updates

Backend/venv/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/__init__.pyi

@@ -2,33 +2,36 @@
 # 2.0, and the BSD License. See the LICENSE file in the root of this repository
 # for complete details.
 
-import types
 import typing
 
-def check_pkcs7_padding(data: bytes) -> bool: ...
-def check_ansix923_padding(data: bytes) -> bool: ...
+from cryptography.hazmat.primitives import padding
+from cryptography.utils import Buffer
+
+class PKCS7PaddingContext(padding.PaddingContext):
+    def __init__(self, block_size: int) -> None: ...
+    def update(self, data: Buffer) -> bytes: ...
+    def finalize(self) -> bytes: ...
+
+class ANSIX923PaddingContext(padding.PaddingContext):
+    def __init__(self, block_size: int) -> None: ...
+    def update(self, data: Buffer) -> bytes: ...
+    def finalize(self) -> bytes: ...
+
+class PKCS7UnpaddingContext(padding.PaddingContext):
+    def __init__(self, block_size: int) -> None: ...
+    def update(self, data: Buffer) -> bytes: ...
+    def finalize(self) -> bytes: ...
+
+class ANSIX923UnpaddingContext(padding.PaddingContext):
+    def __init__(self, block_size: int) -> None: ...
+    def update(self, data: Buffer) -> bytes: ...
+    def finalize(self) -> bytes: ...
 
 class ObjectIdentifier:
-    def __init__(self, val: str) -> None: ...
+    def __init__(self, value: str) -> None: ...
     @property
     def dotted_string(self) -> str: ...
     @property
     def _name(self) -> str: ...
 
 T = typing.TypeVar("T")
-
-class FixedPool(typing.Generic[T]):
-    def __init__(
-        self,
-        create: typing.Callable[[], T],
-    ) -> None: ...
-    def acquire(self) -> PoolAcquisition[T]: ...
-
-class PoolAcquisition(typing.Generic[T]):
-    def __enter__(self) -> T: ...
-    def __exit__(
-        self,
-        exc_type: typing.Optional[typing.Type[BaseException]],
-        exc_value: typing.Optional[BaseException],
-        exc_tb: typing.Optional[types.TracebackType],
-    ) -> None: ...

Backend/venv/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/asn1.pyi

@@ -2,15 +2,6 @@
 # 2.0, and the BSD License. See the LICENSE file in the root of this repository
 # for complete details.
 
-import typing
-
-class TestCertificate:
-    not_after_tag: int
-    not_before_tag: int
-    issuer_value_tags: typing.List[int]
-    subject_value_tags: typing.List[int]
-
-def decode_dss_signature(signature: bytes) -> typing.Tuple[int, int]: ...
+def decode_dss_signature(signature: bytes) -> tuple[int, int]: ...
 def encode_dss_signature(r: int, s: int) -> bytes: ...
 def parse_spki_for_data(data: bytes) -> bytes: ...
-def test_parse_certificate(data: bytes) -> TestCertificate: ...

Backend/venv/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/declarative_asn1.pyi

@@ -0,0 +1,32 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+import typing
+
+def encode_der(value: typing.Any) -> bytes: ...
+def non_root_python_to_rust(cls: type) -> Type: ...
+
+# Type is a Rust enum with tuple variants. For now, we express the type
+# annotations like this:
+class Type:
+    Sequence: typing.ClassVar[type]
+    PyInt: typing.ClassVar[type]
+
+class Annotation:
+    def __new__(
+        cls,
+    ) -> Annotation: ...
+
+class AnnotatedType:
+    inner: Type
+    annotation: Annotation
+
+    def __new__(cls, inner: Type, annotation: Annotation) -> AnnotatedType: ...
+
+class AnnotatedTypeObject:
+    annotated_type: AnnotatedType
+    value: typing.Any
+
+    def __new__(
+        cls, annotated_type: AnnotatedType, value: typing.Any
+    ) -> AnnotatedTypeObject: ...

Backend/venv/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/ocsp.pyi

@@ -2,24 +2,116 @@
 # 2.0, and the BSD License. See the LICENSE file in the root of this repository
 # for complete details.
 
-import typing
+import datetime
+from collections.abc import Iterator
 
-from cryptography.hazmat.primitives import hashes
+from cryptography import x509
+from cryptography.hazmat.primitives import hashes, serialization
 from cryptography.hazmat.primitives.asymmetric.types import PrivateKeyTypes
-from cryptography.x509.ocsp import (
-    OCSPRequest,
-    OCSPRequestBuilder,
-    OCSPResponse,
-    OCSPResponseBuilder,
-    OCSPResponseStatus,
-)
+from cryptography.x509 import ocsp
 
-def load_der_ocsp_request(data: bytes) -> OCSPRequest: ...
-def load_der_ocsp_response(data: bytes) -> OCSPResponse: ...
-def create_ocsp_request(builder: OCSPRequestBuilder) -> OCSPRequest: ...
+class OCSPRequest:
+    @property
+    def issuer_key_hash(self) -> bytes: ...
+    @property
+    def issuer_name_hash(self) -> bytes: ...
+    @property
+    def hash_algorithm(self) -> hashes.HashAlgorithm: ...
+    @property
+    def serial_number(self) -> int: ...
+    def public_bytes(self, encoding: serialization.Encoding) -> bytes: ...
+    @property
+    def extensions(self) -> x509.Extensions: ...
+
+class OCSPResponse:
+    @property
+    def responses(self) -> Iterator[OCSPSingleResponse]: ...
+    @property
+    def response_status(self) -> ocsp.OCSPResponseStatus: ...
+    @property
+    def signature_algorithm_oid(self) -> x509.ObjectIdentifier: ...
+    @property
+    def signature_hash_algorithm(
+        self,
+    ) -> hashes.HashAlgorithm | None: ...
+    @property
+    def signature(self) -> bytes: ...
+    @property
+    def tbs_response_bytes(self) -> bytes: ...
+    @property
+    def certificates(self) -> list[x509.Certificate]: ...
+    @property
+    def responder_key_hash(self) -> bytes | None: ...
+    @property
+    def responder_name(self) -> x509.Name | None: ...
+    @property
+    def produced_at(self) -> datetime.datetime: ...
+    @property
+    def produced_at_utc(self) -> datetime.datetime: ...
+    @property
+    def certificate_status(self) -> ocsp.OCSPCertStatus: ...
+    @property
+    def revocation_time(self) -> datetime.datetime | None: ...
+    @property
+    def revocation_time_utc(self) -> datetime.datetime | None: ...
+    @property
+    def revocation_reason(self) -> x509.ReasonFlags | None: ...
+    @property
+    def this_update(self) -> datetime.datetime: ...
+    @property
+    def this_update_utc(self) -> datetime.datetime: ...
+    @property
+    def next_update(self) -> datetime.datetime | None: ...
+    @property
+    def next_update_utc(self) -> datetime.datetime | None: ...
+    @property
+    def issuer_key_hash(self) -> bytes: ...
+    @property
+    def issuer_name_hash(self) -> bytes: ...
+    @property
+    def hash_algorithm(self) -> hashes.HashAlgorithm: ...
+    @property
+    def serial_number(self) -> int: ...
+    @property
+    def extensions(self) -> x509.Extensions: ...
+    @property
+    def single_extensions(self) -> x509.Extensions: ...
+    def public_bytes(self, encoding: serialization.Encoding) -> bytes: ...
+
+class OCSPSingleResponse:
+    @property
+    def certificate_status(self) -> ocsp.OCSPCertStatus: ...
+    @property
+    def revocation_time(self) -> datetime.datetime | None: ...
+    @property
+    def revocation_time_utc(self) -> datetime.datetime | None: ...
+    @property
+    def revocation_reason(self) -> x509.ReasonFlags | None: ...
+    @property
+    def this_update(self) -> datetime.datetime: ...
+    @property
+    def this_update_utc(self) -> datetime.datetime: ...
+    @property
+    def next_update(self) -> datetime.datetime | None: ...
+    @property
+    def next_update_utc(self) -> datetime.datetime | None: ...
+    @property
+    def issuer_key_hash(self) -> bytes: ...
+    @property
+    def issuer_name_hash(self) -> bytes: ...
+    @property
+    def hash_algorithm(self) -> hashes.HashAlgorithm: ...
+    @property
+    def serial_number(self) -> int: ...
+
+def load_der_ocsp_request(data: bytes) -> ocsp.OCSPRequest: ...
+def load_der_ocsp_response(data: bytes) -> ocsp.OCSPResponse: ...
+def create_ocsp_request(
+    builder: ocsp.OCSPRequestBuilder,
+) -> ocsp.OCSPRequest: ...
 def create_ocsp_response(
-    status: OCSPResponseStatus,
-    builder: typing.Optional[OCSPResponseBuilder],
-    private_key: typing.Optional[PrivateKeyTypes],
-    hash_algorithm: typing.Optional[hashes.HashAlgorithm],
-) -> OCSPResponse: ...
+    status: ocsp.OCSPResponseStatus,
+    builder: ocsp.OCSPResponseBuilder | None,
+    private_key: PrivateKeyTypes | None,
+    hash_algorithm: hashes.HashAlgorithm | None,
+) -> ocsp.OCSPResponse: ...

