec;
use asn1::ObjectIdentifier;
-use cryptography_x509::extensions::{DuplicateExtensionsError, Extensions};
-use cryptography_x509::{
- common::Asn1Read,
- extensions::{NameConstraints, SubjectAlternativeName},
- name::GeneralName,
- oid::{NAME_CONSTRAINTS_OID, SUBJECT_ALTERNATIVE_NAME_OID},
+use cryptography_x509::common::Asn1Read;
+use cryptography_x509::extensions::{
+ DuplicateExtensionsError, Extensions, NameConstraints,
SubjectAlternativeName,
};
+use cryptography_x509::name::GeneralName;
+use cryptography_x509::oid::{NAME_CONSTRAINTS_OID,
SUBJECT_ALTERNATIVE_NAME_OID};
use types::{RFC822Constraint, RFC822Name};
use crate::certificate::cert_is_self_issued;
use crate::ops::{CryptoOps, VerificationCertificate};
use crate::policy::Policy;
use crate::trust_store::Store;
-use crate::types::DNSName;
-use crate::types::{DNSConstraint, IPAddress, IPConstraint};
+use crate::types::{DNSConstraint, DNSName, IPAddress, IPConstraint};
use crate::ApplyNameConstraintStatus::{Applied, Skipped};
pub enum ValidationErrorKind<'chain, B: CryptoOps> {
@@ -175,12 +173,10 @@
) {
(Some(pattern), Some(name)) =>
Ok(Applied(pattern.matches(&name))),
(_, None) =>
Err(ValidationError::new(ValidationErrorKind::Other(format!(
- "unsatisfiable IP name constraint: malformed SAN {:?}",
- name,
+ "unsatisfiable IP name constraint: malformed SAN
{name:?}",
)))),
(None, _) =>
Err(ValidationError::new(ValidationErrorKind::Other(format!(
- "malformed IP name constraints: {:?}",
- pattern
+ "malformed IP name constraints: {pattern:?}",
)))),
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/cryptography-44.0.2/src/rust/cryptography-x509-verification/src/ops.rs
new/cryptography-44.0.3/src/rust/cryptography-x509-verification/src/ops.rs
--- old/cryptography-44.0.2/src/rust/cryptography-x509-verification/src/ops.rs
2025-03-02 00:53:51.000000000 +0100
+++ new/cryptography-44.0.3/src/rust/cryptography-x509-verification/src/ops.rs
2025-05-02 21:28:28.000000000 +0200
@@ -90,9 +90,10 @@
#[cfg(test)]
pub(crate) mod tests {
+ use cryptography_x509::certificate::Certificate;
+
use super::VerificationCertificate;
use crate::certificate::tests::PublicKeyErrorOps;
- use cryptography_x509::certificate::Certificate;
pub(crate) fn v1_cert_pem() -> pem::Pem {
pem::parse(
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/cryptography-44.0.2/src/rust/cryptography-x509-verification/src/policy/extension.rs
new/cryptography-44.0.3/src/rust/cryptography-x509-verification/src/policy/extension.rs
---
old/cryptography-44.0.2/src/rust/cryptography-x509-verification/src/policy/extension.rs
2025-03-02 00:53:51.000000000 +0100
+++
new/cryptography-44.0.3/src/rust/cryptography-x509-verification/src/policy/extension.rs
2025-05-02 21:28:28.000000000 +0200
@@ -2,19 +2,17 @@
// 2.0, and the BSD License. See the LICENSE file in the root of this
repository
// for complete details.
+use cryptography_x509::certificate::Certificate;
+use cryptography_x509::extensions::{Extension, Extensions};
use cryptography_x509::oid::{
AUTHORITY_INFORMATION_ACCESS_OID, AUTHORITY_KEY_IDENTIFIER_OID,
BASIC_CONSTRAINTS_OID,
EXTENDED_KEY_USAGE_OID, KEY_USAGE_OID, NAME_CONSTRAINTS_OID,
SUBJECT_ALTERNATIVE_NAME_OID,
SUBJECT_KEY_IDENTIFIER_OID,
};
-use cryptography_x509::{
- certificate::Certificate,
- extensions::{Extension, Extensions},
-};
-use crate::{
- ops::CryptoOps, policy::Policy, ValidationError, ValidationErrorKind,
ValidationResult,
-};
+use crate::ops::CryptoOps;
+use crate::policy::Policy;
+use crate::{ValidationError, ValidationErrorKind, ValidationResult};
pub(crate) struct ExtensionPolicy<B: CryptoOps> {
pub(crate) authority_information_access: ExtensionValidator<B>,
@@ -266,17 +264,13 @@
}
pub(crate) mod ee {
- use cryptography_x509::{
- certificate::Certificate,
- extensions::{
- BasicConstraints, ExtendedKeyUsage, Extension, KeyUsage,
SubjectAlternativeName,
- },
+ use cryptography_x509::certificate::Certificate;
+ use cryptography_x509::extensions::{
+ BasicConstraints, ExtendedKeyUsage, Extension, KeyUsage,
SubjectAlternativeName,
};
- use crate::{
- ops::CryptoOps,
- policy::{Policy, ValidationError, ValidationErrorKind,
ValidationResult},
- };
+ use crate::ops::CryptoOps;
+ use crate::policy::{Policy, ValidationError, ValidationErrorKind,
ValidationResult};
pub(crate) fn basic_constraints<'chain, B: CryptoOps>(
_policy: &Policy<'_, B>,
@@ -379,20 +373,16 @@
}
pub(crate) mod ca {
- use cryptography_x509::{
- certificate::Certificate,
- common::Asn1Read,
- extensions::{
- AuthorityKeyIdentifier, BasicConstraints, ExtendedKeyUsage,
Extension, KeyUsage,
- NameConstraints,
- },
- oid::EKU_ANY_KEY_USAGE_OID,
+ use cryptography_x509::certificate::Certificate;
+ use cryptography_x509::common::Asn1Read;
+ use cryptography_x509::extensions::{
+ AuthorityKeyIdentifier, BasicConstraints, ExtendedKeyUsage, Extension,
KeyUsage,
+ NameConstraints,
};
+ use cryptography_x509::oid::EKU_ANY_KEY_USAGE_OID;
- use crate::{
- ops::CryptoOps,
- policy::{Policy, ValidationError, ValidationErrorKind,
ValidationResult},
- };
+ use crate::ops::CryptoOps;
+ use crate::policy::{Policy, ValidationError, ValidationErrorKind,
ValidationResult};
pub(crate) fn authority_key_identifier<'chain, B: CryptoOps>(
_policy: &Policy<'_, B>,
@@ -529,16 +519,12 @@
}
pub(crate) mod common {
- use cryptography_x509::{
