Update to pyo3-0.23 (#11954)

* WIP: Update to pyo3-0.23

* update Cargo.toml

* fix lifetime error

* avoid unnecessary allocations constructing warning messages

* point at 0.23 on crates.io

* add _str_ref_to_cstr_ref helper for constructing warnings

* use null-terminated strings

* fix inline null typos

* add cstr_from_literal macro for constructing warnings

Author: ngoldbaum

Cargo.lock

@@ -20,7 +20,7 @@ rust-version = "1.65.0"
 
 [workspace.dependencies]
 asn1 = { version = "0.18.0", default-features = false }
-pyo3 = { version = "0.22.6", features = ["abi3"] }
+pyo3 = { version = "0.23.0", features = ["abi3"] }
 
 [profile.release]
 overflow-checks = true

Cargo.toml

@@ -6,7 +6,7 @@ use cryptography_x509::common::{DssSignature, SubjectPublicKeyInfo};
 use pyo3::pybacked::PyBackedBytes;
 use pyo3::types::IntoPyDict;
 use pyo3::types::PyAnyMethods;
-use pyo3::ToPyObject;
+use pyo3::IntoPyObject;
 
 use crate::error::{CryptographyError, CryptographyResult};
 use crate::types;
@@ -38,7 +38,7 @@ fn parse_spki_for_data<'p>(
         return Err(pyo3::exceptions::PyValueError::new_err("Invalid public key encoding").into());
     }
 
-    Ok(pyo3::types::PyBytes::new_bound(
+    Ok(pyo3::types::PyBytes::new(
         py,
         spki.subject_public_key.as_bytes(),
     ))
@@ -48,8 +48,8 @@ pub(crate) fn big_byte_slice_to_py_int<'p>(
     py: pyo3::Python<'p>,
     v: &'_ [u8],
 ) -> pyo3::PyResult<pyo3::Bound<'p, pyo3::PyAny>> {
-    let int_type = py.get_type_bound::<pyo3::types::PyLong>();
-    let kwargs = [("signed", true)].into_py_dict_bound(py);
+    let int_type = py.get_type::<pyo3::types::PyInt>();
+    let kwargs = [("signed", true)].into_py_dict(py)?;
     int_type.call_method(pyo3::intern!(py, "from_bytes"), (v, "big"), Some(&kwargs))
 }
 
@@ -64,12 +64,14 @@ fn decode_dss_signature(
         big_byte_slice_to_py_int(py, sig.r.as_bytes())?,
         big_byte_slice_to_py_int(py, sig.s.as_bytes())?,
     )
-        .to_object(py))
+        .into_pyobject(py)?
+        .into_any()
+        .unbind())
 }
 
 pub(crate) fn py_uint_to_big_endian_bytes<'p>(
     py: pyo3::Python<'p>,
-    v: pyo3::Bound<'p, pyo3::types::PyLong>,
+    v: pyo3::Bound<'p, pyo3::types::PyInt>,
 ) -> pyo3::PyResult<PyBackedBytes> {
     if v.lt(0)? {
         return Err(pyo3::exceptions::PyValueError::new_err(
@@ -96,9 +98,9 @@ pub(crate) fn encode_der_data<'p>(
     encoding: &pyo3::Bound<'p, pyo3::PyAny>,
 ) -> CryptographyResult<pyo3::Bound<'p, pyo3::types::PyBytes>> {
     if encoding.is(&types::ENCODING_DER.get(py)?) {
-        Ok(pyo3::types::PyBytes::new_bound(py, &data))
+        Ok(pyo3::types::PyBytes::new(py, &data))
     } else if encoding.is(&types::ENCODING_PEM.get(py)?) {
-        Ok(pyo3::types::PyBytes::new_bound(
+        Ok(pyo3::types::PyBytes::new(
             py,
             &pem::encode_config(
                 &pem::Pem::new(pem_tag, data),
@@ -117,8 +119,8 @@ pub(crate) fn encode_der_data<'p>(
 #[pyo3::pyfunction]
 fn encode_dss_signature<'p>(
     py: pyo3::Python<'p>,
-    r: pyo3::Bound<'_, pyo3::types::PyLong>,
-    s: pyo3::Bound<'_, pyo3::types::PyLong>,
+    r: pyo3::Bound<'_, pyo3::types::PyInt>,
+    s: pyo3::Bound<'_, pyo3::types::PyInt>,
 ) -> CryptographyResult<pyo3::Bound<'p, pyo3::types::PyBytes>> {
     let r_bytes = py_uint_to_big_endian_bytes(py, r)?;
     let s_bytes = py_uint_to_big_endian_bytes(py, s)?;
@@ -127,7 +129,7 @@ fn encode_dss_signature<'p>(
         s: asn1::BigUint::new(&s_bytes).unwrap(),
     };
     let result = asn1::write_single(&sig)?;
-    Ok(pyo3::types::PyBytes::new_bound(py, &result))
+    Ok(pyo3::types::PyBytes::new(py, &result))
 }
 