Backend/venv/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/__init__.pyi

@@ -5,37 +5,66 @@
 import typing
 
 from cryptography.hazmat.bindings._rust.openssl import (
+    aead,
+    ciphers,
+    cmac,
     dh,
     dsa,
+    ec,
     ed448,
     ed25519,
     hashes,
     hmac,
     kdf,
+    keys,
     poly1305,
+    rsa,
     x448,
     x25519,
 )
 
 __all__ = [
-    "openssl_version",
-    "raise_openssl_error",
+    "aead",
+    "ciphers",
+    "cmac",
     "dh",
     "dsa",
+    "ec",
+    "ed448",
+    "ed25519",
     "hashes",
     "hmac",
     "kdf",
-    "ed448",
-    "ed25519",
+    "keys",
+    "openssl_version",
+    "openssl_version_text",
     "poly1305",
+    "raise_openssl_error",
+    "rsa",
     "x448",
     "x25519",
 ]
 
+CRYPTOGRAPHY_IS_LIBRESSL: bool
+CRYPTOGRAPHY_IS_BORINGSSL: bool
+CRYPTOGRAPHY_IS_AWSLC: bool
+CRYPTOGRAPHY_OPENSSL_300_OR_GREATER: bool
+CRYPTOGRAPHY_OPENSSL_309_OR_GREATER: bool
+CRYPTOGRAPHY_OPENSSL_320_OR_GREATER: bool
+CRYPTOGRAPHY_OPENSSL_330_OR_GREATER: bool
+CRYPTOGRAPHY_OPENSSL_350_OR_GREATER: bool
+
+class Providers: ...
+
+_legacy_provider_loaded: bool
+_providers: Providers
+
 def openssl_version() -> int: ...
+def openssl_version_text() -> str: ...
 def raise_openssl_error() -> typing.NoReturn: ...
-def capture_error_stack() -> typing.List[OpenSSLError]: ...
+def capture_error_stack() -> list[OpenSSLError]: ...
 def is_fips_enabled() -> bool: ...
+def enable_fips(providers: Providers) -> None: ...
 
 class OpenSSLError:
     @property
@@ -44,4 +73,3 @@ class OpenSSLError:
     def reason(self) -> int: ...
     @property
     def reason_text(self) -> bytes: ...
-    def _lib_reason_match(self, lib: int, reason: int) -> bool: ...

Backend/venv/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/aead.pyi

@@ -0,0 +1,107 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from collections.abc import Sequence
+
+from cryptography.utils import Buffer
+
+class AESGCM:
+    def __init__(self, key: Buffer) -> None: ...
+    @staticmethod
+    def generate_key(bit_length: int) -> bytes: ...
+    def encrypt(
+        self,
+        nonce: Buffer,
+        data: Buffer,
+        associated_data: Buffer | None,
+    ) -> bytes: ...
+    def decrypt(
+        self,
+        nonce: Buffer,
+        data: Buffer,
+        associated_data: Buffer | None,
+    ) -> bytes: ...
+
+class ChaCha20Poly1305:
+    def __init__(self, key: Buffer) -> None: ...
+    @staticmethod
+    def generate_key() -> bytes: ...
+    def encrypt(
+        self,
+        nonce: Buffer,
+        data: Buffer,
+        associated_data: Buffer | None,
+    ) -> bytes: ...
+    def decrypt(
+        self,
+        nonce: Buffer,
+        data: Buffer,
+        associated_data: Buffer | None,
+    ) -> bytes: ...
+
+class AESCCM:
+    def __init__(self, key: Buffer, tag_length: int = 16) -> None: ...
+    @staticmethod
+    def generate_key(bit_length: int) -> bytes: ...
+    def encrypt(
+        self,
+        nonce: Buffer,
+        data: Buffer,
+        associated_data: Buffer | None,
+    ) -> bytes: ...
+    def decrypt(
+        self,
+        nonce: Buffer,
+        data: Buffer,
+        associated_data: Buffer | None,
+    ) -> bytes: ...
+
+class AESSIV:
+    def __init__(self, key: Buffer) -> None: ...
+    @staticmethod
+    def generate_key(bit_length: int) -> bytes: ...
+    def encrypt(
+        self,
+        data: Buffer,
+        associated_data: Sequence[Buffer] | None,
+    ) -> bytes: ...
+    def decrypt(
+        self,
+        data: Buffer,
+        associated_data: Sequence[Buffer] | None,
+    ) -> bytes: ...
+
+class AESOCB3:
+    def __init__(self, key: Buffer) -> None: ...
+    @staticmethod
+    def generate_key(bit_length: int) -> bytes: ...
+    def encrypt(
+        self,
+        nonce: Buffer,
+        data: Buffer,
+        associated_data: Buffer | None,
+    ) -> bytes: ...
+    def decrypt(
+        self,
+        nonce: Buffer,
+        data: Buffer,
+        associated_data: Buffer | None,
+    ) -> bytes: ...
+
+class AESGCMSIV:
+    def __init__(self, key: Buffer) -> None: ...
+    @staticmethod
+    def generate_key(bit_length: int) -> bytes: ...
+    def encrypt(
+        self,
+        nonce: Buffer,
+        data: Buffer,
+        associated_data: Buffer | None,
+    ) -> bytes: ...
+    def decrypt(
+        self,
+        nonce: Buffer,
+        data: Buffer,
+        associated_data: Buffer | None,
+    ) -> bytes: ...

Backend/venv/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/ciphers.pyi

@@ -0,0 +1,38 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+import typing
+
+from cryptography.hazmat.primitives import ciphers
+from cryptography.hazmat.primitives.ciphers import modes
+
+@typing.overload
+def create_encryption_ctx(
+    algorithm: ciphers.CipherAlgorithm, mode: modes.ModeWithAuthenticationTag
+) -> ciphers.AEADEncryptionContext: ...
+@typing.overload
+def create_encryption_ctx(
+    algorithm: ciphers.CipherAlgorithm, mode: modes.Mode | None
+) -> ciphers.CipherContext: ...
+@typing.overload
+def create_decryption_ctx(
+    algorithm: ciphers.CipherAlgorithm, mode: modes.ModeWithAuthenticationTag
+) -> ciphers.AEADDecryptionContext: ...
+@typing.overload
+def create_decryption_ctx(
+    algorithm: ciphers.CipherAlgorithm, mode: modes.Mode | None
+) -> ciphers.CipherContext: ...
+def cipher_supported(
+    algorithm: ciphers.CipherAlgorithm, mode: modes.Mode
+) -> bool: ...
+def _advance(
+    ctx: ciphers.AEADEncryptionContext | ciphers.AEADDecryptionContext, n: int
+) -> None: ...
+def _advance_aad(
+    ctx: ciphers.AEADEncryptionContext | ciphers.AEADDecryptionContext, n: int
+) -> None: ...
+
+class CipherContext: ...
+class AEADEncryptionContext: ...
+class AEADDecryptionContext: ...

Backend/venv/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/cmac.pyi

@@ -0,0 +1,18 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+import typing
+
+from cryptography.hazmat.primitives import ciphers
+
+class CMAC:
+    def __init__(
+        self,
+        algorithm: ciphers.BlockCipherAlgorithm,
+        backend: typing.Any = None,
+    ) -> None: ...
+    def update(self, data: bytes) -> None: ...
+    def finalize(self) -> bytes: ...
+    def verify(self, signature: bytes) -> None: ...
+    def copy(self) -> CMAC: ...

Backend/venv/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/dh.pyi

@@ -2,6 +2,8 @@
 # 2.0, and the BSD License. See the LICENSE file in the root of this repository
 # for complete details.
 
+import typing
+
 from cryptography.hazmat.primitives.asymmetric import dh
 
 MIN_MODULUS_SIZE: int
@@ -10,13 +12,40 @@ class DHPrivateKey: ...
 class DHPublicKey: ...
 class DHParameters: ...
 
