Fixed two lifetime errors in `common.rs` with `gil-refs` disabled (#10811)

author: Alex Gaynor <alex.gaynor@gmail.com> 2024-04-14 18:51:08 -0400
committer: GitHub <noreply@github.com> 2024-04-14 17:51:08 -0500
commit: f61fc109fdce384ffbd2cf89f57e874b7fc4698c (patch)
tree: 261219604469f51cae1e6a5b1822e6549b85a008 /src
parent: b75945c9349bd34fda63520a5aab7ed3235fa2cf (diff)
download: pyca-cryptography-f61fc109fdce384ffbd2cf89f57e874b7fc4698c.zip
pyca-cryptography-f61fc109fdce384ffbd2cf89f57e874b7fc4698c.tar.gz
pyca-cryptography-f61fc109fdce384ffbd2cf89f57e874b7fc4698c.tar.bz2
6 files changed, 31 insertions, 8 deletions
diff --git a/src/rust/src/x509/certificate.rs b/src/rust/src/x509/certificate.rs
index c8a2ac8..0607eeb 100644
--- a/src/rust/src/x509/certificate.rs
+++ b/src/rust/src/x509/certificate.rs
@@ -918,6 +918,9 @@ fn create_x509_certificate(
     let py_not_before = builder.getattr(pyo3::intern!(py, "_not_valid_before"))?;
     let py_not_after = builder.getattr(pyo3::intern!(py, "_not_valid_after"))?;
 
+    let ka_vec = cryptography_keepalive::KeepAlive::new();
+    let ka_bytes = cryptography_keepalive::KeepAlive::new();
+
     let serial_bytes = py_uint_to_big_endian_bytes(py, py_serial)?;
     let tbs_cert = cryptography_x509::certificate::TbsCertificate {
         version: builder
@@ -937,6 +940,8 @@ fn create_x509_certificate(
         subject_unique_id: None,
         raw_extensions: x509::common::encode_extensions(
             py,
+            &ka_vec,
+            &ka_bytes,
             &builder.getattr(pyo3::intern!(py, "_extensions"))?,
             extensions::encode_extension,
         )?,
diff --git a/src/rust/src/x509/common.rs b/src/rust/src/x509/common.rs
index 6b115e8..17ff969 100644
--- a/src/rust/src/x509/common.rs
+++ b/src/rust/src/x509/common.rs
@@ -410,6 +410,8 @@ pub(crate) fn encode_extensions<
     ) -> CryptographyResult<Option<Vec<u8>>>,
 >(
     py: pyo3::Python<'p>,
+    ka_vec: &'p cryptography_keepalive::KeepAlive<Vec<u8>>,
+    ka_bytes: &'p cryptography_keepalive::KeepAlive<pyo3::pybacked::PyBackedBytes>,
     py_exts: &pyo3::Bound<'p, pyo3::PyAny>,
     encode_ext: F,
 ) -> pyo3::PyResult<Option<RawExtensions<'p>>> {
@@ -424,20 +426,16 @@ pub(crate) fn encode_extensions<
             exts.push(Extension {
                 extn_id: oid,
                 critical: py_ext.getattr(pyo3::intern!(py, "critical"))?.extract()?,
-                extn_value: ext_val
-                    .getattr(pyo3::intern!(py, "value"))?
-                    .extract::<&[u8]>()?,
+                extn_value: ka_bytes.add(ext_val.getattr(pyo3::intern!(py, "value"))?.extract()?),
             });
             continue;
         }
         match encode_ext(py, &oid, &ext_val)? {
             Some(data) => {
-                // TODO: extra copy
-                let py_data = pyo3::types::PyBytes::new_bound(py, &data);
                 exts.push(Extension {
                     extn_id: oid,
                     critical: py_ext.getattr(pyo3::intern!(py, "critical"))?.extract()?,
-                    extn_value: py_data.extract()?,
+                    extn_value: ka_vec.add(data),
                 });
             }
             None => {
diff --git a/src/rust/src/x509/crl.rs b/src/rust/src/x509/crl.rs
index 4484efe..b3e37e9 100644
--- a/src/rust/src/x509/crl.rs
+++ b/src/rust/src/x509/crl.rs
@@ -655,7 +655,8 @@ fn create_x509_crl(
         rsa_padding.to_owned(),
     )?;
     let mut revoked_certs = vec![];
-    let ka = cryptography_keepalive::KeepAlive::new();
+    let ka_vec = cryptography_keepalive::KeepAlive::new();
+    let ka_bytes = cryptography_keepalive::KeepAlive::new();
     for py_revoked_cert in builder
         .getattr(pyo3::intern!(py, "_revoked_certificates"))?
         .iter()?
@@ -666,12 +667,14 @@ fn create_x509_crl(
             .extract()?;
         let py_revocation_date =
             py_revoked_cert.getattr(pyo3::intern!(py, "revocation_date_utc"))?;
-        let serial_bytes = ka.add(py_uint_to_big_endian_bytes(py, serial_number)?);
+        let serial_bytes = ka_bytes.add(py_uint_to_big_endian_bytes(py, serial_number)?);
         revoked_certs.push(crl::RevokedCertificate {
             user_certificate: asn1::BigUint::new(serial_bytes).unwrap(),
             revocation_date: x509::certificate::time_from_py(py, &py_revocation_date)?,
             raw_crl_entry_extensions: x509::common::encode_extensions(
                 py,
+                &ka_vec,
+                &ka_bytes,
                 &py_revoked_cert.getattr(pyo3::intern!(py, "extensions"))?,
                 extensions::encode_extension,
             )?,
@@ -696,6 +699,8 @@ fn create_x509_crl(
         },
         raw_crl_extensions: x509::common::encode_extensions(
             py,
+            &ka_vec,
+            &ka_bytes,
             &builder.getattr(pyo3::intern!(py, "_extensions"))?,
             extensions::encode_extension,
         )?,
diff --git a/src/rust/src/x509/csr.rs b/src/rust/src/x509/csr.rs
index 1aab9d3..240f7f5 100644
--- a/src/rust/src/x509/csr.rs
+++ b/src/rust/src/x509/csr.rs
@@ -305,10 +305,15 @@ fn create_x509_csr(
         .call_method1(pyo3::intern!(py, "public_bytes"), (der, spki))?
         .extract::<pyo3::pybacked::PyBackedBytes>()?;
 
