Attempt to port to pyo3 0.21 more minimally (#10671)

pyca · Apr 1, 2024 · 6c83965 · 6c83965
1 parent ad0ef5e
commit 6c83965
Show file tree

Hide file tree

Showing 8 changed files with 46 additions and 37 deletions.
diff --git a/src/rust/Cargo.lock b/src/rust/Cargo.lock
diff --git a/src/rust/Cargo.toml b/src/rust/Cargo.toml
@@ -10,7 +10,7 @@ rust-version = "1.65.0"
 [dependencies]
 once_cell = "1"
 cfg-if = "1"
-pyo3 = { version = "0.20", features = ["abi3"] }
+pyo3 = { version = "0.21.1", features = ["abi3", "gil-refs"] }
 asn1 = { version = "0.16.1", default-features = false }
 cryptography-cffi = { path = "cryptography-cffi" }
 cryptography-key-parsing = { path = "cryptography-key-parsing" }

diff --git a/src/rust/cryptography-cffi/Cargo.toml b/src/rust/cryptography-cffi/Cargo.toml
@@ -8,7 +8,7 @@ publish = false
 rust-version = "1.65.0"
 
 [dependencies]
-pyo3 = { version = "0.20", features = ["abi3"] }
+pyo3 = { version = "0.21.1", features = ["abi3", "gil-refs"] }
 openssl-sys = "0.9.102"
 
 [build-dependencies]

diff --git a/src/rust/cryptography-cffi/src/lib.rs b/src/rust/cryptography-cffi/src/lib.rs
@@ -4,9 +4,6 @@
 
 #![deny(rust_2018_idioms, clippy::undocumented_unsafe_blocks)]
 
-#[cfg(not(python_implementation = "PyPy"))]
-use pyo3::FromPyPointer;
-
 #[cfg(python_implementation = "PyPy")]
 extern "C" {
     fn Cryptography_make_openssl_module() -> std::os::raw::c_int;
@@ -16,18 +13,20 @@ extern "C" {
     fn PyInit__openssl() -> *mut pyo3::ffi::PyObject;
 }
 
-pub fn create_module(py: pyo3::Python<'_>) -> pyo3::PyResult<&pyo3::types::PyModule> {
+pub fn create_module(
+    py: pyo3::Python<'_>,
+) -> pyo3::PyResult<pyo3::Bound<'_, pyo3::types::PyModule>> {
     #[cfg(python_implementation = "PyPy")]
     let openssl_mod = unsafe {
         let res = Cryptography_make_openssl_module();
         assert_eq!(res, 0);
-        pyo3::types::PyModule::import(py, "_openssl")?
+        pyo3::types::PyModule::import_bound(py, "_openssl")?.clone()
     };
     #[cfg(not(python_implementation = "PyPy"))]
     // SAFETY: `PyInit__openssl` returns an owned reference.
     let openssl_mod = unsafe {
         let ptr = PyInit__openssl();
-        pyo3::types::PyModule::from_owned_ptr(py, ptr)
+        pyo3::Py::from_owned_ptr(py, ptr).bind(py).clone()
     };
 
     Ok(openssl_mod)

diff --git a/src/rust/src/backend/cipher_registry.rs b/src/rust/src/backend/cipher_registry.rs
@@ -259,7 +259,7 @@ fn get_cipher_registry(
         // this should't be necessary but OpenSSL 3 will return an EVP_CIPHER
         // even when the cipher is unavailable.
         if cfg!(not(CRYPTOGRAPHY_OPENSSL_300_OR_GREATER))
-            || types::LEGACY_PROVIDER_LOADED.get(py)?.is_true()?
+            || types::LEGACY_PROVIDER_LOADED.get(py)?.is_truthy()?
         {
             #[cfg(not(CRYPTOGRAPHY_OSSLCONF = "OPENSSL_NO_BF"))]
             {

diff --git a/src/rust/src/backend/ciphers.rs b/src/rust/src/backend/ciphers.rs
@@ -29,7 +29,7 @@ impl CipherContext {
                         format!(
                             "cipher {} in {} mode is not supported ",
                             algorithm.getattr(pyo3::intern!(py, "name"))?,
-                            if mode.is_true()? {
+                            if mode.is_truthy()? {
                                 mode.getattr(pyo3::intern!(py, "name"))?
                             } else {
                                 mode

diff --git a/src/rust/src/lib.rs b/src/rust/src/lib.rs
@@ -115,7 +115,7 @@ fn _rust(py: pyo3::Python<'_>, m: &pyo3::types::PyModule) -> pyo3::PyResult<()>
     crate::x509::ocsp_resp::add_to_module(ocsp_mod)?;
     m.add_submodule(ocsp_mod)?;
 