-def generate_parameters(generator: int, key_size: int) -> dh.DHParameters: ...
-def private_key_from_ptr(ptr: int) -> dh.DHPrivateKey: ...
-def public_key_from_ptr(ptr: int) -> dh.DHPublicKey: ...
-def from_pem_parameters(data: bytes) -> dh.DHParameters: ...
-def from_der_parameters(data: bytes) -> dh.DHParameters: ...
-def from_private_numbers(numbers: dh.DHPrivateNumbers) -> dh.DHPrivateKey: ...
-def from_public_numbers(numbers: dh.DHPublicNumbers) -> dh.DHPublicKey: ...
-def from_parameter_numbers(
-    numbers: dh.DHParameterNumbers,
+class DHPrivateNumbers:
+    def __init__(self, x: int, public_numbers: DHPublicNumbers) -> None: ...
+    def private_key(self, backend: typing.Any = None) -> dh.DHPrivateKey: ...
+    @property
+    def x(self) -> int: ...
+    @property
+    def public_numbers(self) -> DHPublicNumbers: ...
+
+class DHPublicNumbers:
+    def __init__(
+        self, y: int, parameter_numbers: DHParameterNumbers
+    ) -> None: ...
+    def public_key(self, backend: typing.Any = None) -> dh.DHPublicKey: ...
+    @property
+    def y(self) -> int: ...
+    @property
+    def parameter_numbers(self) -> DHParameterNumbers: ...
+
+class DHParameterNumbers:
+    def __init__(self, p: int, g: int, q: int | None = None) -> None: ...
+    def parameters(self, backend: typing.Any = None) -> dh.DHParameters: ...
+    @property
+    def p(self) -> int: ...
+    @property
+    def g(self) -> int: ...
+    @property
+    def q(self) -> int | None: ...
+
+def generate_parameters(
+    generator: int, key_size: int, backend: typing.Any = None
+) -> dh.DHParameters: ...
+def from_pem_parameters(
+    data: bytes, backend: typing.Any = None
+) -> dh.DHParameters: ...
+def from_der_parameters(
+    data: bytes, backend: typing.Any = None
 ) -> dh.DHParameters: ...

Backend/venv/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/dsa.pyi

@@ -2,19 +2,40 @@
 # 2.0, and the BSD License. See the LICENSE file in the root of this repository
 # for complete details.
 
+import typing
+
 from cryptography.hazmat.primitives.asymmetric import dsa
 
 class DSAPrivateKey: ...
 class DSAPublicKey: ...
 class DSAParameters: ...
 
+class DSAPrivateNumbers:
+    def __init__(self, x: int, public_numbers: DSAPublicNumbers) -> None: ...
+    @property
+    def x(self) -> int: ...
+    @property
+    def public_numbers(self) -> DSAPublicNumbers: ...
+    def private_key(self, backend: typing.Any = None) -> dsa.DSAPrivateKey: ...
+
+class DSAPublicNumbers:
+    def __init__(
+        self, y: int, parameter_numbers: DSAParameterNumbers
+    ) -> None: ...
+    @property
+    def y(self) -> int: ...
+    @property
+    def parameter_numbers(self) -> DSAParameterNumbers: ...
+    def public_key(self, backend: typing.Any = None) -> dsa.DSAPublicKey: ...
+
+class DSAParameterNumbers:
+    def __init__(self, p: int, q: int, g: int) -> None: ...
+    @property
+    def p(self) -> int: ...
+    @property
+    def q(self) -> int: ...
+    @property
+    def g(self) -> int: ...
+    def parameters(self, backend: typing.Any = None) -> dsa.DSAParameters: ...
+
 def generate_parameters(key_size: int) -> dsa.DSAParameters: ...
-def private_key_from_ptr(ptr: int) -> dsa.DSAPrivateKey: ...
-def public_key_from_ptr(ptr: int) -> dsa.DSAPublicKey: ...
-def from_private_numbers(
-    numbers: dsa.DSAPrivateNumbers,
-) -> dsa.DSAPrivateKey: ...
-def from_public_numbers(numbers: dsa.DSAPublicNumbers) -> dsa.DSAPublicKey: ...
-def from_parameter_numbers(
-    numbers: dsa.DSAParameterNumbers,
-) -> dsa.DSAParameters: ...

Backend/venv/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/ec.pyi

@@ -0,0 +1,52 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+import typing
+
+from cryptography.hazmat.primitives.asymmetric import ec
+
+class ECPrivateKey: ...
+class ECPublicKey: ...
+
+class EllipticCurvePrivateNumbers:
+    def __init__(
+        self, private_value: int, public_numbers: EllipticCurvePublicNumbers
+    ) -> None: ...
+    def private_key(
+        self, backend: typing.Any = None
+    ) -> ec.EllipticCurvePrivateKey: ...
+    @property
+    def private_value(self) -> int: ...
+    @property
+    def public_numbers(self) -> EllipticCurvePublicNumbers: ...
+
+class EllipticCurvePublicNumbers:
+    def __init__(self, x: int, y: int, curve: ec.EllipticCurve) -> None: ...
+    def public_key(
+        self, backend: typing.Any = None
+    ) -> ec.EllipticCurvePublicKey: ...
+    @property
+    def x(self) -> int: ...
+    @property
+    def y(self) -> int: ...
+    @property
+    def curve(self) -> ec.EllipticCurve: ...
+    def __eq__(self, other: object) -> bool: ...
+
+def curve_supported(curve: ec.EllipticCurve) -> bool: ...
+def generate_private_key(
+    curve: ec.EllipticCurve, backend: typing.Any = None
+) -> ec.EllipticCurvePrivateKey: ...
+def from_private_numbers(
+    numbers: ec.EllipticCurvePrivateNumbers,
+) -> ec.EllipticCurvePrivateKey: ...
+def from_public_numbers(
+    numbers: ec.EllipticCurvePublicNumbers,
+) -> ec.EllipticCurvePublicKey: ...
+def from_public_bytes(
+    curve: ec.EllipticCurve, data: bytes
+) -> ec.EllipticCurvePublicKey: ...
+def derive_private_key(
+    private_value: int, curve: ec.EllipticCurve
+) -> ec.EllipticCurvePrivateKey: ...

Backend/venv/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/ed25519.pyi

@@ -3,12 +3,11 @@
 # for complete details.
 
 from cryptography.hazmat.primitives.asymmetric import ed25519
+from cryptography.utils import Buffer
 
 class Ed25519PrivateKey: ...
 class Ed25519PublicKey: ...
 
 def generate_key() -> ed25519.Ed25519PrivateKey: ...
-def private_key_from_ptr(ptr: int) -> ed25519.Ed25519PrivateKey: ...
-def public_key_from_ptr(ptr: int) -> ed25519.Ed25519PublicKey: ...
-def from_private_bytes(data: bytes) -> ed25519.Ed25519PrivateKey: ...
+def from_private_bytes(data: Buffer) -> ed25519.Ed25519PrivateKey: ...
 def from_public_bytes(data: bytes) -> ed25519.Ed25519PublicKey: ...

Backend/venv/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/ed448.pyi

@@ -3,12 +3,11 @@
 # for complete details.
 
 from cryptography.hazmat.primitives.asymmetric import ed448
+from cryptography.utils import Buffer
 
 class Ed448PrivateKey: ...
 class Ed448PublicKey: ...
 
 def generate_key() -> ed448.Ed448PrivateKey: ...
-def private_key_from_ptr(ptr: int) -> ed448.Ed448PrivateKey: ...
-def public_key_from_ptr(ptr: int) -> ed448.Ed448PublicKey: ...
-def from_private_bytes(data: bytes) -> ed448.Ed448PrivateKey: ...
+def from_private_bytes(data: Buffer) -> ed448.Ed448PrivateKey: ...
 def from_public_bytes(data: bytes) -> ed448.Ed448PublicKey: ...

Backend/venv/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/hashes.pyi

@@ -5,6 +5,7 @@
 import typing
 
 from cryptography.hazmat.primitives import hashes
+from cryptography.utils import Buffer
 
 class Hash(hashes.HashContext):
     def __init__(
@@ -12,6 +13,16 @@ class Hash(hashes.HashContext):
     ) -> None: ...
     @property
     def algorithm(self) -> hashes.HashAlgorithm: ...
-    def update(self, data: bytes) -> None: ...
+    def update(self, data: Buffer) -> None: ...
     def finalize(self) -> bytes: ...
     def copy(self) -> Hash: ...
+
+def hash_supported(algorithm: hashes.HashAlgorithm) -> bool: ...
+
+class XOFHash:
+    def __init__(self, algorithm: hashes.ExtendableOutputFunction) -> None: ...
+    @property
+    def algorithm(self) -> hashes.ExtendableOutputFunction: ...
+    def update(self, data: Buffer) -> None: ...
+    def squeeze(self, length: int) -> bytes: ...
+    def copy(self) -> XOFHash: ...

Backend/venv/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/hmac.pyi

@@ -5,17 +5,18 @@
 import typing
 
 from cryptography.hazmat.primitives import hashes
+from cryptography.utils import Buffer
 
 class HMAC(hashes.HashContext):
     def __init__(
         self,
-        key: bytes,
+        key: Buffer,
         algorithm: hashes.HashAlgorithm,
         backend: typing.Any = None,
     ) -> None: ...
     @property
     def algorithm(self) -> hashes.HashAlgorithm: ...
-    def update(self, data: bytes) -> None: ...
+    def update(self, data: Buffer) -> None: ...
     def finalize(self) -> bytes: ...
     def verify(self, signature: bytes) -> None: ...
     def copy(self) -> HMAC: ...