+    let ka_vec = cryptography_keepalive::KeepAlive::new();
+    let ka_bytes = cryptography_keepalive::KeepAlive::new();
+
     let mut attrs = vec![];
     let ext_bytes;
     if let Some(exts) = x509::common::encode_extensions(
         py,
+        &ka_vec,
+        &ka_bytes,
         &builder.getattr(pyo3::intern!(py, "_extensions"))?,
         x509::extensions::encode_extension,
     )? {
diff --git a/src/rust/src/x509/ocsp_req.rs b/src/rust/src/x509/ocsp_req.rs
index 6635259..218939d 100644
--- a/src/rust/src/x509/ocsp_req.rs
+++ b/src/rust/src/x509/ocsp_req.rs
@@ -200,8 +200,13 @@ fn create_ocsp_request(
         )?
     };
 
+    let ka_vec = cryptography_keepalive::KeepAlive::new();
+    let ka_bytes = cryptography_keepalive::KeepAlive::new();
+
     let extensions = x509::common::encode_extensions(
         py,
+        &ka_vec,
+        &ka_bytes,
         &builder.getattr(pyo3::intern!(py, "_extensions"))?,
         extensions::encode_extension,
     )?;
diff --git a/src/rust/src/x509/ocsp_resp.rs b/src/rust/src/x509/ocsp_resp.rs
index 4ec133a..e4038af 100644
--- a/src/rust/src/x509/ocsp_resp.rs
+++ b/src/rust/src/x509/ocsp_resp.rs
@@ -702,6 +702,9 @@ fn create_ocsp_response(
         )
     };
 
+    let ka_vec = cryptography_keepalive::KeepAlive::new();
+    let ka_bytes = cryptography_keepalive::KeepAlive::new();
+
     let tbs_response_data = ocsp_resp::ResponseData {
         version: 0,
         produced_at: asn1::GeneralizedTime::new(x509::common::datetime_now(py)?)?,
@@ -711,6 +714,8 @@ fn create_ocsp_response(
         )),
         raw_response_extensions: x509::common::encode_extensions(
             py,
+            &ka_vec,
+            &ka_bytes,
             &builder.getattr(pyo3::intern!(py, "_extensions"))?,
             extensions::encode_extension,
         )?,
author	Alex Gaynor <alex.gaynor@gmail.com>	2024-04-14 18:51:08 -0400
committer	GitHub <noreply@github.com>	2024-04-14 17:51:08 -0500
commit	f61fc109fdce384ffbd2cf89f57e874b7fc4698c (patch)
tree	261219604469f51cae1e6a5b1822e6549b85a008 /src
parent	b75945c9349bd34fda63520a5aab7ed3235fa2cf (diff)
download	pyca-cryptography-f61fc109fdce384ffbd2cf89f57e874b7fc4698c.zip pyca-cryptography-f61fc109fdce384ffbd2cf89f57e874b7fc4698c.tar.gz pyca-cryptography-f61fc109fdce384ffbd2cf89f57e874b7fc4698c.tar.bz2