- certificate::Certificate,
- common::Asn1Read,
- extensions::{Extension, SequenceOfAccessDescriptions},
- };
+ use cryptography_x509::certificate::Certificate;
+ use cryptography_x509::common::Asn1Read;
+ use cryptography_x509::extensions::{Extension,
SequenceOfAccessDescriptions};
- use crate::{
- ops::CryptoOps,
- policy::{Policy, ValidationResult},
- };
+ use crate::ops::CryptoOps;
+ use crate::policy::{Policy, ValidationResult};
pub(crate) fn authority_information_access<'chain, B: CryptoOps>(
_policy: &Policy<'_, B>,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/cryptography-44.0.2/src/rust/cryptography-x509-verification/src/policy/mod.rs
new/cryptography-44.0.3/src/rust/cryptography-x509-verification/src/policy/mod.rs
---
old/cryptography-44.0.2/src/rust/cryptography-x509-verification/src/policy/mod.rs
2025-03-02 00:53:51.000000000 +0100
+++
new/cryptography-44.0.3/src/rust/cryptography-x509-verification/src/policy/mod.rs
2025-05-02 21:28:28.000000000 +0200
@@ -601,10 +601,8 @@
use asn1::{DateTime, SequenceOfWriter};
use cryptography_x509::common::Time;
- use cryptography_x509::{
- extensions::SubjectAlternativeName,
- name::{GeneralName, UnvalidatedIA5String},
- };
+ use cryptography_x509::extensions::SubjectAlternativeName;
+ use cryptography_x509::name::{GeneralName, UnvalidatedIA5String};
use super::{
permits_validity_date, ECDSA_SHA256, ECDSA_SHA384, ECDSA_SHA512,
RSASSA_PKCS1V15_SHA256,
@@ -612,13 +610,11 @@
RSASSA_PSS_SHA512, WEBPKI_PERMITTED_SIGNATURE_ALGORITHMS,
};
use crate::certificate::tests::PublicKeyErrorOps;
- use crate::{
- policy::{
- Subject, SPKI_RSA, SPKI_SECP256R1, SPKI_SECP384R1, SPKI_SECP521R1,
- WEBPKI_PERMITTED_SPKI_ALGORITHMS,
- },
- types::{DNSName, IPAddress},
+ use crate::policy::{
+ Subject, SPKI_RSA, SPKI_SECP256R1, SPKI_SECP384R1, SPKI_SECP521R1,
+ WEBPKI_PERMITTED_SPKI_ALGORITHMS,
};
+ use crate::types::{DNSName, IPAddress};
#[test]
fn test_webpki_permitted_spki_algorithms_canonical_encodings() {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/cryptography-44.0.2/src/rust/cryptography-x509-verification/src/trust_store.rs
new/cryptography-44.0.3/src/rust/cryptography-x509-verification/src/trust_store.rs
---
old/cryptography-44.0.2/src/rust/cryptography-x509-verification/src/trust_store.rs
2025-03-02 00:53:51.000000000 +0100
+++
new/cryptography-44.0.3/src/rust/cryptography-x509-verification/src/trust_store.rs
2025-05-02 21:28:28.000000000 +0200
@@ -6,8 +6,7 @@
use cryptography_x509::name::Name;
-use crate::CryptoOps;
-use crate::VerificationCertificate;
+use crate::{CryptoOps, VerificationCertificate};
/// A `Store` represents the core state needed for X.509 path validation.
pub struct Store<'a, B: CryptoOps> {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/cryptography-44.0.2/src/rust/cryptography-x509-verification/src/types.rs
new/cryptography-44.0.3/src/rust/cryptography-x509-verification/src/types.rs
---
old/cryptography-44.0.2/src/rust/cryptography-x509-verification/src/types.rs
2025-03-02 00:53:51.000000000 +0100
+++
new/cryptography-44.0.3/src/rust/cryptography-x509-verification/src/types.rs
2025-05-02 21:28:28.000000000 +0200
@@ -400,9 +400,8 @@
#[cfg(test)]
mod tests {
- use crate::types::{DNSConstraint, DNSName, DNSPattern, IPAddress,
IPConstraint, RFC822Name};
-
use super::RFC822Constraint;
+ use crate::types::{DNSConstraint, DNSName, DNSPattern, IPAddress,
IPConstraint, RFC822Name};
#[test]
fn test_dnsname_debug_trait() {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-44.0.2/src/rust/src/asn1.rs
new/cryptography-44.0.3/src/rust/src/asn1.rs
--- old/cryptography-44.0.2/src/rust/src/asn1.rs 2025-03-02
00:53:51.000000000 +0100
+++ new/cryptography-44.0.3/src/rust/src/asn1.rs 2025-05-02
21:28:28.000000000 +0200
@@ -4,8 +4,7 @@
use cryptography_x509::common::{DssSignature, SubjectPublicKeyInfo};
use pyo3::pybacked::PyBackedBytes;
-use pyo3::types::IntoPyDict;
-use pyo3::types::PyAnyMethods;
+use pyo3::types::{IntoPyDict, PyAnyMethods};
use pyo3::IntoPyObject;
use crate::error::{CryptographyError, CryptographyResult};
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-44.0.2/src/rust/src/backend/aead.rs
new/cryptography-44.0.3/src/rust/src/backend/aead.rs
--- old/cryptography-44.0.2/src/rust/src/backend/aead.rs 2025-03-02
00:53:51.000000000 +0100
+++ new/cryptography-44.0.3/src/rust/src/backend/aead.rs 2025-05-02
21:28:28.000000000 +0200
@@ -2,10 +2,11 @@
// 2.0, and the BSD License. See the LICENSE file in the root of this
repository
// for complete details.
+use pyo3::types::{PyAnyMethods, PyListMethods};
+
use crate::buf::CffiBuf;
use crate::error::{CryptographyError, CryptographyResult};
use crate::{exceptions, types};
-use pyo3::types::{PyAnyMethods, PyListMethods};
fn check_length(data: &[u8]) -> CryptographyResult<()> {
if data.len() > (i32::MAX as usize) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-44.0.2/src/rust/src/backend/ciphers.rs
new/cryptography-44.0.3/src/rust/src/backend/ciphers.rs
--- old/cryptography-44.0.2/src/rust/src/backend/ciphers.rs 2025-03-02
00:53:51.000000000 +0100
+++ new/cryptography-44.0.3/src/rust/src/backend/ciphers.rs 2025-05-02
21:28:28.000000000 +0200
@@ -2,13 +2,13 @@
// 2.0, and the BSD License. See the LICENSE file in the root of this
repository
// for complete details.