Backend/venv/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/kdf.pyi

@@ -2,21 +2,71 @@
 # 2.0, and the BSD License. See the LICENSE file in the root of this repository
 # for complete details.
 
+import typing
+
 from cryptography.hazmat.primitives.hashes import HashAlgorithm
+from cryptography.utils import Buffer
 
 def derive_pbkdf2_hmac(
-    key_material: bytes,
+    key_material: Buffer,
     algorithm: HashAlgorithm,
     salt: bytes,
     iterations: int,
     length: int,
 ) -> bytes: ...
-def derive_scrypt(
-    key_material: bytes,
-    salt: bytes,
-    n: int,
-    r: int,
-    p: int,
-    max_mem: int,
-    length: int,
-) -> bytes: ...
+
+class Scrypt:
+    def __init__(
+        self,
+        salt: bytes,
+        length: int,
+        n: int,
+        r: int,
+        p: int,
+        backend: typing.Any = None,
+    ) -> None: ...
+    def derive(self, key_material: Buffer) -> bytes: ...
+    def verify(self, key_material: bytes, expected_key: bytes) -> None: ...
+
+class Argon2id:
+    def __init__(
+        self,
+        *,
+        salt: bytes,
+        length: int,
+        iterations: int,
+        lanes: int,
+        memory_cost: int,
+        ad: bytes | None = None,
+        secret: bytes | None = None,
+    ) -> None: ...
+    def derive(self, key_material: bytes) -> bytes: ...
+    def verify(self, key_material: bytes, expected_key: bytes) -> None: ...
+    def derive_phc_encoded(self, key_material: bytes) -> str: ...
+    @classmethod
+    def verify_phc_encoded(
+        cls, key_material: bytes, phc_encoded: str, secret: bytes | None = None
+    ) -> None: ...
+
+class HKDF:
+    def __init__(
+        self,
+        algorithm: HashAlgorithm,
+        length: int,
+        salt: bytes | None,
+        info: bytes | None,
+        backend: typing.Any = None,
+    ): ...
+    def derive(self, key_material: Buffer) -> bytes: ...
+    def verify(self, key_material: bytes, expected_key: bytes) -> None: ...
+
+class HKDFExpand:
+    def __init__(
+        self,
+        algorithm: HashAlgorithm,
+        length: int,
+        info: bytes | None,
+        backend: typing.Any = None,
+    ): ...
+    def derive(self, key_material: Buffer) -> bytes: ...
+    def verify(self, key_material: bytes, expected_key: bytes) -> None: ...

Backend/venv/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/keys.pyi

@@ -0,0 +1,34 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+import typing
+
+from cryptography.hazmat.primitives.asymmetric.types import (
+    PrivateKeyTypes,
+    PublicKeyTypes,
+)
+from cryptography.utils import Buffer
+
+def load_der_private_key(
+    data: Buffer,
+    password: bytes | None,
+    backend: typing.Any = None,
+    *,
+    unsafe_skip_rsa_key_validation: bool = False,
+) -> PrivateKeyTypes: ...
+def load_pem_private_key(
+    data: Buffer,
+    password: bytes | None,
+    backend: typing.Any = None,
+    *,
+    unsafe_skip_rsa_key_validation: bool = False,
+) -> PrivateKeyTypes: ...
+def load_der_public_key(
+    data: bytes,
+    backend: typing.Any = None,
+) -> PublicKeyTypes: ...
+def load_pem_public_key(
+    data: bytes,
+    backend: typing.Any = None,
+) -> PublicKeyTypes: ...

Backend/venv/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/poly1305.pyi

@@ -2,12 +2,14 @@
 # 2.0, and the BSD License. See the LICENSE file in the root of this repository
 # for complete details.
 
+from cryptography.utils import Buffer
+
 class Poly1305:
-    def __init__(self, key: bytes) -> None: ...
+    def __init__(self, key: Buffer) -> None: ...
     @staticmethod
-    def generate_tag(key: bytes, data: bytes) -> bytes: ...
+    def generate_tag(key: Buffer, data: Buffer) -> bytes: ...
     @staticmethod
-    def verify_tag(key: bytes, data: bytes, tag: bytes) -> None: ...
-    def update(self, data: bytes) -> None: ...
+    def verify_tag(key: Buffer, data: Buffer, tag: bytes) -> None: ...
+    def update(self, data: Buffer) -> None: ...
     def finalize(self) -> bytes: ...
     def verify(self, tag: bytes) -> None: ...

Backend/venv/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/rsa.pyi

@@ -0,0 +1,55 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+import typing
+
+from cryptography.hazmat.primitives.asymmetric import rsa
+
+class RSAPrivateKey: ...
+class RSAPublicKey: ...
+
+class RSAPrivateNumbers:
+    def __init__(
+        self,
+        p: int,
+        q: int,
+        d: int,
+        dmp1: int,
+        dmq1: int,
+        iqmp: int,
+        public_numbers: RSAPublicNumbers,
+    ) -> None: ...
+    @property
+    def p(self) -> int: ...
+    @property
+    def q(self) -> int: ...
+    @property
+    def d(self) -> int: ...
+    @property
+    def dmp1(self) -> int: ...
+    @property
+    def dmq1(self) -> int: ...
+    @property
+    def iqmp(self) -> int: ...
+    @property
+    def public_numbers(self) -> RSAPublicNumbers: ...
+    def private_key(
+        self,
+        backend: typing.Any = None,
+        *,
+        unsafe_skip_rsa_key_validation: bool = False,
+    ) -> rsa.RSAPrivateKey: ...
+
+class RSAPublicNumbers:
+    def __init__(self, e: int, n: int) -> None: ...
+    @property
+    def n(self) -> int: ...
+    @property
+    def e(self) -> int: ...
+    def public_key(self, backend: typing.Any = None) -> rsa.RSAPublicKey: ...
+
+def generate_private_key(
+    public_exponent: int,
+    key_size: int,
+) -> rsa.RSAPrivateKey: ...

Backend/venv/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/x25519.pyi

@@ -3,12 +3,11 @@
 # for complete details.
 
 from cryptography.hazmat.primitives.asymmetric import x25519
+from cryptography.utils import Buffer
 
 class X25519PrivateKey: ...
 class X25519PublicKey: ...
 
 def generate_key() -> x25519.X25519PrivateKey: ...
-def private_key_from_ptr(ptr: int) -> x25519.X25519PrivateKey: ...
-def public_key_from_ptr(ptr: int) -> x25519.X25519PublicKey: ...
-def from_private_bytes(data: bytes) -> x25519.X25519PrivateKey: ...
+def from_private_bytes(data: Buffer) -> x25519.X25519PrivateKey: ...
 def from_public_bytes(data: bytes) -> x25519.X25519PublicKey: ...

Backend/venv/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/x448.pyi

@@ -3,12 +3,11 @@
 # for complete details.
 
 from cryptography.hazmat.primitives.asymmetric import x448
+from cryptography.utils import Buffer
 
 class X448PrivateKey: ...
 class X448PublicKey: ...
 
 def generate_key() -> x448.X448PrivateKey: ...
-def private_key_from_ptr(ptr: int) -> x448.X448PrivateKey: ...
-def public_key_from_ptr(ptr: int) -> x448.X448PublicKey: ...
-def from_private_bytes(data: bytes) -> x448.X448PrivateKey: ...
+def from_private_bytes(data: Buffer) -> x448.X448PrivateKey: ...
 def from_public_bytes(data: bytes) -> x448.X448PublicKey: ...

Backend/venv/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/pkcs12.pyi

@@ -0,0 +1,52 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+import typing
+from collections.abc import Iterable
+
+from cryptography import x509
+from cryptography.hazmat.primitives.asymmetric.types import PrivateKeyTypes
+from cryptography.hazmat.primitives.serialization import (
+    KeySerializationEncryption,
+)
+from cryptography.hazmat.primitives.serialization.pkcs12 import (
+    PKCS12KeyAndCertificates,
+    PKCS12PrivateKeyTypes,
+)
+from cryptography.utils import Buffer
+
+class PKCS12Certificate:
+    def __init__(
+        self, cert: x509.Certificate, friendly_name: bytes | None
+    ) -> None: ...
+    @property
+    def friendly_name(self) -> bytes | None: ...
+    @property
+    def certificate(self) -> x509.Certificate: ...
+
+def load_key_and_certificates(
+    data: Buffer,
+    password: Buffer | None,
+    backend: typing.Any = None,
+) -> tuple[
+    PrivateKeyTypes | None,
+    x509.Certificate | None,
+    list[x509.Certificate],
+]: ...
+def load_pkcs12(
+    data: bytes,
+    password: bytes | None,
+    backend: typing.Any = None,
+) -> PKCS12KeyAndCertificates: ...
+def serialize_java_truststore(
+    certs: Iterable[PKCS12Certificate],
+    encryption_algorithm: KeySerializationEncryption,
+) -> bytes: ...
+def serialize_key_and_certificates(
+    name: bytes | None,
+    key: PKCS12PrivateKeyTypes | None,
+    cert: x509.Certificate | None,
+    cas: Iterable[x509.Certificate | PKCS12Certificate] | None,
+    encryption_algorithm: KeySerializationEncryption,
+) -> bytes: ...