 #[pyo3::pymodule]

src/rust/src/asn1.rs

@@ -172,7 +172,7 @@ impl EvpCipherAead {
 
         Self::process_aad(&mut ctx, aad)?;
 
-        Ok(pyo3::types::PyBytes::new_bound_with(
+        Ok(pyo3::types::PyBytes::new_with(
             py,
             plaintext.len() + tag_len,
             |b| {
@@ -254,7 +254,7 @@ impl EvpCipherAead {
 
         Self::process_aad(&mut ctx, aad)?;
 
-        Ok(pyo3::types::PyBytes::new_bound_with(
+        Ok(pyo3::types::PyBytes::new_with(
             py,
             ciphertext_data.len(),
             |b| {
@@ -399,7 +399,7 @@ impl EvpAead {
             assert!(aad.is_none());
             b""
         };
-        Ok(pyo3::types::PyBytes::new_bound_with(
+        Ok(pyo3::types::PyBytes::new_with(
             py,
             plaintext.len() + self.tag_len,
             |b| {
@@ -430,7 +430,7 @@ impl EvpAead {
             b""
         };
 
-        Ok(pyo3::types::PyBytes::new_bound_with(
+        Ok(pyo3::types::PyBytes::new_with(
             py,
             ciphertext.len() - self.tag_len,
             |b| {

src/rust/src/backend/aead.rs

@@ -8,7 +8,7 @@ use crate::error::{CryptographyError, CryptographyResult};
 use crate::exceptions;
 use crate::types;
 use pyo3::types::PyAnyMethods;
-use pyo3::IntoPy;
+use pyo3::IntoPyObject;
 
 pub(crate) struct CipherContext {
     ctx: openssl::cipher_ctx::CipherCtx,
@@ -160,7 +160,7 @@ impl CipherContext {
     ) -> CryptographyResult<pyo3::Bound<'p, pyo3::types::PyBytes>> {
         let mut buf = vec![0; data.len() + self.ctx.block_size()];
         let n = self.update_into(py, data, &mut buf)?;
-        Ok(pyo3::types::PyBytes::new_bound(py, &buf[..n]))
+        Ok(pyo3::types::PyBytes::new(py, &buf[..n]))
     }
 
     pub(crate) fn update_into(
@@ -224,7 +224,7 @@ impl CipherContext {
                 ),
             ))
         })?;
-        Ok(pyo3::types::PyBytes::new_bound(py, &out_buf[..n]))
+        Ok(pyo3::types::PyBytes::new(py, &out_buf[..n]))
     }
 }
 
@@ -359,7 +359,7 @@ impl PyAEADEncryptionContext {
         let result = ctx.finalize(py)?;
 
         // XXX: do not hard code 16
-        let tag = pyo3::types::PyBytes::new_bound_with(py, 16, |t| {
+        let tag = pyo3::types::PyBytes::new_with(py, 16, |t| {
             ctx.ctx.tag(t).map_err(CryptographyError::from)?;
             Ok(())
         })?;
@@ -539,9 +539,14 @@ fn create_encryption_ctx(
                 .getattr(pyo3::intern!(py, "_MAX_AAD_BYTES"))?
                 .extract()?,
         }
-        .into_py(py))
+        .into_pyobject(py)?
+        .into_any()
+        .unbind())
     } else {
-        Ok(PyCipherContext { ctx: Some(ctx) }.into_py(py))
+        Ok(PyCipherContext { ctx: Some(ctx) }
+            .into_pyobject(py)?
+            .into_any()
+            .unbind())
     }
 }
 
@@ -571,9 +576,14 @@ fn create_decryption_ctx(
                 .getattr(pyo3::intern!(py, "_MAX_AAD_BYTES"))?
                 .extract()?,
         }
-        .into_py(py))
+        .into_pyobject(py)?
+        .into_any()
+        .unbind())
     } else {
-        Ok(PyCipherContext { ctx: Some(ctx) }.into_py(py))
+        Ok(PyCipherContext { ctx: Some(ctx) }
+            .into_pyobject(py)?
+            .into_any()
+            .unbind())
     }
 }
 

src/rust/src/backend/ciphers.rs

@@ -77,7 +77,7 @@ impl Cmac {
     ) -> CryptographyResult<pyo3::Bound<'p, pyo3::types::PyBytes>> {
         let data = self.get_mut_ctx()?.finish()?;
         self.ctx = None;
-        Ok(pyo3::types::PyBytes::new_bound(py, &data))
+        Ok(pyo3::types::PyBytes::new(py, &data))
     }
 
     fn verify(&mut self, py: pyo3::Python<'_>, signature: &[u8]) -> CryptographyResult<()> {

src/rust/src/backend/cmac.rs

@@ -149,7 +149,7 @@ impl DHPrivateKey {
             .map_err(|_| pyo3::exceptions::PyValueError::new_err("Error computing shared key."))?;
 
         let len = deriver.len()?;
-        Ok(pyo3::types::PyBytes::new_bound_with(py, len, |b| {
+        Ok(pyo3::types::PyBytes::new_with(py, len, |b| {
             let n = deriver.derive(b).unwrap();
 
             let pad = b.len() - n;
@@ -363,34 +363,34 @@ impl DHParameters {
 #[pyo3::pyclass(frozen, module = "cryptography.hazmat.primitives.asymmetric.dh")]
 struct DHPrivateNumbers {
     #[pyo3(get)]
-    x: pyo3::Py<pyo3::types::PyLong>,
+    x: pyo3::Py<pyo3::types::PyInt>,
     #[pyo3(get)]
     public_numbers: pyo3::Py<DHPublicNumbers>,
 }
 