+use pyo3::types::PyAnyMethods;
+use pyo3::IntoPyObject;
+
use crate::backend::cipher_registry;
use crate::buf::{CffiBuf, CffiMutBuf};
use crate::error::{CryptographyError, CryptographyResult};
-use crate::exceptions;
-use crate::types;
-use pyo3::types::PyAnyMethods;
-use pyo3::IntoPyObject;
+use crate::{exceptions, types};
pub(crate) struct CipherContext {
ctx: openssl::cipher_ctx::CipherCtx,
@@ -495,16 +495,14 @@
if tag.len() < min_tag_length {
return Err(CryptographyError::from(
pyo3::exceptions::PyValueError::new_err(format!(
- "Authentication tag must be {} bytes or longer.",
- min_tag_length
+ "Authentication tag must be {min_tag_length} bytes or
longer.",
)),
));
} else if tag.len() > 16 {
return Err(CryptographyError::from(
- pyo3::exceptions::PyValueError::new_err(format!(
- "Authentication tag cannot be more than {} bytes.",
- 16
- )),
+ pyo3::exceptions::PyValueError::new_err(
+ "Authentication tag cannot be more than 16 bytes.",
+ ),
));
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-44.0.2/src/rust/src/backend/cmac.rs
new/cryptography-44.0.3/src/rust/src/backend/cmac.rs
--- old/cryptography-44.0.2/src/rust/src/backend/cmac.rs 2025-03-02
00:53:51.000000000 +0100
+++ new/cryptography-44.0.3/src/rust/src/backend/cmac.rs 2025-05-02
21:28:28.000000000 +0200
@@ -2,11 +2,12 @@
// 2.0, and the BSD License. See the LICENSE file in the root of this
repository
// for complete details.
+use pyo3::types::{PyAnyMethods, PyBytesMethods};
+
use crate::backend::cipher_registry;
use crate::buf::CffiBuf;
use crate::error::{CryptographyError, CryptographyResult};
use crate::{exceptions, types};
-use pyo3::types::{PyAnyMethods, PyBytesMethods};
#[pyo3::pyclass(
module = "cryptography.hazmat.bindings._rust.openssl.cmac",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-44.0.2/src/rust/src/backend/dh.rs
new/cryptography-44.0.3/src/rust/src/backend/dh.rs
--- old/cryptography-44.0.2/src/rust/src/backend/dh.rs 2025-03-02
00:53:51.000000000 +0100
+++ new/cryptography-44.0.3/src/rust/src/backend/dh.rs 2025-05-02
21:28:28.000000000 +0200
@@ -3,12 +3,12 @@
// for complete details.
use cryptography_x509::common;
+use pyo3::types::PyAnyMethods;
use crate::asn1::encode_der_data;
use crate::backend::utils;
use crate::error::{CryptographyError, CryptographyResult};
use crate::{types, x509};
-use pyo3::types::PyAnyMethods;
const MIN_MODULUS_SIZE: u32 = 512;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-44.0.2/src/rust/src/backend/dsa.rs
new/cryptography-44.0.3/src/rust/src/backend/dsa.rs
--- old/cryptography-44.0.2/src/rust/src/backend/dsa.rs 2025-03-02
00:53:51.000000000 +0100
+++ new/cryptography-44.0.3/src/rust/src/backend/dsa.rs 2025-05-02
21:28:28.000000000 +0200
@@ -2,11 +2,12 @@
// 2.0, and the BSD License. See the LICENSE file in the root of this
repository
// for complete details.
+use pyo3::types::PyAnyMethods;
+
use crate::backend::utils;
use crate::buf::CffiBuf;
use crate::error::{CryptographyError, CryptographyResult};
use crate::{error, exceptions};
-use pyo3::types::PyAnyMethods;
#[pyo3::pyclass(
frozen,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-44.0.2/src/rust/src/backend/hashes.rs
new/cryptography-44.0.3/src/rust/src/backend/hashes.rs
--- old/cryptography-44.0.2/src/rust/src/backend/hashes.rs 2025-03-02
00:53:51.000000000 +0100
+++ new/cryptography-44.0.3/src/rust/src/backend/hashes.rs 2025-05-02
21:28:28.000000000 +0200
@@ -2,9 +2,10 @@
// 2.0, and the BSD License. See the LICENSE file in the root of this
repository
// for complete details.
-use pyo3::types::PyAnyMethods;
use std::borrow::Cow;
+use pyo3::types::PyAnyMethods;
+
use crate::buf::CffiBuf;
use crate::error::{CryptographyError, CryptographyResult};
use crate::{exceptions, types};
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-44.0.2/src/rust/src/backend/hmac.rs
new/cryptography-44.0.3/src/rust/src/backend/hmac.rs
--- old/cryptography-44.0.2/src/rust/src/backend/hmac.rs 2025-03-02
00:53:51.000000000 +0100
+++ new/cryptography-44.0.3/src/rust/src/backend/hmac.rs 2025-05-02
21:28:28.000000000 +0200
@@ -2,11 +2,12 @@
// 2.0, and the BSD License. See the LICENSE file in the root of this
repository
// for complete details.
+use pyo3::types::PyBytesMethods;
+
use crate::backend::hashes::message_digest_from_algorithm;
use crate::buf::CffiBuf;
use crate::error::{CryptographyError, CryptographyResult};
use crate::exceptions;
-use pyo3::types::PyBytesMethods;
#[pyo3::pyclass(
module = "cryptography.hazmat.bindings._rust.openssl.hmac",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-44.0.2/src/rust/src/backend/poly1305.rs
new/cryptography-44.0.3/src/rust/src/backend/poly1305.rs
--- old/cryptography-44.0.2/src/rust/src/backend/poly1305.rs 2025-03-02
00:53:51.000000000 +0100
+++ new/cryptography-44.0.3/src/rust/src/backend/poly1305.rs 2025-05-02
21:28:28.000000000 +0200
@@ -2,10 +2,11 @@
// 2.0, and the BSD License. See the LICENSE file in the root of this
repository
// for complete details.
+use pyo3::types::PyBytesMethods;
+
use crate::buf::CffiBuf;
use crate::error::{CryptographyError, CryptographyResult};
use crate::exceptions;
-use pyo3::types::PyBytesMethods;
#[cfg(any(CRYPTOGRAPHY_IS_BORINGSSL, CRYPTOGRAPHY_IS_LIBRESSL))]
struct Poly1305Boring {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-44.0.2/src/rust/src/backend/rsa.rs
new/cryptography-44.0.3/src/rust/src/backend/rsa.rs
--- old/cryptography-44.0.2/src/rust/src/backend/rsa.rs 2025-03-02
00:53:51.000000000 +0100
+++ new/cryptography-44.0.3/src/rust/src/backend/rsa.rs 2025-05-02
21:28:28.000000000 +0200
@@ -5,11 +5,12 @@
use std::collections::hash_map::DefaultHasher;
use std::hash::{Hash, Hasher};
+use pyo3::types::PyAnyMethods;
+
use crate::backend::{hashes, utils};
use crate::buf::CffiBuf;
use crate::error::{CryptographyError, CryptographyResult};
use crate::{exceptions, types};
-use pyo3::types::PyAnyMethods;
#[pyo3::pyclass(
frozen,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-44.0.2/src/rust/src/backend/utils.rs
new/cryptography-44.0.3/src/rust/src/backend/utils.rs
--- old/cryptography-44.0.2/src/rust/src/backend/utils.rs 2025-03-02
00:53:51.000000000 +0100
+++ new/cryptography-44.0.3/src/rust/src/backend/utils.rs 2025-05-02
21:28:28.000000000 +0200
@@ -2,10 +2,11 @@
// 2.0, and the BSD License. See the LICENSE file in the root of this
repository
// for complete details.