Backend/venv/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/pkcs7.pyi

@@ -1,15 +1,50 @@
-import typing
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from collections.abc import Iterable
 
 from cryptography import x509
 from cryptography.hazmat.primitives import serialization
+from cryptography.hazmat.primitives.asymmetric import rsa
 from cryptography.hazmat.primitives.serialization import pkcs7
 
 def serialize_certificates(
-    certs: typing.List[x509.Certificate],
+    certs: list[x509.Certificate],
     encoding: serialization.Encoding,
 ) -> bytes: ...
+def encrypt_and_serialize(
+    builder: pkcs7.PKCS7EnvelopeBuilder,
+    content_encryption_algorithm: pkcs7.ContentEncryptionAlgorithm,
+    encoding: serialization.Encoding,
+    options: Iterable[pkcs7.PKCS7Options],
+) -> bytes: ...
 def sign_and_serialize(
     builder: pkcs7.PKCS7SignatureBuilder,
     encoding: serialization.Encoding,
-    options: typing.Iterable[pkcs7.PKCS7Options],
+    options: Iterable[pkcs7.PKCS7Options],
 ) -> bytes: ...
+def decrypt_der(
+    data: bytes,
+    certificate: x509.Certificate,
+    private_key: rsa.RSAPrivateKey,
+    options: Iterable[pkcs7.PKCS7Options],
+) -> bytes: ...
+def decrypt_pem(
+    data: bytes,
+    certificate: x509.Certificate,
+    private_key: rsa.RSAPrivateKey,
+    options: Iterable[pkcs7.PKCS7Options],
+) -> bytes: ...
+def decrypt_smime(
+    data: bytes,
+    certificate: x509.Certificate,
+    private_key: rsa.RSAPrivateKey,
+    options: Iterable[pkcs7.PKCS7Options],
+) -> bytes: ...
+def load_pem_pkcs7_certificates(
+    data: bytes,
+) -> list[x509.Certificate]: ...
+def load_der_pkcs7_certificates(
+    data: bytes,
+) -> list[x509.Certificate]: ...

Backend/venv/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/test_support.pyi

@@ -0,0 +1,23 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from cryptography import x509
+from cryptography.hazmat.primitives import serialization
+from cryptography.hazmat.primitives.serialization import pkcs7
+from cryptography.utils import Buffer
+
+class TestCertificate:
+    not_after_tag: int
+    not_before_tag: int
+    issuer_value_tags: list[int]
+    subject_value_tags: list[int]
+
+def test_parse_certificate(data: bytes) -> TestCertificate: ...
+def pkcs7_verify(
+    encoding: serialization.Encoding,
+    sig: bytes,
+    msg: Buffer | None,
+    certs: list[x509.Certificate],
+    options: list[pkcs7.PKCS7Options],
+) -> None: ...

Backend/venv/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/x509.pyi

@@ -2,43 +2,300 @@
 # 2.0, and the BSD License. See the LICENSE file in the root of this repository
 # for complete details.
 
+import datetime
 import typing
+from collections.abc import Iterator
 
 from cryptography import x509
-from cryptography.hazmat.primitives import hashes
+from cryptography.hazmat.primitives import hashes, serialization
+from cryptography.hazmat.primitives.asymmetric.ec import ECDSA
 from cryptography.hazmat.primitives.asymmetric.padding import PSS, PKCS1v15
-from cryptography.hazmat.primitives.asymmetric.types import PrivateKeyTypes
+from cryptography.hazmat.primitives.asymmetric.types import (
+    CertificateIssuerPublicKeyTypes,
+    CertificatePublicKeyTypes,
+    PrivateKeyTypes,
+)
+from cryptography.x509 import certificate_transparency
 
-def load_pem_x509_certificate(data: bytes) -> x509.Certificate: ...
+def load_pem_x509_certificate(
+    data: bytes, backend: typing.Any = None
+) -> x509.Certificate: ...
+def load_der_x509_certificate(
+    data: bytes, backend: typing.Any = None
+) -> x509.Certificate: ...
 def load_pem_x509_certificates(
     data: bytes,
-) -> typing.List[x509.Certificate]: ...
-def load_der_x509_certificate(data: bytes) -> x509.Certificate: ...
-def load_pem_x509_crl(data: bytes) -> x509.CertificateRevocationList: ...
-def load_der_x509_crl(data: bytes) -> x509.CertificateRevocationList: ...
-def load_pem_x509_csr(data: bytes) -> x509.CertificateSigningRequest: ...
-def load_der_x509_csr(data: bytes) -> x509.CertificateSigningRequest: ...
+) -> list[x509.Certificate]: ...
+def load_pem_x509_crl(
+    data: bytes, backend: typing.Any = None
+) -> x509.CertificateRevocationList: ...
+def load_der_x509_crl(
+    data: bytes, backend: typing.Any = None
+) -> x509.CertificateRevocationList: ...
+def load_pem_x509_csr(
+    data: bytes, backend: typing.Any = None
+) -> x509.CertificateSigningRequest: ...
+def load_der_x509_csr(
+    data: bytes, backend: typing.Any = None
+) -> x509.CertificateSigningRequest: ...
 def encode_name_bytes(name: x509.Name) -> bytes: ...
 def encode_extension_value(extension: x509.ExtensionType) -> bytes: ...
 def create_x509_certificate(
     builder: x509.CertificateBuilder,
     private_key: PrivateKeyTypes,
-    hash_algorithm: typing.Optional[hashes.HashAlgorithm],
-    padding: typing.Optional[typing.Union[PKCS1v15, PSS]],
+    hash_algorithm: hashes.HashAlgorithm | None,
+    rsa_padding: PKCS1v15 | PSS | None,
+    ecdsa_deterministic: bool | None,
 ) -> x509.Certificate: ...
 def create_x509_csr(
     builder: x509.CertificateSigningRequestBuilder,
     private_key: PrivateKeyTypes,
-    hash_algorithm: typing.Optional[hashes.HashAlgorithm],
+    hash_algorithm: hashes.HashAlgorithm | None,
+    rsa_padding: PKCS1v15 | PSS | None,
+    ecdsa_deterministic: bool | None,
 ) -> x509.CertificateSigningRequest: ...
 def create_x509_crl(
     builder: x509.CertificateRevocationListBuilder,
     private_key: PrivateKeyTypes,
-    hash_algorithm: typing.Optional[hashes.HashAlgorithm],
+    hash_algorithm: hashes.HashAlgorithm | None,
+    rsa_padding: PKCS1v15 | PSS | None,
+    ecdsa_deterministic: bool | None,
 ) -> x509.CertificateRevocationList: ...
 
