From 90b704e3c76e6118806d574598f6ff13a33d00b9 Mon Sep 17 00:00:00 2001 From: Wong Hoi Sing Edison Date: Wed, 3 Jan 2024 14:51:23 +0800 Subject: [PATCH] Rollback to `pyo3 = { version = "0.16.6", features = ["abi3"] }` In order to avoid `ImportError: PyO3 modules compiled for CPython 3.8 or older may only be initialized once per interpreter process` introduced since pyo3 >= 0.17.0, which only allow each `#[pymodule]` to be initialized once, this PR temporarily rollback to pyo3 = 0.16.6. It also remove the use of `PyUserWarning` which introduced since pyo3 > 0.18.0. See https://github.com/PyO3/pyo3/commit/78ba70d2b4cdae1228561700bab62da793801d18 See https://github.com/PyO3/pyo3/commit/1d20f2a5317585c13750e4433fe502dd25230775 Fixes https://github.com/pyca/bcrypt/issues/694 Signed-off-by: Wong Hoi Sing Edison --- src/_bcrypt/Cargo.lock | 49 ++++++++++++++---------------------------- src/_bcrypt/Cargo.toml | 2 +- src/_bcrypt/src/lib.rs | 12 ----------- tests/test_bcrypt.py | 5 ----- 4 files changed, 17 insertions(+), 51 deletions(-) diff --git a/src/_bcrypt/Cargo.lock b/src/_bcrypt/Cargo.lock index 9353ee9e..729bcc0a 100644 --- a/src/_bcrypt/Cargo.lock +++ b/src/_bcrypt/Cargo.lock @@ -148,17 +148,11 @@ dependencies = [ "wasi", ] -[[package]] -name = "heck" -version = "0.4.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8" - [[package]] name = "indoc" -version = "2.0.4" +version = "1.0.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1e186cfbae8084e513daff4240b4797e342f988cecda4fb6c939150f96315fd8" +checksum = "bfa799dd5ed20a7e349f3b4639aa80d74549c81716d9ec4f994c9b5815598306" [[package]] name = "inout" @@ -185,15 +179,6 @@ dependencies = [ "scopeguard", ] -[[package]] -name = "memoffset" -version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5a634b1c61a95585bd15607c6ab0c4e5b226e695ff2800ba0cdccddf208c406c" -dependencies = [ - "autocfg", -] - [[package]] name = "once_cell" version = "1.19.0" @@ -243,14 +228,13 @@ dependencies = [ [[package]] name = "pyo3" -version = "0.20.1" +version = "0.16.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e82ad98ce1991c9c70c3464ba4187337b9c45fcbbb060d46dca15f0c075e14e2" +checksum = "0220c44442c9b239dd4357aa856ac468a4f5e1f0df19ddb89b2522952eb4c6ca" dependencies = [ "cfg-if", "indoc", "libc", - "memoffset", "parking_lot", "pyo3-build-config", "pyo3-ffi", @@ -260,9 +244,9 @@ dependencies = [ [[package]] name = "pyo3-build-config" -version = "0.20.1" +version = "0.16.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5503d0b3aee2c7a8dbb389cd87cd9649f675d4c7f60ca33699a3e3859d81a891" +checksum = "9c819d397859445928609d0ec5afc2da5204e0d0f73d6bf9e153b04e83c9cdc2" dependencies = [ "once_cell", "target-lexicon", @@ -270,9 +254,9 @@ dependencies = [ [[package]] name = "pyo3-ffi" -version = "0.20.1" +version = "0.16.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "18a79e8d80486a00d11c0dcb27cd2aa17c022cc95c677b461f01797226ba8f41" +checksum = "ca882703ab55f54702d7bfe1189b41b0af10272389f04cae38fe4cd56c65f75f" dependencies = [ "libc", "pyo3-build-config", @@ -280,9 +264,9 @@ dependencies = [ [[package]] name = "pyo3-macros" -version = "0.20.1" +version = "0.16.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1f4b0dc7eaa578604fab11c8c7ff8934c71249c61d4def8e272c76ed879f03d4" +checksum = "568749402955ad7be7bad9a09b8593851cd36e549ac90bfd44079cea500f3f21" dependencies = [ "proc-macro2", "pyo3-macros-backend", @@ -292,11 +276,10 @@ dependencies = [ [[package]] name = "pyo3-macros-backend" -version = "0.20.1" +version = "0.16.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "816a4f709e29ddab2e3cdfe94600d554c5556cad0ddfeea95c47b580c3247fa4" +checksum = "611f64e82d98f447787e82b8e7b0ebc681e1eb78fc1252668b2c605ffb4e1eb8" dependencies = [ - "heck", "proc-macro2", "quote", "syn", @@ -351,9 +334,9 @@ checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" [[package]] name = "syn" -version = "2.0.45" +version = "1.0.109" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0eae3c679c56dc214320b67a1bc04ef3dfbd6411f6443974b5e4893231298e66" +checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237" dependencies = [ "proc-macro2", "quote", @@ -380,9 +363,9 @@ checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" [[package]] name = "unindent" -version = "0.2.3" +version = "0.1.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c7de7d73e1754487cb58364ee906a499937a0dfabd86bcb980fa99ec8c8fa2ce" +checksum = "e1766d682d402817b5ac4490b3c3002d91dfa0d22812f341609f97b08757359c" [[package]] name = "version_check" diff --git a/src/_bcrypt/Cargo.toml b/src/_bcrypt/Cargo.toml index 40082740..36dc219f 100644 --- a/src/_bcrypt/Cargo.toml +++ b/src/_bcrypt/Cargo.toml @@ -6,7 +6,7 @@ edition = "2018" publish = false [dependencies] -pyo3 = { version = "0.20.1", features = ["abi3"] } +pyo3 = { version = "0.16.6", features = ["abi3"] } bcrypt = "0.15" bcrypt-pbkdf = "0.10.0" base64 = "0.21.5" diff --git a/src/_bcrypt/src/lib.rs b/src/_bcrypt/src/lib.rs index a3472148..72405aae 100644 --- a/src/_bcrypt/src/lib.rs +++ b/src/_bcrypt/src/lib.rs @@ -151,18 +151,6 @@ fn kdf<'p>( )); } - if rounds < 50 && !ignore_few_rounds { - // They probably think bcrypt.kdf()'s rounds parameter is logarithmic, - // expecting this value to be slow enough (it probably would be if this - // were bcrypt). Emit a warning. - pyo3::PyErr::warn( - py, - pyo3::exceptions::PyUserWarning::type_object(py), - &format!("Warning: bcrypt.kdf() called with only {rounds} round(s). This few is not secure: the parameter is linear, like PBKDF2."), - 3 - )?; - } - pyo3::types::PyBytes::new_with(py, desired_key_bytes, |output| { py.allow_threads(|| { bcrypt_pbkdf::bcrypt_pbkdf(password, salt, rounds, output).unwrap(); diff --git a/tests/test_bcrypt.py b/tests/test_bcrypt.py index 68c00fb4..01a12a2f 100644 --- a/tests/test_bcrypt.py +++ b/tests/test_bcrypt.py @@ -462,11 +462,6 @@ def test_kdf_no_warn_rounds(): bcrypt.kdf(b"password", b"salt", 10, 10, True) -def test_kdf_warn_rounds(): - with pytest.warns(UserWarning): - bcrypt.kdf(b"password", b"salt", 10, 10) - - @pytest.mark.parametrize( ("password", "salt", "desired_key_bytes", "rounds", "error"), [