+use pyo3::types::{PyAnyMethods, PyBytesMethods};
+
use crate::backend::hashes::Hash;
use crate::error::{CryptographyError, CryptographyResult};
use crate::{error, types};
-use pyo3::types::{PyAnyMethods, PyBytesMethods};
pub(crate) fn py_int_to_bn(
py: pyo3::Python<'_>,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-44.0.2/src/rust/src/buf.rs
new/cryptography-44.0.3/src/rust/src/buf.rs
--- old/cryptography-44.0.2/src/rust/src/buf.rs 2025-03-02 00:53:51.000000000
+0100
+++ new/cryptography-44.0.3/src/rust/src/buf.rs 2025-05-02 21:28:28.000000000
+0200
@@ -2,11 +2,12 @@
// 2.0, and the BSD License. See the LICENSE file in the root of this
repository
// for complete details.
-use crate::types;
-use pyo3::types::IntoPyDict;
-use pyo3::types::PyAnyMethods;
use std::slice;
+use pyo3::types::{IntoPyDict, PyAnyMethods};
+
+use crate::types;
+
pub(crate) struct CffiBuf<'p> {
pyobj: pyo3::Bound<'p, pyo3::PyAny>,
_bufobj: pyo3::Bound<'p, pyo3::PyAny>,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-44.0.2/src/rust/src/error.rs
new/cryptography-44.0.3/src/rust/src/error.rs
--- old/cryptography-44.0.2/src/rust/src/error.rs 2025-03-02
00:53:51.000000000 +0100
+++ new/cryptography-44.0.3/src/rust/src/error.rs 2025-05-02
21:28:28.000000000 +0200
@@ -116,7 +116,7 @@
"Could not deserialize key data. The data may be in an
incorrect format, it may be encrypted with an unsupported algorithm, or it may
be an unsupported key type (e.g. EC curves with explicit parameters). Details:
{asn1_error}",
)
}
- CryptographyError::Py(py_error) => write!(f, "{}", py_error),
+ CryptographyError::Py(py_error) => write!(f, "{py_error}"),
CryptographyError::OpenSSL(error_stack) => {
write!(
f,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-44.0.2/src/rust/src/lib.rs
new/cryptography-44.0.3/src/rust/src/lib.rs
--- old/cryptography-44.0.2/src/rust/src/lib.rs 2025-03-02 00:53:51.000000000
+0100
+++ new/cryptography-44.0.3/src/rust/src/lib.rs 2025-05-02 21:28:28.000000000
+0200
@@ -6,11 +6,13 @@
#![allow(unknown_lints, non_local_definitions, clippy::result_large_err)]
#[cfg(CRYPTOGRAPHY_OPENSSL_300_OR_GREATER)]
-use crate::error::CryptographyResult;
+use std::env;
+
#[cfg(CRYPTOGRAPHY_OPENSSL_300_OR_GREATER)]
use openssl::provider;
+
#[cfg(CRYPTOGRAPHY_OPENSSL_300_OR_GREATER)]
-use std::env;
+use crate::error::CryptographyResult;
mod asn1;
mod backend;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-44.0.2/src/rust/src/oid.rs
new/cryptography-44.0.3/src/rust/src/oid.rs
--- old/cryptography-44.0.2/src/rust/src/oid.rs 2025-03-02 00:53:51.000000000
+0100
+++ new/cryptography-44.0.3/src/rust/src/oid.rs 2025-05-02 21:28:28.000000000
+0200
@@ -2,12 +2,14 @@
// 2.0, and the BSD License. See the LICENSE file in the root of this
repository
// for complete details.
-use crate::error::CryptographyResult;
-use crate::types;
-use pyo3::types::PyAnyMethods;
use std::collections::hash_map::DefaultHasher;
use std::hash::{Hash, Hasher};
+use pyo3::types::PyAnyMethods;
+
+use crate::error::CryptographyResult;
+use crate::types;
+
#[pyo3::pyclass(frozen, module = "cryptography.hazmat.bindings._rust")]
pub(crate) struct ObjectIdentifier {
pub(crate) oid: asn1::ObjectIdentifier,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-44.0.2/src/rust/src/pkcs12.rs
new/cryptography-44.0.3/src/rust/src/pkcs12.rs
--- old/cryptography-44.0.2/src/rust/src/pkcs12.rs 2025-03-02
00:53:51.000000000 +0100
+++ new/cryptography-44.0.3/src/rust/src/pkcs12.rs 2025-05-02
21:28:28.000000000 +0200
@@ -2,17 +2,19 @@
// 2.0, and the BSD License. See the LICENSE file in the root of this
repository
// for complete details.
+use std::collections::hash_map::DefaultHasher;
+use std::hash::{Hash, Hasher};
+
+use cryptography_x509::common::Utf8StoredBMPString;
+use pyo3::types::{PyAnyMethods, PyBytesMethods, PyListMethods};
+use pyo3::IntoPyObject;
+
use crate::backend::{ciphers, hashes, hmac, kdf, keys};
use crate::buf::CffiBuf;
use crate::error::{CryptographyError, CryptographyResult};
use crate::padding::PKCS7PaddingContext;
use crate::x509::certificate::Certificate;
use crate::{types, x509};
-use cryptography_x509::common::Utf8StoredBMPString;
-use pyo3::types::{PyAnyMethods, PyBytesMethods, PyListMethods};
-use pyo3::IntoPyObject;
-use std::collections::hash_map::DefaultHasher;
-use std::hash::{Hash, Hasher};
#[pyo3::pyclass(frozen)]
struct PKCS12Certificate {
@@ -386,14 +388,14 @@
) -> CryptographyResult<cryptography_x509::pkcs12::SafeBag<'a>> {
Ok(cryptography_x509::pkcs12::SafeBag {
_bag_id: asn1::DefinedByMarker::marker(),
- bag_value:
asn1::Explicit::new(cryptography_x509::pkcs12::BagValue::CertBag(
+ bag_value:
asn1::Explicit::new(cryptography_x509::pkcs12::BagValue::CertBag(Box::new(
cryptography_x509::pkcs12::CertBag {
_cert_id: asn1::DefinedByMarker::marker(),
cert_value:
asn1::Explicit::new(cryptography_x509::pkcs12::CertType::X509(
asn1::OctetStringEncoded::new(cert.raw.borrow_dependent().clone()),
)),
},
- )),
+ ))),
attributes: pkcs12_attributes(friendly_name, local_key_id)?,
})
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-44.0.2/src/rust/src/pkcs7.rs
new/cryptography-44.0.3/src/rust/src/pkcs7.rs
--- old/cryptography-44.0.2/src/rust/src/pkcs7.rs 2025-03-02
00:53:51.000000000 +0100
+++ new/cryptography-44.0.3/src/rust/src/pkcs7.rs 2025-05-02
21:28:28.000000000 +0200
@@ -686,7 +686,7 @@
let nid_string = nid.map_or("empty".to_string(), |n|
n.as_raw().to_string());
return Err(CryptographyError::from(
exceptions::UnsupportedAlgorithm::new_err((
- format!("Only basic signed structures are currently supported.