-class Sct: ...
-class Certificate: ...
+class Sct:
+    @property
+    def version(self) -> certificate_transparency.Version: ...
+    @property
+    def log_id(self) -> bytes: ...
+    @property
+    def timestamp(self) -> datetime.datetime: ...
+    @property
+    def entry_type(self) -> certificate_transparency.LogEntryType: ...
+    @property
+    def signature_hash_algorithm(self) -> hashes.HashAlgorithm: ...
+    @property
+    def signature_algorithm(
+        self,
+    ) -> certificate_transparency.SignatureAlgorithm: ...
+    @property
+    def signature(self) -> bytes: ...
+    @property
+    def extension_bytes(self) -> bytes: ...
+
+class Certificate:
+    def fingerprint(self, algorithm: hashes.HashAlgorithm) -> bytes: ...
+    @property
+    def serial_number(self) -> int: ...
+    @property
+    def version(self) -> x509.Version: ...
+    def public_key(self) -> CertificatePublicKeyTypes: ...
+    @property
+    def public_key_algorithm_oid(self) -> x509.ObjectIdentifier: ...
+    @property
+    def not_valid_before(self) -> datetime.datetime: ...
+    @property
+    def not_valid_before_utc(self) -> datetime.datetime: ...
+    @property
+    def not_valid_after(self) -> datetime.datetime: ...
+    @property
+    def not_valid_after_utc(self) -> datetime.datetime: ...
+    @property
+    def issuer(self) -> x509.Name: ...
+    @property
+    def subject(self) -> x509.Name: ...
+    @property
+    def signature_hash_algorithm(
+        self,
+    ) -> hashes.HashAlgorithm | None: ...
+    @property
+    def signature_algorithm_oid(self) -> x509.ObjectIdentifier: ...
+    @property
+    def signature_algorithm_parameters(
+        self,
+    ) -> PSS | PKCS1v15 | ECDSA | None: ...
+    @property
+    def extensions(self) -> x509.Extensions: ...
+    @property
+    def signature(self) -> bytes: ...
+    @property
+    def tbs_certificate_bytes(self) -> bytes: ...
+    @property
+    def tbs_precertificate_bytes(self) -> bytes: ...
+    def __eq__(self, other: object) -> bool: ...
+    def __hash__(self) -> int: ...
+    def public_bytes(self, encoding: serialization.Encoding) -> bytes: ...
+    def verify_directly_issued_by(self, issuer: Certificate) -> None: ...
+
 class RevokedCertificate: ...
-class CertificateRevocationList: ...
-class CertificateSigningRequest: ...
+
+class CertificateRevocationList:
+    def public_bytes(self, encoding: serialization.Encoding) -> bytes: ...
+    def fingerprint(self, algorithm: hashes.HashAlgorithm) -> bytes: ...
+    def get_revoked_certificate_by_serial_number(
+        self, serial_number: int
+    ) -> x509.RevokedCertificate | None: ...
+    @property
+    def signature_hash_algorithm(
+        self,
+    ) -> hashes.HashAlgorithm | None: ...
+    @property
+    def signature_algorithm_oid(self) -> x509.ObjectIdentifier: ...
+    @property
+    def signature_algorithm_parameters(
+        self,
+    ) -> PSS | PKCS1v15 | ECDSA | None: ...
+    @property
+    def issuer(self) -> x509.Name: ...
+    @property
+    def next_update(self) -> datetime.datetime | None: ...
+    @property
+    def next_update_utc(self) -> datetime.datetime | None: ...
+    @property
+    def last_update(self) -> datetime.datetime: ...
+    @property
+    def last_update_utc(self) -> datetime.datetime: ...
+    @property
+    def extensions(self) -> x509.Extensions: ...
+    @property
+    def signature(self) -> bytes: ...
+    @property
+    def tbs_certlist_bytes(self) -> bytes: ...
+    def __eq__(self, other: object) -> bool: ...
+    def __len__(self) -> int: ...
+    @typing.overload
+    def __getitem__(self, idx: int) -> x509.RevokedCertificate: ...
+    @typing.overload
+    def __getitem__(self, idx: slice) -> list[x509.RevokedCertificate]: ...
+    def __iter__(self) -> Iterator[x509.RevokedCertificate]: ...
+    def is_signature_valid(
+        self, public_key: CertificateIssuerPublicKeyTypes
+    ) -> bool: ...
+
+class CertificateSigningRequest:
+    def __eq__(self, other: object) -> bool: ...
+    def __hash__(self) -> int: ...
+    def public_key(self) -> CertificatePublicKeyTypes: ...
+    @property
+    def subject(self) -> x509.Name: ...
+    @property
+    def signature_hash_algorithm(
+        self,
+    ) -> hashes.HashAlgorithm | None: ...
+    @property
+    def signature_algorithm_oid(self) -> x509.ObjectIdentifier: ...
+    @property
+    def signature_algorithm_parameters(
+        self,
+    ) -> PSS | PKCS1v15 | ECDSA | None: ...
+    @property
+    def extensions(self) -> x509.Extensions: ...
+    @property
+    def attributes(self) -> x509.Attributes: ...
+    def public_bytes(self, encoding: serialization.Encoding) -> bytes: ...
+    @property
+    def signature(self) -> bytes: ...
+    @property
+    def tbs_certrequest_bytes(self) -> bytes: ...
+    @property
+    def is_signature_valid(self) -> bool: ...
+
+class PolicyBuilder:
+    def time(self, time: datetime.datetime) -> PolicyBuilder: ...
+    def store(self, store: Store) -> PolicyBuilder: ...
+    def max_chain_depth(self, max_chain_depth: int) -> PolicyBuilder: ...
+    def extension_policies(
+        self, *, ca_policy: ExtensionPolicy, ee_policy: ExtensionPolicy
+    ) -> PolicyBuilder: ...
+    def build_client_verifier(self) -> ClientVerifier: ...
+    def build_server_verifier(
+        self, subject: x509.verification.Subject
+    ) -> ServerVerifier: ...
+
+class Policy:
+    @property
+    def max_chain_depth(self) -> int: ...
+    @property
+    def subject(self) -> x509.verification.Subject | None: ...
+    @property
+    def validation_time(self) -> datetime.datetime: ...
+    @property
+    def extended_key_usage(self) -> x509.ObjectIdentifier: ...
+    @property
+    def minimum_rsa_modulus(self) -> int: ...
+
+class Criticality:
+    CRITICAL: Criticality
+    AGNOSTIC: Criticality
+    NON_CRITICAL: Criticality
+
+T = typing.TypeVar("T", contravariant=True, bound=x509.ExtensionType)
+
+MaybeExtensionValidatorCallback = typing.Callable[
+    [
+        Policy,
+        x509.Certificate,
+        T | None,
+    ],
+    None,
+]
+
+PresentExtensionValidatorCallback = typing.Callable[
+    [Policy, x509.Certificate, T],
+    None,
+]
+
+class ExtensionPolicy:
+    @staticmethod
+    def permit_all() -> ExtensionPolicy: ...
+    @staticmethod
+    def webpki_defaults_ca() -> ExtensionPolicy: ...
+    @staticmethod
+    def webpki_defaults_ee() -> ExtensionPolicy: ...
+    def require_not_present(
+        self, extension_type: type[x509.ExtensionType]
+    ) -> ExtensionPolicy: ...
+    def may_be_present(
+        self,
+        extension_type: type[T],
+        criticality: Criticality,
+        validator: MaybeExtensionValidatorCallback[T] | None,
+    ) -> ExtensionPolicy: ...
+    def require_present(
+        self,
+        extension_type: type[T],
+        criticality: Criticality,
+        validator: PresentExtensionValidatorCallback[T] | None,
+    ) -> ExtensionPolicy: ...
+
+class VerifiedClient:
+    @property
+    def subjects(self) -> list[x509.GeneralName] | None: ...
+    @property
+    def chain(self) -> list[x509.Certificate]: ...
+
+class ClientVerifier:
+    @property
+    def policy(self) -> Policy: ...
+    @property
+    def store(self) -> Store: ...
+    def verify(
+        self,
+        leaf: x509.Certificate,
+        intermediates: list[x509.Certificate],
+    ) -> VerifiedClient: ...
+
+class ServerVerifier:
+    @property
+    def policy(self) -> Policy: ...
+    @property
+    def store(self) -> Store: ...
+    def verify(
+        self,
+        leaf: x509.Certificate,
+        intermediates: list[x509.Certificate],
+    ) -> list[x509.Certificate]: ...
+
+class Store:
+    def __init__(self, certs: list[x509.Certificate]) -> None: ...
+
+class VerificationError(Exception): ...

Backend/venv/lib/python3.12/site-packages/cryptography/hazmat/bindings/openssl/_conditional.py

@@ -4,17 +4,15 @@
 
 from __future__ import annotations
 
-import typing
 
-
-def cryptography_has_set_cert_cb() -> typing.List[str]:
+def cryptography_has_set_cert_cb() -> list[str]:
     return [
         "SSL_CTX_set_cert_cb",
         "SSL_set_cert_cb",
     ]
 
 
-def cryptography_has_ssl_st() -> typing.List[str]:
+def cryptography_has_ssl_st() -> list[str]:
     return [
         "SSL_ST_BEFORE",
         "SSL_ST_OK",
@@ -23,72 +21,20 @@ def cryptography_has_ssl_st() -> typing.List[str]:
     ]
 
 
-def cryptography_has_tls_st() -> typing.List[str]:
+def cryptography_has_tls_st() -> list[str]:
     return [
         "TLS_ST_BEFORE",
         "TLS_ST_OK",
     ]
 
 
-def cryptography_has_evp_pkey_dhx() -> typing.List[str]:
-    return [
-        "EVP_PKEY_DHX",
-    ]
-
-
-def cryptography_has_mem_functions() -> typing.List[str]:
-    return [
-        "Cryptography_CRYPTO_set_mem_functions",
-    ]
-
-
-def cryptography_has_x509_store_ctx_get_issuer() -> typing.List[str]:
-    return [
-        "X509_STORE_set_get_issuer",
-    ]
-
-
-def cryptography_has_ed448() -> typing.List[str]:
-    return [
-        "EVP_PKEY_ED448",
-        "NID_ED448",
-    ]
-
-
-def cryptography_has_ed25519() -> typing.List[str]:
-    return [
-        "NID_ED25519",
-        "EVP_PKEY_ED25519",
-    ]
-
-
-def cryptography_has_poly1305() -> typing.List[str]:
-    return [
-        "NID_poly1305",
-        "EVP_PKEY_POLY1305",
-    ]
-
-
-def cryptography_has_evp_digestfinal_xof() -> typing.List[str]:
-    return [
-        "EVP_DigestFinalXOF",
-    ]
-
-
-def cryptography_has_fips() -> typing.List[str]:
-    return [
-        "FIPS_mode_set",
-        "FIPS_mode",
-    ]
-
-
-def cryptography_has_ssl_sigalgs() -> typing.List[str]:
+def cryptography_has_ssl_sigalgs() -> list[str]:
     return [
         "SSL_CTX_set1_sigalgs_list",
     ]
 
