Convert symmetric ciphers to Rust

Author: alex

src/cryptography/hazmat/backends/openssl/backend.py

@@ -12,7 +12,6 @@
 from cryptography import utils, x509
 from cryptography.exceptions import UnsupportedAlgorithm, _Reasons
 from cryptography.hazmat.backends.openssl import aead
-from cryptography.hazmat.backends.openssl.ciphers import _CipherContext
 from cryptography.hazmat.bindings._rust import openssl as rust_openssl
 from cryptography.hazmat.bindings.openssl import binding
 from cryptography.hazmat.primitives import hashes, serialization
@@ -142,12 +141,8 @@ def __repr__(self) -> str:
             self._binding._legacy_provider_loaded,
         )
 
-    def openssl_assert(
-        self,
-        ok: bool,
-        errors: list[rust_openssl.OpenSSLError] | None = None,
-    ) -> None:
-        return binding._openssl_assert(ok, errors=errors)
+    def openssl_assert(self, ok: bool) -> None:
+        return binding._openssl_assert(ok)
 
     def _enable_fips(self) -> None:
         # This function enables FIPS mode for OpenSSL 3.0.0 on installs that
@@ -310,16 +305,6 @@ def _register_default_ciphers(self) -> None:
                 _RC2, type(None), GetCipherByName("rc2")
             )
 
-    def create_symmetric_encryption_ctx(
-        self, cipher: CipherAlgorithm, mode: Mode
-    ) -> _CipherContext:
-        return _CipherContext(self, cipher, mode, _CipherContext._ENCRYPT)
-
-    def create_symmetric_decryption_ctx(
-        self, cipher: CipherAlgorithm, mode: Mode
-    ) -> _CipherContext:
-        return _CipherContext(self, cipher, mode, _CipherContext._DECRYPT)
-
     def pbkdf2_hmac_supported(self, algorithm: hashes.HashAlgorithm) -> bool:
         return self.hmac_supported(algorithm)
 

src/cryptography/hazmat/backends/openssl/ciphers.py

@@ -6,6 +6,7 @@ import typing
 
 from cryptography.hazmat.bindings._rust.openssl import (
     aead,
+    ciphers,
     cmac,
     dh,
     dsa,
@@ -26,6 +27,7 @@ __all__ = [
     "openssl_version",
     "raise_openssl_error",
     "aead",
+    "ciphers",
     "cmac",
     "dh",
     "dsa",

src/cryptography/hazmat/bindings/_rust/openssl/__init__.pyi

@@ -0,0 +1,35 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+import typing
+
+from cryptography.hazmat.primitives import ciphers
+from cryptography.hazmat.primitives.ciphers import modes
+
+@typing.overload
+def create_encryption_ctx(
+    algorithm: ciphers.CipherAlgorithm, mode: modes.ModeWithAuthenticationTag
+) -> ciphers.AEADEncryptionContext: ...
+@typing.overload
+def create_encryption_ctx(
+    algorithm: ciphers.CipherAlgorithm, mode: modes.Mode
+) -> ciphers.CipherContext: ...
+@typing.overload
+def create_decryption_ctx(
+    algorithm: ciphers.CipherAlgorithm, mode: modes.ModeWithAuthenticationTag
+) -> ciphers.AEADDecryptionContext: ...
+@typing.overload
+def create_decryption_ctx(
+    algorithm: ciphers.CipherAlgorithm, mode: modes.Mode
+) -> ciphers.CipherContext: ...
+def _advance(
+    ctx: ciphers.AEADEncryptionContext | ciphers.AEADDecryptionContext, n: int
+) -> None: ...
+def _advance_aad(
+    ctx: ciphers.AEADEncryptionContext | ciphers.AEADDecryptionContext, n: int
+) -> None: ...
+
+class CipherContext: ...
+class AEADEncryptionContext: ...
+class AEADDecryptionContext: ...

src/cryptography/hazmat/bindings/_rust/openssl/ciphers.pyi

@@ -17,13 +17,9 @@
 from cryptography.hazmat.bindings.openssl._conditional import CONDITIONAL_NAMES
 
 
-def _openssl_assert(
-    ok: bool,
-    errors: list[openssl.OpenSSLError] | None = None,
-) -> None:
+def _openssl_assert(ok: bool) -> None:
     if not ok:
-        if errors is None:
-            errors = openssl.capture_error_stack()
+        errors = openssl.capture_error_stack()
 
         raise InternalError(
             "Unknown OpenSSL error. This error is commonly encountered when "