NID for this data was {}", nid_string),
+ format!("Only basic signed structures are currently supported.
NID for this data was {nid_string}"),
exceptions::Reasons::UNSUPPORTED_SERIALIZATION,
)),
));
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-44.0.2/src/rust/src/test_support.rs
new/cryptography-44.0.3/src/rust/src/test_support.rs
--- old/cryptography-44.0.2/src/rust/src/test_support.rs 2025-03-02
00:53:51.000000000 +0100
+++ new/cryptography-44.0.3/src/rust/src/test_support.rs 2025-05-02
21:28:28.000000000 +0200
@@ -2,6 +2,13 @@
// 2.0, and the BSD License. See the LICENSE file in the root of this
repository
// for complete details.
+use asn1::SimpleAsn1Readable;
+use cryptography_x509::certificate::Certificate;
+use cryptography_x509::common::Time;
+use cryptography_x509::name::Name;
+#[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))]
+use pyo3::prelude::PyAnyMethods;
+
#[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))]
use crate::buf::CffiBuf;
use crate::error::CryptographyResult;
@@ -9,12 +16,6 @@
use crate::types;
#[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))]
use crate::x509::certificate::Certificate as PyCertificate;
-use asn1::SimpleAsn1Readable;
-use cryptography_x509::certificate::Certificate;
-use cryptography_x509::common::Time;
-use cryptography_x509::name::Name;
-#[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))]
-use pyo3::prelude::PyAnyMethods;
#[pyo3::pyclass(frozen, module =
"cryptography.hazmat.bindings._rust.test_support")]
struct TestCertificate {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-44.0.2/src/rust/src/x509/certificate.rs
new/cryptography-44.0.3/src/rust/src/x509/certificate.rs
--- old/cryptography-44.0.2/src/rust/src/x509/certificate.rs 2025-03-02
00:53:51.000000000 +0100
+++ new/cryptography-44.0.3/src/rust/src/x509/certificate.rs 2025-05-02
21:28:28.000000000 +0200
@@ -6,16 +6,15 @@
use std::hash::{Hash, Hasher};
use cryptography_x509::certificate::Certificate as RawCertificate;
-use cryptography_x509::common::Asn1Read;
-use cryptography_x509::common::{AlgorithmParameters, Asn1ReadableOrWritable};
+use cryptography_x509::common::{AlgorithmParameters, Asn1Read,
Asn1ReadableOrWritable};
use cryptography_x509::extensions::{
Admission, Admissions, AuthorityKeyIdentifier, BasicConstraints,
DisplayText,
DistributionPoint, DistributionPointName, DuplicateExtensionsError,
ExtendedKeyUsage,
- IssuerAlternativeName, KeyUsage, MSCertificateTemplate, NameConstraints,
NamingAuthority,
- PolicyConstraints, PolicyInformation, PolicyQualifierInfo, ProfessionInfo,
Qualifier,
- RawExtensions, SequenceOfAccessDescriptions, SequenceOfSubtrees,
UserNotice,
+ Extension, IssuerAlternativeName, KeyUsage, MSCertificateTemplate,
NameConstraints,
+ NamingAuthority, PolicyConstraints, PolicyInformation,
PolicyQualifierInfo, ProfessionInfo,
+ Qualifier, RawExtensions, SequenceOfAccessDescriptions, SequenceOfSubtrees,
+ SubjectAlternativeName, UserNotice,
};
-use cryptography_x509::extensions::{Extension, SubjectAlternativeName};
use cryptography_x509::{common, oid};
use cryptography_x509_verification::ops::CryptoOps;
use pyo3::types::{PyAnyMethods, PyListMethods};
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-44.0.2/src/rust/src/x509/common.rs
new/cryptography-44.0.3/src/rust/src/x509/common.rs
--- old/cryptography-44.0.2/src/rust/src/x509/common.rs 2025-03-02
00:53:51.000000000 +0100
+++ new/cryptography-44.0.3/src/rust/src/x509/common.rs 2025-05-02
21:28:28.000000000 +0200
@@ -7,8 +7,7 @@
AccessDescription, DuplicateExtensionsError, Extension, Extensions,
RawExtensions,
};
use cryptography_x509::name::{GeneralName, Name, NameReadable, OtherName,
UnvalidatedIA5String};
-use pyo3::types::IntoPyDict;
-use pyo3::types::{PyAnyMethods, PyListMethods};
+use pyo3::types::{IntoPyDict, PyAnyMethods, PyListMethods};
use crate::asn1::{oid_to_py_oid, py_oid_to_oid};
use crate::error::{CryptographyError, CryptographyResult};
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-44.0.2/src/rust/src/x509/crl.rs
new/cryptography-44.0.3/src/rust/src/x509/crl.rs
--- old/cryptography-44.0.2/src/rust/src/x509/crl.rs 2025-03-02
00:53:51.000000000 +0100
+++ new/cryptography-44.0.3/src/rust/src/x509/crl.rs 2025-05-02
21:28:28.000000000 +0200
@@ -4,15 +4,13 @@
use std::sync::Arc;
-use cryptography_x509::extensions::{Extension, IssuerAlternativeName};
-use cryptography_x509::{
- common::{self, Asn1Read},
- crl::{
- self, CertificateRevocationList as RawCertificateRevocationList,
- RevokedCertificate as RawRevokedCertificate,
- },
- name, oid,
+use cryptography_x509::common::{self, Asn1Read};
+use cryptography_x509::crl::{
+ self, CertificateRevocationList as RawCertificateRevocationList,
+ RevokedCertificate as RawRevokedCertificate,
};
+use cryptography_x509::extensions::{Extension, IssuerAlternativeName};
+use cryptography_x509::{name, oid};
use pyo3::types::{PyAnyMethods, PyListMethods, PySliceMethods};
use crate::asn1::{
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-44.0.2/src/rust/src/x509/csr.rs
new/cryptography-44.0.3/src/rust/src/x509/csr.rs
--- old/cryptography-44.0.2/src/rust/src/x509/csr.rs 2025-03-02
00:53:51.000000000 +0100
+++ new/cryptography-44.0.3/src/rust/src/x509/csr.rs 2025-05-02
21:28:28.000000000 +0200
@@ -13,7 +13,8 @@
use crate::asn1::{encode_der_data, oid_to_py_oid, py_oid_to_oid};
use crate::backend::keys;
use crate::error::{CryptographyError, CryptographyResult};
-use crate::x509::{certificate, common::cstr_from_literal, sign};
+use crate::x509::common::cstr_from_literal;
+use crate::x509::{certificate, sign};
use crate::{exceptions, types, x509};
self_cell::self_cell!(
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-44.0.2/src/rust/src/x509/extensions.rs
new/cryptography-44.0.3/src/rust/src/x509/extensions.rs
--- old/cryptography-44.0.2/src/rust/src/x509/extensions.rs 2025-03-02
00:53:51.000000000 +0100
+++ new/cryptography-44.0.3/src/rust/src/x509/extensions.rs 2025-05-02
21:28:28.000000000 +0200
@@ -2,14 +2,15 @@
// 2.0, and the BSD License. See the LICENSE file in the root of this
repository
// for complete details.