 
-def cryptography_has_psk() -> typing.List[str]:
+def cryptography_has_psk() -> list[str]:
     return [
         "SSL_CTX_use_psk_identity_hint",
         "SSL_CTX_set_psk_server_callback",
@@ -96,7 +42,7 @@ def cryptography_has_psk() -> typing.List[str]:
     ]
 
 
-def cryptography_has_psk_tlsv13() -> typing.List[str]:
+def cryptography_has_psk_tlsv13() -> list[str]:
     return [
         "SSL_CTX_set_psk_find_session_callback",
         "SSL_CTX_set_psk_use_session_callback",
@@ -108,7 +54,7 @@ def cryptography_has_psk_tlsv13() -> typing.List[str]:
     ]
 
 
-def cryptography_has_custom_ext() -> typing.List[str]:
+def cryptography_has_custom_ext() -> list[str]:
     return [
         "SSL_CTX_add_client_custom_ext",
         "SSL_CTX_add_server_custom_ext",
@@ -116,10 +62,15 @@ def cryptography_has_custom_ext() -> typing.List[str]:
     ]
 
 
-def cryptography_has_tlsv13_functions() -> typing.List[str]:
+def cryptography_has_tlsv13_functions() -> list[str]:
+    return [
+        "SSL_CTX_set_ciphersuites",
+    ]
+
+
+def cryptography_has_tlsv13_hs_functions() -> list[str]:
     return [
         "SSL_VERIFY_POST_HANDSHAKE",
-        "SSL_CTX_set_ciphersuites",
         "SSL_verify_client_post_handshake",
         "SSL_CTX_set_post_handshake_auth",
         "SSL_set_post_handshake_auth",
@@ -130,16 +81,13 @@ def cryptography_has_tlsv13_functions() -> typing.List[str]:
     ]
 
 
-def cryptography_has_raw_key() -> typing.List[str]:
+def cryptography_has_ssl_verify_client_post_handshake() -> list[str]:
     return [
-        "EVP_PKEY_new_raw_private_key",
-        "EVP_PKEY_new_raw_public_key",
-        "EVP_PKEY_get_raw_private_key",
-        "EVP_PKEY_get_raw_public_key",
+        "SSL_verify_client_post_handshake",
     ]
 
 
-def cryptography_has_engine() -> typing.List[str]:
+def cryptography_has_engine() -> list[str]:
     return [
         "ENGINE_by_id",
         "ENGINE_init",
@@ -158,13 +106,13 @@ def cryptography_has_engine() -> typing.List[str]:
     ]
 
 
-def cryptography_has_verified_chain() -> typing.List[str]:
+def cryptography_has_verified_chain() -> list[str]:
     return [
         "SSL_get0_verified_chain",
     ]
 
 
-def cryptography_has_srtp() -> typing.List[str]:
+def cryptography_has_srtp() -> list[str]:
     return [
         "SSL_CTX_set_tlsext_use_srtp",
         "SSL_set_tlsext_use_srtp",
@@ -172,36 +120,19 @@ def cryptography_has_srtp() -> typing.List[str]:
     ]
 
 
-def cryptography_has_providers() -> typing.List[str]:
-    return [
-        "OSSL_PROVIDER_load",
-        "OSSL_PROVIDER_unload",
-        "ERR_LIB_PROV",
-        "PROV_R_WRONG_FINAL_BLOCK_LENGTH",
-        "PROV_R_BAD_DECRYPT",
-    ]
-
-
-def cryptography_has_op_no_renegotiation() -> typing.List[str]:
+def cryptography_has_op_no_renegotiation() -> list[str]:
     return [
         "SSL_OP_NO_RENEGOTIATION",
     ]
 
 
-def cryptography_has_dtls_get_data_mtu() -> typing.List[str]:
+def cryptography_has_dtls_get_data_mtu() -> list[str]:
     return [
         "DTLS_get_data_mtu",
     ]
 
 
-def cryptography_has_300_fips() -> typing.List[str]:
-    return [
-        "EVP_default_properties_is_fips_enabled",
-        "EVP_default_properties_enable_fips",
-    ]
-
-
-def cryptography_has_ssl_cookie() -> typing.List[str]:
+def cryptography_has_ssl_cookie() -> list[str]:
     return [
         "SSL_OP_COOKIE_EXCHANGE",
         "DTLSv1_listen",
@@ -210,67 +141,28 @@ def cryptography_has_ssl_cookie() -> typing.List[str]:
     ]
 
 
-def cryptography_has_pkcs7_funcs() -> typing.List[str]:
+def cryptography_has_prime_checks() -> list[str]:
     return [
-        "SMIME_write_PKCS7",
-        "PEM_write_bio_PKCS7_stream",
-        "PKCS7_sign_add_signer",
-        "PKCS7_final",
-        "PKCS7_verify",
-        "SMIME_read_PKCS7",
-        "PKCS7_get0_signers",
-    ]
-
-
-def cryptography_has_bn_flags() -> typing.List[str]:
-    return [
-        "BN_FLG_CONSTTIME",
-        "BN_set_flags",
         "BN_prime_checks_for_size",
     ]
 
 
-def cryptography_has_evp_pkey_dh() -> typing.List[str]:
-    return [
-        "EVP_PKEY_set1_DH",
-    ]
-
-
-def cryptography_has_300_evp_cipher() -> typing.List[str]:
-    return ["EVP_CIPHER_fetch", "EVP_CIPHER_free"]
-
-
-def cryptography_has_unexpected_eof_while_reading() -> typing.List[str]:
+def cryptography_has_unexpected_eof_while_reading() -> list[str]:
     return ["SSL_R_UNEXPECTED_EOF_WHILE_READING"]
 
 
-def cryptography_has_pkcs12_set_mac() -> typing.List[str]:
-    return ["PKCS12_set_mac"]
-
-
-def cryptography_has_ssl_op_ignore_unexpected_eof() -> typing.List[str]:
+def cryptography_has_ssl_op_ignore_unexpected_eof() -> list[str]:
     return [
         "SSL_OP_IGNORE_UNEXPECTED_EOF",
     ]
 
 
-def cryptography_has_get_extms_support() -> typing.List[str]:
+def cryptography_has_get_extms_support() -> list[str]:
     return ["SSL_get_extms_support"]
 
 
-def cryptography_has_evp_pkey_set_peer_ex() -> typing.List[str]:
-    return ["EVP_PKEY_derive_set_peer_ex"]
-
-
-def cryptography_has_evp_aead() -> typing.List[str]:
-    return [
-        "EVP_aead_chacha20_poly1305",
-        "EVP_AEAD_CTX_free",
-        "EVP_AEAD_CTX_seal",
-        "EVP_AEAD_CTX_open",
-        "EVP_AEAD_max_overhead",
-        "Cryptography_EVP_AEAD_CTX_new",
-    ]
+def cryptography_has_ssl_get0_group_name() -> list[str]:
+    return ["SSL_get0_group_name"]
 