-    m.add_submodule(cryptography_cffi::create_module(py)?)?;
+    m.add_submodule(cryptography_cffi::create_module(py)?.into_gil_ref())?;
 
     let openssl_mod = pyo3::prelude::PyModule::new(py, "openssl")?;
     openssl_mod.add(

diff --git a/src/rust/src/x509/extensions.rs b/src/rust/src/x509/extensions.rs
@@ -139,51 +139,58 @@ fn encode_key_usage(py: pyo3::Python<'_>, ext: &pyo3::PyAny) -> CryptographyResu
         &mut bs,
         0,
         ext.getattr(pyo3::intern!(py, "digital_signature"))?
-            .is_true()?,
+            .is_truthy()?,
     );
     certificate::set_bit(
         &mut bs,
         1,
         ext.getattr(pyo3::intern!(py, "content_commitment"))?
-            .is_true()?,
+            .is_truthy()?,
     );
     certificate::set_bit(
         &mut bs,
         2,
         ext.getattr(pyo3::intern!(py, "key_encipherment"))?
-            .is_true()?,
+            .is_truthy()?,
     );
     certificate::set_bit(
         &mut bs,
         3,
         ext.getattr(pyo3::intern!(py, "data_encipherment"))?
-            .is_true()?,
+            .is_truthy()?,
     );
     certificate::set_bit(
         &mut bs,
         4,
-        ext.getattr(pyo3::intern!(py, "key_agreement"))?.is_true()?,
+        ext.getattr(pyo3::intern!(py, "key_agreement"))?
+            .is_truthy()?,
     );
     certificate::set_bit(
         &mut bs,
         5,
-        ext.getattr(pyo3::intern!(py, "key_cert_sign"))?.is_true()?,
+        ext.getattr(pyo3::intern!(py, "key_cert_sign"))?
+            .is_truthy()?,
     );
     certificate::set_bit(
         &mut bs,
         6,
-        ext.getattr(pyo3::intern!(py, "crl_sign"))?.is_true()?,
+        ext.getattr(pyo3::intern!(py, "crl_sign"))?.is_truthy()?,
     );
-    if ext.getattr(pyo3::intern!(py, "key_agreement"))?.is_true()? {
+    if ext
+        .getattr(pyo3::intern!(py, "key_agreement"))?
+        .is_truthy()?
+    {
         certificate::set_bit(
             &mut bs,
             7,
-            ext.getattr(pyo3::intern!(py, "encipher_only"))?.is_true()?,
+            ext.getattr(pyo3::intern!(py, "encipher_only"))?
+                .is_truthy()?,
         );
         certificate::set_bit(
             &mut bs,
             8,
-            ext.getattr(pyo3::intern!(py, "decipher_only"))?.is_true()?,
+            ext.getattr(pyo3::intern!(py, "decipher_only"))?
+                .is_truthy()?,
         );
     }
     let (bits, unused_bits) = if bs[1] == 0 {
@@ -208,7 +215,7 @@ fn encode_certificate_policies(
         let py_policy_info = py_policy_info?;
         let py_policy_qualifiers =
             py_policy_info.getattr(pyo3::intern!(py, "policy_qualifiers"))?;
-        let qualifiers = if py_policy_qualifiers.is_true()? {
+        let qualifiers = if py_policy_qualifiers.is_truthy()? {
             let mut qualifiers = vec![];
             for py_qualifier in py_policy_qualifiers.iter()? {
                 let py_qualifier = py_qualifier?;
@@ -228,7 +235,7 @@ fn encode_certificate_policies(
                     }
                 } else {
                     let py_notice = py_qualifier.getattr(pyo3::intern!(py, "notice_reference"))?;
-                    let notice_ref = if py_notice.is_true()? {
+                    let notice_ref = if py_notice.is_truthy()? {
                         let mut notice_numbers = vec![];
                         for py_num in py_notice
                             .getattr(pyo3::intern!(py, "notice_numbers"))?
@@ -255,7 +262,7 @@ fn encode_certificate_policies(
                     };
                     let py_explicit_text =
                         py_qualifier.getattr(pyo3::intern!(py, "explicit_text"))?;
-                    let explicit_text = if py_explicit_text.is_true()? {
+                    let explicit_text = if py_explicit_text.is_truthy()? {
                         Some(extensions::DisplayText::Utf8String(asn1::Utf8String::new(
                             py_explicit_text.extract()?,
                         )))
@@ -296,21 +303,24 @@ fn encode_issuing_distribution_point(
 ) -> CryptographyResult<Vec<u8>> {
     let only_some_reasons = if ext
         .getattr(pyo3::intern!(py, "only_some_reasons"))?
-        .is_true()?
+        .is_truthy()?
     {
         let py_reasons = ext.getattr(pyo3::intern!(py, "only_some_reasons"))?;
         let reasons = certificate::encode_distribution_point_reasons(ext.py(), py_reasons)?;
         Some(common::Asn1ReadableOrWritable::new_write(reasons))
     } else {
         None
     };
-    let distribution_point = if ext.getattr(pyo3::intern!(py, "full_name"))?.is_true()? {
+    let distribution_point = if ext.getattr(pyo3::intern!(py, "full_name"))?.is_truthy()? {
         let py_full_name = ext.getattr(pyo3::intern!(py, "full_name"))?;
         let gns = x509::common::encode_general_names(ext.py(), py_full_name)?;
         Some(extensions::DistributionPointName::FullName(
             common::Asn1ReadableOrWritable::new_write(asn1::SequenceOfWriter::new(gns)),
         ))
-    } else if ext.getattr(pyo3::intern!(py, "relative_name"))?.is_true()? {
+    } else if ext
+        .getattr(pyo3::intern!(py, "relative_name"))?
+        .is_truthy()?
+    {
         let mut name_entries = vec![];
         for py_name_entry in ext.getattr(pyo3::intern!(py, "relative_name"))?.iter()? {
             name_entries.push(x509::common::encode_name_entry(ext.py(), py_name_entry?)?);