-use cryptography_x509::{common::Asn1Write, crl, extensions, oid};
+use cryptography_x509::common::Asn1Write;
+use cryptography_x509::{crl, extensions, oid};
+use pyo3::pybacked::PyBackedStr;
+use pyo3::types::PyAnyMethods;
use crate::asn1::{py_oid_to_oid, py_uint_to_big_endian_bytes};
use crate::error::{CryptographyError, CryptographyResult};
use crate::x509::{certificate, sct};
use crate::{types, x509};
-use pyo3::pybacked::PyBackedStr;
-use pyo3::types::PyAnyMethods;
fn encode_general_subtrees<'a>(
py: pyo3::Python<'_>,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-44.0.2/src/rust/src/x509/ocsp_req.rs
new/cryptography-44.0.3/src/rust/src/x509/ocsp_req.rs
--- old/cryptography-44.0.2/src/rust/src/x509/ocsp_req.rs 2025-03-02
00:53:51.000000000 +0100
+++ new/cryptography-44.0.3/src/rust/src/x509/ocsp_req.rs 2025-05-02
21:28:28.000000000 +0200
@@ -2,11 +2,8 @@
// 2.0, and the BSD License. See the LICENSE file in the root of this
repository
// for complete details.
-use cryptography_x509::{
- common,
- ocsp_req::{self, OCSPRequest as RawOCSPRequest},
- oid,
-};
+use cryptography_x509::ocsp_req::{self, OCSPRequest as RawOCSPRequest};
+use cryptography_x509::{common, oid};
use pyo3::types::{PyAnyMethods, PyListMethods};
use crate::asn1::{big_byte_slice_to_py_int, oid_to_py_oid,
py_uint_to_big_endian_bytes};
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-44.0.2/src/rust/src/x509/ocsp_resp.rs
new/cryptography-44.0.3/src/rust/src/x509/ocsp_resp.rs
--- old/cryptography-44.0.2/src/rust/src/x509/ocsp_resp.rs 2025-03-02
00:53:51.000000000 +0100
+++ new/cryptography-44.0.3/src/rust/src/x509/ocsp_resp.rs 2025-05-02
21:28:28.000000000 +0200
@@ -4,12 +4,10 @@
use std::sync::Arc;
-use cryptography_x509::ocsp_resp::SingleResponse;
-use cryptography_x509::{
- common,
- ocsp_resp::{self, OCSPResponse as RawOCSPResponse, SingleResponse as
RawSingleResponse},
- oid,
+use cryptography_x509::ocsp_resp::{
+ self, OCSPResponse as RawOCSPResponse, SingleResponse, SingleResponse as
RawSingleResponse,
};
+use cryptography_x509::{common, oid};
use pyo3::types::{PyAnyMethods, PyBytesMethods, PyListMethods};
use crate::asn1::{big_byte_slice_to_py_int, oid_to_py_oid};
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-44.0.2/src/rust/src/x509/verify.rs
new/cryptography-44.0.3/src/rust/src/x509/verify.rs
--- old/cryptography-44.0.2/src/rust/src/x509/verify.rs 2025-03-02
00:53:51.000000000 +0100
+++ new/cryptography-44.0.3/src/rust/src/x509/verify.rs 2025-05-02
21:28:28.000000000 +0200
@@ -2,17 +2,16 @@
// 2.0, and the BSD License. See the LICENSE file in the root of this
repository
// for complete details.