 
 # This is a mapping of
@@ -282,48 +174,34 @@ CONDITIONAL_NAMES = {
     "Cryptography_HAS_SET_CERT_CB": cryptography_has_set_cert_cb,
     "Cryptography_HAS_SSL_ST": cryptography_has_ssl_st,
     "Cryptography_HAS_TLS_ST": cryptography_has_tls_st,
-    "Cryptography_HAS_EVP_PKEY_DHX": cryptography_has_evp_pkey_dhx,
-    "Cryptography_HAS_MEM_FUNCTIONS": cryptography_has_mem_functions,
-    "Cryptography_HAS_X509_STORE_CTX_GET_ISSUER": (
-        cryptography_has_x509_store_ctx_get_issuer
-    ),
-    "Cryptography_HAS_ED448": cryptography_has_ed448,
-    "Cryptography_HAS_ED25519": cryptography_has_ed25519,
-    "Cryptography_HAS_POLY1305": cryptography_has_poly1305,
-    "Cryptography_HAS_FIPS": cryptography_has_fips,
     "Cryptography_HAS_SIGALGS": cryptography_has_ssl_sigalgs,
     "Cryptography_HAS_PSK": cryptography_has_psk,
     "Cryptography_HAS_PSK_TLSv1_3": cryptography_has_psk_tlsv13,
     "Cryptography_HAS_CUSTOM_EXT": cryptography_has_custom_ext,
     "Cryptography_HAS_TLSv1_3_FUNCTIONS": cryptography_has_tlsv13_functions,
-    "Cryptography_HAS_RAW_KEY": cryptography_has_raw_key,
-    "Cryptography_HAS_EVP_DIGESTFINAL_XOF": (
-        cryptography_has_evp_digestfinal_xof
+    "Cryptography_HAS_TLSv1_3_HS_FUNCTIONS": (
+        cryptography_has_tlsv13_hs_functions
+    ),
+    "Cryptography_HAS_SSL_VERIFY_CLIENT_POST_HANDSHAKE": (
+        cryptography_has_ssl_verify_client_post_handshake
     ),
     "Cryptography_HAS_ENGINE": cryptography_has_engine,
     "Cryptography_HAS_VERIFIED_CHAIN": cryptography_has_verified_chain,
     "Cryptography_HAS_SRTP": cryptography_has_srtp,
-    "Cryptography_HAS_PROVIDERS": cryptography_has_providers,
     "Cryptography_HAS_OP_NO_RENEGOTIATION": (
         cryptography_has_op_no_renegotiation
     ),
     "Cryptography_HAS_DTLS_GET_DATA_MTU": cryptography_has_dtls_get_data_mtu,
-    "Cryptography_HAS_300_FIPS": cryptography_has_300_fips,
     "Cryptography_HAS_SSL_COOKIE": cryptography_has_ssl_cookie,
-    "Cryptography_HAS_PKCS7_FUNCS": cryptography_has_pkcs7_funcs,
-    "Cryptography_HAS_BN_FLAGS": cryptography_has_bn_flags,
-    "Cryptography_HAS_EVP_PKEY_DH": cryptography_has_evp_pkey_dh,
-    "Cryptography_HAS_300_EVP_CIPHER": cryptography_has_300_evp_cipher,
+    "Cryptography_HAS_PRIME_CHECKS": cryptography_has_prime_checks,
     "Cryptography_HAS_UNEXPECTED_EOF_WHILE_READING": (
         cryptography_has_unexpected_eof_while_reading
     ),
-    "Cryptography_HAS_PKCS12_SET_MAC": cryptography_has_pkcs12_set_mac,
     "Cryptography_HAS_SSL_OP_IGNORE_UNEXPECTED_EOF": (
         cryptography_has_ssl_op_ignore_unexpected_eof
     ),
     "Cryptography_HAS_GET_EXTMS_SUPPORT": cryptography_has_get_extms_support,
-    "Cryptography_HAS_EVP_PKEY_SET_PEER_EX": (
-        cryptography_has_evp_pkey_set_peer_ex
+    "Cryptography_HAS_SSL_GET0_GROUP_NAME": (
+        cryptography_has_ssl_get0_group_name
     ),
-    "Cryptography_HAS_EVP_AEAD": (cryptography_has_evp_aead),
 }

Backend/venv/lib/python3.12/site-packages/cryptography/hazmat/bindings/openssl/binding.py

@@ -10,21 +10,18 @@ import threading
 import types
 import typing
 import warnings
+from collections.abc import Callable
 
 import cryptography
 from cryptography.exceptions import InternalError
 from cryptography.hazmat.bindings._rust import _openssl, openssl
 from cryptography.hazmat.bindings.openssl._conditional import CONDITIONAL_NAMES
+from cryptography.utils import CryptographyDeprecationWarning
 
 
-def _openssl_assert(
-    lib,
-    ok: bool,
-    errors: typing.Optional[typing.List[openssl.OpenSSLError]] = None,
-) -> None:
+def _openssl_assert(ok: bool) -> None:
     if not ok:
-        if errors is None:
-            errors = openssl.capture_error_stack()
+        errors = openssl.capture_error_stack()
 
         raise InternalError(
             "Unknown OpenSSL error. This error is commonly encountered when "
@@ -33,25 +30,14 @@ def _openssl_assert(
             "OpenSSL try disabling it before reporting a bug. Otherwise "
             "please file an issue at https://github.com/pyca/cryptography/"
             "issues with information on how to reproduce "
-            "this. ({!r})".format(errors),
+            f"this. ({errors!r})",
             errors,
         )
 
 
-def _legacy_provider_error(loaded: bool) -> None:
-    if not loaded:
-        raise RuntimeError(
-            "OpenSSL 3.0's legacy provider failed to load. This is a fatal "
-            "error by default, but cryptography supports running without "
-            "legacy algorithms by setting the environment variable "
-            "CRYPTOGRAPHY_OPENSSL_NO_LEGACY. If you did not expect this error,"
-            " you have likely made a mistake with your OpenSSL configuration."
-        )
-
-
 def build_conditional_library(
     lib: typing.Any,
-    conditional_names: typing.Dict[str, typing.Callable[[], typing.List[str]]],
+    conditional_names: dict[str, Callable[[], list[str]]],
 ) -> typing.Any:
     conditional_lib = types.ModuleType("lib")
     conditional_lib._original_lib = lib  # type: ignore[attr-defined]
@@ -72,33 +58,14 @@ class Binding:
     OpenSSL API wrapper.
     """
 
-    lib: typing.ClassVar = None
+    lib: typing.ClassVar[typing.Any] = None
     ffi = _openssl.ffi
     _lib_loaded = False
     _init_lock = threading.Lock()
-    _legacy_provider: typing.Any = ffi.NULL
-    _legacy_provider_loaded = False
-    _default_provider: typing.Any = ffi.NULL
 
     def __init__(self) -> None:
         self._ensure_ffi_initialized()
 
-    def _enable_fips(self) -> None:
-        # This function enables FIPS mode for OpenSSL 3.0.0 on installs that
-        # have the FIPS provider installed properly.
-        _openssl_assert(self.lib, self.lib.CRYPTOGRAPHY_OPENSSL_300_OR_GREATER)
-        self._base_provider = self.lib.OSSL_PROVIDER_load(
-            self.ffi.NULL, b"base"
-        )
-        _openssl_assert(self.lib, self._base_provider != self.ffi.NULL)
-        self.lib._fips_provider = self.lib.OSSL_PROVIDER_load(
-            self.ffi.NULL, b"fips"
-        )
-        _openssl_assert(self.lib, self.lib._fips_provider != self.ffi.NULL)
-
-        res = self.lib.EVP_default_properties_enable_fips(self.ffi.NULL, 1)
-        _openssl_assert(self.lib, res == 1)
-
     @classmethod
     def _ensure_ffi_initialized(cls) -> None:
         with cls._init_lock:
@@ -107,27 +74,6 @@ class Binding:
                     _openssl.lib, CONDITIONAL_NAMES
                 )
                 cls._lib_loaded = True
-                # As of OpenSSL 3.0.0 we must register a legacy cipher provider
-                # to get RC2 (needed for junk asymmetric private key
-                # serialization), RC4, Blowfish, IDEA, SEED, etc. These things
-                # are ugly legacy, but we aren't going to get rid of them
-                # any time soon.
-                if cls.lib.CRYPTOGRAPHY_OPENSSL_300_OR_GREATER:
-                    if not os.environ.get("CRYPTOGRAPHY_OPENSSL_NO_LEGACY"):
-                        cls._legacy_provider = cls.lib.OSSL_PROVIDER_load(
-                            cls.ffi.NULL, b"legacy"
-                        )
-                        cls._legacy_provider_loaded = (
-                            cls._legacy_provider != cls.ffi.NULL
-                        )
-                        _legacy_provider_error(cls._legacy_provider_loaded)
-
-                    cls._default_provider = cls.lib.OSSL_PROVIDER_load(
-                        cls.ffi.NULL, b"default"
-                    )
-                    _openssl_assert(
-                        cls.lib, cls._default_provider != cls.ffi.NULL
-                    )
 
     @classmethod
     def init_static_locks(cls) -> None:
@@ -151,13 +97,11 @@ def _verify_package_version(version: str) -> None:
             "shared object. This can happen if you have multiple copies of "
             "cryptography installed in your Python path. Please try creating "
             "a new virtual environment to resolve this issue. "
-            "Loaded python version: {}, shared object version: {}".format(
-                version, so_package_version
-            )
+            f"Loaded python version: {version}, "
+            f"shared object version: {so_package_version}"
         )
 
     _openssl_assert(
-        _openssl.lib,
         _openssl.lib.OpenSSL_version_num() == openssl.openssl_version(),
     )
 
@@ -177,3 +121,17 @@ if (
         UserWarning,
         stacklevel=2,
     )
+
+if (
+    not openssl.CRYPTOGRAPHY_IS_LIBRESSL
+    and not openssl.CRYPTOGRAPHY_IS_BORINGSSL
+    and not openssl.CRYPTOGRAPHY_IS_AWSLC
+    and not openssl.CRYPTOGRAPHY_OPENSSL_300_OR_GREATER
+):
+    warnings.warn(
+        "You are using OpenSSL < 3.0. Support for OpenSSL < 3.0 is deprecated "
+        "and will be removed in the next release. Please upgrade to OpenSSL "
+        "3.0 or later.",
+        CryptographyDeprecationWarning,
+        stacklevel=2,
+    )