 #[pyo3::pyclass(frozen, module = "cryptography.hazmat.primitives.asymmetric.dh")]
 struct DHPublicNumbers {
     #[pyo3(get)]
-    y: pyo3::Py<pyo3::types::PyLong>,
+    y: pyo3::Py<pyo3::types::PyInt>,
     #[pyo3(get)]
     parameter_numbers: pyo3::Py<DHParameterNumbers>,
 }
 
 #[pyo3::pyclass(frozen, module = "cryptography.hazmat.primitives.asymmetric.dh")]
 struct DHParameterNumbers {
     #[pyo3(get)]
-    p: pyo3::Py<pyo3::types::PyLong>,
+    p: pyo3::Py<pyo3::types::PyInt>,
     #[pyo3(get)]
-    g: pyo3::Py<pyo3::types::PyLong>,
+    g: pyo3::Py<pyo3::types::PyInt>,
     #[pyo3(get)]
-    q: Option<pyo3::Py<pyo3::types::PyLong>>,
+    q: Option<pyo3::Py<pyo3::types::PyInt>>,
 }
 
 #[pyo3::pymethods]
 impl DHPrivateNumbers {
     #[new]
     fn new(
-        x: pyo3::Py<pyo3::types::PyLong>,
+        x: pyo3::Py<pyo3::types::PyInt>,
         public_numbers: pyo3::Py<DHPublicNumbers>,
     ) -> DHPrivateNumbers {
         DHPrivateNumbers { x, public_numbers }
@@ -428,7 +428,7 @@ impl DHPrivateNumbers {
         py: pyo3::Python<'_>,
         other: pyo3::PyRef<'_, Self>,
     ) -> CryptographyResult<bool> {
-        Ok(self.x.bind(py).eq(other.x.bind(py))?
+        Ok((**self.x.bind(py)).eq(other.x.bind(py))?
             && self
                 .public_numbers
                 .bind(py)
@@ -440,7 +440,7 @@ impl DHPrivateNumbers {
 impl DHPublicNumbers {
     #[new]
     fn new(
-        y: pyo3::Py<pyo3::types::PyLong>,
+        y: pyo3::Py<pyo3::types::PyInt>,
         parameter_numbers: pyo3::Py<DHParameterNumbers>,
     ) -> DHPublicNumbers {
         DHPublicNumbers {
@@ -472,7 +472,7 @@ impl DHPublicNumbers {
         py: pyo3::Python<'_>,
         other: pyo3::PyRef<'_, Self>,
     ) -> CryptographyResult<bool> {
-        Ok(self.y.bind(py).eq(other.y.bind(py))?
+        Ok((**self.y.bind(py)).eq(other.y.bind(py))?
             && self
                 .parameter_numbers
                 .bind(py)
@@ -486,9 +486,9 @@ impl DHParameterNumbers {
     #[pyo3(signature = (p, g, q=None))]
     fn new(
         py: pyo3::Python<'_>,
-        p: pyo3::Py<pyo3::types::PyLong>,
-        g: pyo3::Py<pyo3::types::PyLong>,
-        q: Option<pyo3::Py<pyo3::types::PyLong>>,
+        p: pyo3::Py<pyo3::types::PyInt>,
+        g: pyo3::Py<pyo3::types::PyInt>,
+        q: Option<pyo3::Py<pyo3::types::PyInt>>,
     ) -> CryptographyResult<DHParameterNumbers> {
         if g.bind(py).lt(2)? {
             return Err(CryptographyError::from(
@@ -528,12 +528,12 @@ impl DHParameterNumbers {
         other: pyo3::PyRef<'_, Self>,
     ) -> CryptographyResult<bool> {
         let q_equal = match (self.q.as_ref(), other.q.as_ref()) {
-            (Some(self_q), Some(other_q)) => self_q.bind(py).eq(other_q.bind(py))?,
+            (Some(self_q), Some(other_q)) => (**self_q.bind(py)).eq(other_q.bind(py))?,
             (None, None) => true,
             _ => false,
         };
-        Ok(self.p.bind(py).eq(other.p.bind(py))?
-            && self.g.bind(py).eq(other.g.bind(py))?
+        Ok((**self.p.bind(py)).eq(other.p.bind(py))?
+            && (**self.g.bind(py)).eq(other.g.bind(py))?
             && q_equal)
     }
 }