-use cryptography_x509::{
- certificate::Certificate, extensions::SubjectAlternativeName,
oid::SUBJECT_ALTERNATIVE_NAME_OID,
-};
-use cryptography_x509_verification::{
- ops::{CryptoOps, VerificationCertificate},
- policy::{Policy, Subject},
- trust_store::Store,
- types::{DNSName, IPAddress},
-};
+use cryptography_x509::certificate::Certificate;
+use cryptography_x509::extensions::SubjectAlternativeName;
+use cryptography_x509::oid::SUBJECT_ALTERNATIVE_NAME_OID;
+use cryptography_x509_verification::ops::{CryptoOps, VerificationCertificate};
+use cryptography_x509_verification::policy::{Policy, Subject};
+use cryptography_x509_verification::trust_store::Store;
+use cryptography_x509_verification::types::{DNSName, IPAddress};
use pyo3::types::{PyAnyMethods, PyListMethods};
+use super::parse_general_names;
use crate::backend::keys;
use crate::error::{CryptographyError, CryptographyResult};
use crate::types;
@@ -20,8 +19,6 @@
use crate::x509::common::{datetime_now, datetime_to_py, py_to_datetime};
use crate::x509::sign;
-use super::parse_general_names;
-
pub(crate) struct PyCryptoOps {}
impl CryptoOps for PyCryptoOps {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/cryptography-44.0.2/tests/hazmat/backends/test_openssl.py
new/cryptography-44.0.3/tests/hazmat/backends/test_openssl.py
--- old/cryptography-44.0.2/tests/hazmat/backends/test_openssl.py
2025-03-02 00:53:51.000000000 +0100
+++ new/cryptography-44.0.3/tests/hazmat/backends/test_openssl.py
2025-05-02 21:28:28.000000000 +0200
@@ -126,7 +126,10 @@
def test_rsa_padding_supported_pss(self):
assert (
backend.rsa_padding_supported(
- padding.PSS(mgf=padding.MGF1(hashes.SHA1()), salt_length=0)
+ padding.PSS(
+ mgf=padding.MGF1(hashes.SHA256()),
+ salt_length=padding.PSS.DIGEST_LENGTH,
+ )
)
is True
)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/cryptography-44.0.2/tests/hazmat/primitives/test_rsa.py
new/cryptography-44.0.3/tests/hazmat/primitives/test_rsa.py
--- old/cryptography-44.0.2/tests/hazmat/primitives/test_rsa.py 2025-03-02
00:53:51.000000000 +0100
+++ new/cryptography-44.0.3/tests/hazmat/primitives/test_rsa.py 2025-05-02
21:28:28.000000000 +0200
@@ -530,11 +530,20 @@
hashes.SHA1(),
)
+ @pytest.mark.supported(
+ only_if=lambda backend: backend.rsa_padding_supported(
+ padding.PSS(
+ mgf=padding.MGF1(hashes.SHA256()),
+ salt_length=padding.PSS.MAX_LENGTH,
+ )
+ ),
+ skip_message="Does not support PSS with these parameters.",
+ )
@pytest.mark.parametrize(
"hash_alg",
[hashes.SHA224(), hashes.SHA256(), hashes.SHA384(), hashes.SHA512()],
)
- def test_pss_signing_sha2(self, rsa_key_2048, hash_alg, backend):
+ def test_pss_sha2_max_length(self, rsa_key_2048, hash_alg, backend):
_skip_pss_hash_algorithm_unsupported(backend, hash_alg)
private_key = rsa_key_2048
public_key = private_key.public_key()
@@ -1067,7 +1076,7 @@
salt_length=padding.PSS.AUTO,
)
),
- skip_message="Does not support PSS.",
+ skip_message="Does not support PSS with these parameters.",
)
def test_pss_verify_auto_salt_length(
self, rsa_key_2048: rsa.RSAPrivateKey, backend
@@ -1207,7 +1216,7 @@
public_key = private_key.public_key()
pss_padding = padding.PSS(
mgf=padding.MGF1(algorithm=hashes.SHA256()),
- salt_length=padding.PSS.MAX_LENGTH,
+ salt_length=padding.PSS.DIGEST_LENGTH,
)
signature = private_key.sign(b"sign me", pss_padding, hashes.SHA256())
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-44.0.2/tests/wycheproof/test_rsa.py
new/cryptography-44.0.3/tests/wycheproof/test_rsa.py
--- old/cryptography-44.0.2/tests/wycheproof/test_rsa.py 2025-03-02
00:53:51.000000000 +0100
+++ new/cryptography-44.0.3/tests/wycheproof/test_rsa.py 2025-05-02
21:28:28.000000000 +0200
@@ -138,18 +138,7 @@
)
def test_rsa_pss_signature(backend, wycheproof):
digest = _DIGESTS[wycheproof.testgroup["sha"]]
- if backend._fips_enabled and isinstance(digest, hashes.SHA1):
- pytest.skip("Invalid params for FIPS. SHA1 is disallowed")
-
- key = wycheproof.cache_value_to_group(
- "cached_key",
- lambda: serialization.load_der_public_key(
- binascii.unhexlify(wycheproof.testgroup["keyDer"]),
- ),
- )
- assert isinstance(key, rsa.RSAPublicKey)
mgf_digest = _DIGESTS[wycheproof.testgroup["mgfSha"]]
-
if digest is None or mgf_digest is None:
pytest.skip(
"PSS with digest={} and MGF digest={} not supported".format(
@@ -157,6 +146,23 @@
wycheproof.testgroup["mgfSha"],
)
)
+ if backend._fips_enabled and (
+ isinstance(digest, hashes.SHA1)
+ or isinstance(mgf_digest, hashes.SHA1)
+ # FIPS 186-4 only allows salt length == digest length for PSS
+ or wycheproof.testgroup["sLen"] != mgf_digest.digest_size
+ # inner MGF1 hash must match outer hash
+ or wycheproof.testgroup["sha"] != wycheproof.testgroup["mgfSha"]
+ ):
+ pytest.skip("Invalid params for FIPS")
+
+ key = wycheproof.cache_value_to_group(
+ "cached_key",
+ lambda: serialization.load_der_public_key(
+ binascii.unhexlify(wycheproof.testgroup["keyDer"]),
+ ),
+ )
+ assert isinstance(key, rsa.RSAPublicKey)
if wycheproof.valid or wycheproof.acceptable:
key.verify(
@@ -202,6 +208,11 @@
"rsa_oaep_misc_test.json",
)
def test_rsa_oaep_encryption(backend, wycheproof):
+ if backend._fips_enabled and wycheproof.has_flag("SmallIntegerCiphertext"):
+ pytest.skip(
+ "Small integer ciphertexts are rejected in OpenSSL 3.5 FIPS"
+ )
+
digest = _DIGESTS[wycheproof.testgroup["sha"]]
mgf_digest = _DIGESTS[wycheproof.testgroup["mgfSha"]]
assert digest is not None
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-44.0.2/tests/wycheproof/test_x25519.py
new/cryptography-44.0.3/tests/wycheproof/test_x25519.py
--- old/cryptography-44.0.2/tests/wycheproof/test_x25519.py 2025-03-02
00:53:51.000000000 +0100
+++ new/cryptography-44.0.3/tests/wycheproof/test_x25519.py 2025-05-02
21:28:28.000000000 +0200
@@ -20,10 +20,8 @@
)
@wycheproof_tests("x25519_test.json")
def test_x25519(backend, wycheproof):
- assert set(wycheproof.testgroup.items()) == {
- ("curve", "curve25519"),
- ("type", "XdhComp"),
- }
+ assert wycheproof.testgroup["curve"] == "curve25519"
+ assert wycheproof.testgroup["type"] == "XdhComp"
private_key = X25519PrivateKey.from_private_bytes(
