From 752abd2dd958011aa94afa88e123f637fbbfc135 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Mon, 19 May 2025 01:47:07 +0200 Subject: [PATCH 1/3] Remove get_random_bytes from cryptography backend The RAND_bytes binding has been removed in cryptography 45.0. The recommendation[1] is now to rely on `os.urandom`, which is already implemented in the native backend. The pycrpto implementation was removed earlier, so this removes the leftover attempt to import it. Closes: #380 [1] https://cryptography.io/en/latest/random-numbers/ --- jose/backends/__init__.py | 8 +------- jose/backends/cryptography_backend.py | 24 +----------------------- 2 files changed, 2 insertions(+), 30 deletions(-) diff --git a/jose/backends/__init__.py b/jose/backends/__init__.py index e7bba690..99189691 100644 --- a/jose/backends/__init__.py +++ b/jose/backends/__init__.py @@ -1,10 +1,4 @@ -try: - from jose.backends.cryptography_backend import get_random_bytes # noqa: F401 -except ImportError: - try: - from jose.backends.pycrypto_backend import get_random_bytes # noqa: F401 - except ImportError: - from jose.backends.native import get_random_bytes # noqa: F401 +from jose.backends.native import get_random_bytes # noqa: F401 try: from jose.backends.cryptography_backend import CryptographyRSAKey as RSAKey # noqa: F401 diff --git a/jose/backends/cryptography_backend.py b/jose/backends/cryptography_backend.py index 1525cf26..3dce9865 100644 --- a/jose/backends/cryptography_backend.py +++ b/jose/backends/cryptography_backend.py @@ -26,33 +26,11 @@ long_to_base64, ) from .base import Key +from . import get_random_bytes _binding = None -def get_random_bytes(num_bytes): - """ - Get random bytes - - Currently, Cryptography returns OS random bytes. If you want OpenSSL - generated random bytes, you'll have to switch the RAND engine after - initializing the OpenSSL backend - Args: - num_bytes (int): Number of random bytes to generate and return - Returns: - bytes: Random bytes - """ - global _binding - - if _binding is None: - _binding = Binding() - - buf = _binding.ffi.new("char[]", num_bytes) - _binding.lib.RAND_bytes(buf, num_bytes) - rand_bytes = _binding.ffi.buffer(buf, num_bytes)[:] - return rand_bytes - - class CryptographyECKey(Key): SHA256 = hashes.SHA256 SHA384 = hashes.SHA384 From 0770c7d904964069ac123b3b67b175e37211f359 Mon Sep 17 00:00:00 2001 From: Asher Foa Date: Wed, 28 May 2025 11:59:32 -0400 Subject: [PATCH 2/3] remove unused import --- jose/backends/cryptography_backend.py | 1 - 1 file changed, 1 deletion(-) diff --git a/jose/backends/cryptography_backend.py b/jose/backends/cryptography_backend.py index 3dce9865..cc72f479 100644 --- a/jose/backends/cryptography_backend.py +++ b/jose/backends/cryptography_backend.py @@ -3,7 +3,6 @@ from cryptography.exceptions import InvalidSignature, InvalidTag from cryptography.hazmat.backends import default_backend -from cryptography.hazmat.bindings.openssl.binding import Binding from cryptography.hazmat.primitives import hashes, hmac, serialization from cryptography.hazmat.primitives.asymmetric import ec, padding, rsa from cryptography.hazmat.primitives.asymmetric.utils import decode_dss_signature, encode_dss_signature From 3724ee13a0764081a4953489c6b15e42f2a88471 Mon Sep 17 00:00:00 2001 From: Asher Foa Date: Wed, 28 May 2025 12:03:15 -0400 Subject: [PATCH 3/3] fix import order --- jose/backends/cryptography_backend.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jose/backends/cryptography_backend.py b/jose/backends/cryptography_backend.py index cc72f479..7b855e72 100644 --- a/jose/backends/cryptography_backend.py +++ b/jose/backends/cryptography_backend.py @@ -24,8 +24,8 @@ is_ssh_key, long_to_base64, ) -from .base import Key from . import get_random_bytes +from .base import Key _binding = None