binascii.unhexlify(wycheproof.testcase["private"])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-44.0.2/tests/wycheproof/test_x448.py
new/cryptography-44.0.3/tests/wycheproof/test_x448.py
--- old/cryptography-44.0.2/tests/wycheproof/test_x448.py 2025-03-02
00:53:51.000000000 +0100
+++ new/cryptography-44.0.3/tests/wycheproof/test_x448.py 2025-05-02
21:28:28.000000000 +0200
@@ -20,10 +20,8 @@
)
@wycheproof_tests("x448_test.json")
def test_x448(backend, wycheproof):
- assert set(wycheproof.testgroup.items()) == {
- ("curve", "curve448"),
- ("type", "XdhComp"),
- }
+ assert wycheproof.testgroup["curve"] == "curve448"
+ assert wycheproof.testgroup["type"] == "XdhComp"
private_key = X448PrivateKey.from_private_bytes(
binascii.unhexlify(wycheproof.testcase["private"])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/cryptography-44.0.2/tests/x509/test_x509.py
new/cryptography-44.0.3/tests/x509/test_x509.py
--- old/cryptography-44.0.2/tests/x509/test_x509.py 2025-03-02
00:53:51.000000000 +0100
+++ new/cryptography-44.0.3/tests/x509/test_x509.py 2025-05-02
21:28:28.000000000 +0200
@@ -852,7 +852,7 @@
assert isinstance(pss, padding.PSS)
assert isinstance(pss._mgf, padding.MGF1)
assert isinstance(pss._mgf._algorithm, hashes.SHA256)
- assert pss._salt_length == 222
+ assert pss._salt_length == 32
assert isinstance(cert.signature_hash_algorithm, hashes.SHA256)
pub_key.verify(
cert.signature,
@@ -2855,6 +2855,11 @@
computed_len,
backend,
):
+ pss = padding.PSS(
+ mgf=padding.MGF1(hashes.SHA256()), salt_length=padding_len
+ )
+ if not backend.rsa_padding_supported(pss):
+ pytest.skip("PSS padding with these parameters not supported")
builder = (
x509.CertificateBuilder()
.subject_name(
@@ -2868,9 +2873,6 @@
.not_valid_before(datetime.datetime(2020, 1, 1))
.not_valid_after(datetime.datetime(2038, 1, 1))
)
- pss = padding.PSS(
- mgf=padding.MGF1(hashes.SHA256()), salt_length=padding_len
- )
cert = builder.sign(rsa_key_2048, hashes.SHA256(), rsa_padding=pss)
assert isinstance(cert.signature_algorithm_parameters, padding.PSS)
assert cert.signature_algorithm_parameters._salt_length == computed_len
@@ -5286,6 +5288,12 @@
computed_len,
backend,
):
+ pss = padding.PSS(
+ mgf=padding.MGF1(hashes.SHA256()), salt_length=padding_len
+ )
+ if not backend.rsa_padding_supported(pss):
+ pytest.skip("PSS padding with these parameters not supported")
+
builder = x509.CertificateSigningRequestBuilder().subject_name(
x509.Name([x509.NameAttribute(NameOID.COUNTRY_NAME, "US")])
)
++++++ no-pytest_benchmark.patch ++++++
--- /var/tmp/diff_new_pack.489Zyw/_old 2025-05-13 20:12:08.883655040 +0200
+++ /var/tmp/diff_new_pack.489Zyw/_new 2025-05-13 20:12:08.915656383 +0200
@@ -1,10 +1,10 @@
-Index: cryptography-44.0.2/pyproject.toml
+Index: cryptography-44.0.3/pyproject.toml
===================================================================
---- cryptography-44.0.2.orig/pyproject.toml
-+++ cryptography-44.0.2/pyproject.toml
+--- cryptography-44.0.3.orig/pyproject.toml
++++ cryptography-44.0.3/pyproject.toml
@@ -67,8 +67,6 @@ nox = ["nox >=2024.04.15", "nox[uv] >=20
test = [
- "cryptography_vectors==44.0.2",
+ "cryptography_vectors==44.0.3",
"pytest >=7.4.0",
- "pytest-benchmark >=4.0",
- "pytest-cov >=2.10.1",
@@ -54,10 +54,10 @@
[tool.ruff]
line-length = 79
-Index: cryptography-44.0.2/tests/bench/test_aead.py
+Index: cryptography-44.0.3/tests/bench/test_aead.py
===================================================================
---- cryptography-44.0.2.orig/tests/bench/test_aead.py
-+++ cryptography-44.0.2/tests/bench/test_aead.py
+--- cryptography-44.0.3.orig/tests/bench/test_aead.py
++++ cryptography-44.0.3/tests/bench/test_aead.py
@@ -26,84 +26,84 @@ def _aead_supported(cls):
not _aead_supported(ChaCha20Poly1305),
reason="Requires OpenSSL with ChaCha20Poly1305 support",
@@ -163,10 +163,10 @@
ct = aes.encrypt(b"\x00" * 12, b"hello world plaintext", None)
- benchmark(aes.decrypt, b"\x00" * 12, ct, None)
+ aes.decrypt(b"\x00" * 12, ct, None)
-Index: cryptography-44.0.2/tests/bench/test_ec_load.py
+Index: cryptography-44.0.3/tests/bench/test_ec_load.py
===================================================================
---- cryptography-44.0.2.orig/tests/bench/test_ec_load.py
-+++ cryptography-44.0.2/tests/bench/test_ec_load.py
+--- cryptography-44.0.3.orig/tests/bench/test_ec_load.py
++++ cryptography-44.0.3/tests/bench/test_ec_load.py
@@ -5,9 +5,9 @@
from ..hazmat.primitives.fixtures_ec import EC_KEY_SECP256R1
@@ -181,10 +181,10 @@
- benchmark(EC_KEY_SECP256R1.private_key)
+def test_load_ec_private_numbers():
+ EC_KEY_SECP256R1.private_key()
-Index: cryptography-44.0.2/tests/bench/test_hashes.py
+Index: cryptography-44.0.3/tests/bench/test_hashes.py
===================================================================
---- cryptography-44.0.2.orig/tests/bench/test_hashes.py
-+++ cryptography-44.0.2/tests/bench/test_hashes.py
+--- cryptography-44.0.3.orig/tests/bench/test_hashes.py
++++ cryptography-44.0.3/tests/bench/test_hashes.py
@@ -5,10 +5,10 @@
from cryptography.hazmat.primitives import hashes
@@ -198,10 +198,10 @@
- benchmark(bench)
+ bench()
-Index: cryptography-44.0.2/tests/bench/test_hmac.py
+Index: cryptography-44.0.3/tests/bench/test_hmac.py
===================================================================
---- cryptography-44.0.2.orig/tests/bench/test_hmac.py
-+++ cryptography-44.0.2/tests/bench/test_hmac.py
+--- cryptography-44.0.3.orig/tests/bench/test_hmac.py
++++ cryptography-44.0.3/tests/bench/test_hmac.py
@@ -5,10 +5,10 @@
from cryptography.hazmat.primitives import hashes, hmac
@@ -215,10 +215,10 @@
- benchmark(bench)
+ bench()
-Index: cryptography-44.0.2/tests/bench/test_x509.py
+Index: cryptography-44.0.3/tests/bench/test_x509.py
===================================================================
---- cryptography-44.0.2.orig/tests/bench/test_x509.py
-+++ cryptography-44.0.2/tests/bench/test_x509.py
+--- cryptography-44.0.3.orig/tests/bench/test_x509.py
++++ cryptography-44.0.3/tests/bench/test_x509.py
@@ -13,40 +13,40 @@ from cryptography import x509
from ..utils import load_vectors_from_file
++++++ vendor.tar.zst ++++++
++++ 548092 lines of diff (skipped)
