Merge branch 'Legrandin:master' into resolve_redundantAssignment

.github/workflows/integration.yml

@@ -20,6 +20,12 @@ jobs:
           - python-version: "3.13"
             cffi: yes
             os: windows-latest
+          - python-version: "3.13"
+            cffi: no
+            os: windows-11-arm
+          - python-version: "3.13"
+            cffi: yes
+            os: windows-11-arm
           - python-version: pypy2.7
             cffi: no
             os: ubuntu-latest
@@ -123,6 +129,7 @@ jobs:
         else
           python -m Crypto.SelfTest
         fi
+
   mypy:
     runs-on: ubuntu-latest
     steps:
@@ -160,12 +167,16 @@ jobs:
         make -C build all test
 
   test_c_windows:
-    runs-on: windows-latest
+    runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        arch:
-          - x64
-          - win32
+        include:
+          - os: windows-latest
+            arch: x64
+          - os: windows-latest
+            arch: win32
+          - os: windows-11-arm
+            arch: arm64
     steps:
     - uses: actions/checkout@v4
     - name: Set up Python "3.13"

.github/workflows/wheels.yml

@@ -32,7 +32,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        os: [ubuntu-22.04, windows-2019, macos-13, ubuntu-22.04-arm]
+        os: [ubuntu-22.04, windows-2019, macos-13, ubuntu-22.04-arm, windows-11-arm]
 
     if: github.actor == 'Legrandin'
 
@@ -49,7 +49,7 @@ jobs:
         env:
           # cibuildwheel will build wheel once and test it for each CPython version
           # and for PyPy > 3.8.
-          CIBW_BUILD: "cp37-* cp38-* cp39-* cp310-* cp311-* cp312-* cp313-* pp39-* pp310-*"
+          CIBW_BUILD: "cp37-* cp38-* cp39-* cp310-* cp311-* cp312-* cp313-* cp313t-* pp39-* pp310-*"
           CIBW_MANYLINUX_X86_64_IMAGE: "manylinux2014"
           CIBW_MANYLINUX_I686_IMAGE: "manylinux2014"
           CIBW_MANYLINUX_AARCH64_IMAGE: "manylinux2014"

Changelog.rst

@@ -1,13 +1,21 @@
 Changelog
 =========
 
-Under development
+3.24.0 (under development)
+++++++++++++++++++++++++++
+
+Resolved issues
+---------------
+* GH#875: Fixed the Object Identifiers (OID) for BLAKE2.
+
+3.23.0 (17 May 2025)
 ++++++++++++++++++++++++++
 
 New features
 ---------------
 * Added cipher modes Key Wrap (KW, RFC3394) and Key Wrap with Padding (KWP, RFC5649).
   Both are defined also in NIST SP 800-38F.
+* Wheels for Windows ARM.
 
 Resolved issues
 ---------------

Doc/src/faq.rst

@@ -1,6 +1,20 @@
 Frequently Asked Questions
 --------------------------
 
+When will support for Python 2.7 stop?
+++++++++++++++++++++++++++++++++++++++++
+
+There are no plans to drop support for Python 2.7.
+This may change when maintenance becomes too cumbersome.
+
+However, new features will only be tested for Python 3.
+
+How can I encrypt using an ECC key?
+++++++++++++++++++++++++++++++++++++
+
+Use Hybrid Public Key Encryption (HPKE, RFC 9180)
+and the module :ref:`Crypto.Protocol.HPKE<hpke>`.
+
 Is CTR cipher mode compatible with Java?
 ++++++++++++++++++++++++++++++++++++++++++++++++++
 

Doc/src/protocol/hpke.rst

@@ -1,3 +1,5 @@
+.. _hpke:
+
 Hybrid Public Key Encryption (HPKE)
 =====================================
 

lib/Crypto/Hash/BLAKE2b.py

@@ -83,7 +83,7 @@ class BLAKE2b_Hash(object):
 
         # See https://tools.ietf.org/html/rfc7693
         if digest_bytes in (20, 32, 48, 64) and not key:
-            self.oid = "1.3.6.1.4.1.1722.12.2.1." + str(digest_bytes)
+            self.oid = "1.3.6.1.4.1.1722.12.2.1." + str(digest_bytes // 4)
 
         state = VoidPointer()
         result = _raw_blake2b_lib.blake2b_init(state.address_of(),

lib/Crypto/Hash/BLAKE2s.py

@@ -83,7 +83,7 @@ class BLAKE2s_Hash(object):
 
         # See https://tools.ietf.org/html/rfc7693
         if digest_bytes in (16, 20, 28, 32) and not key:
-            self.oid = "1.3.6.1.4.1.1722.12.2.2." + str(digest_bytes)
+            self.oid = "1.3.6.1.4.1.1722.12.2.2." + str(digest_bytes // 4)
 
         state = VoidPointer()
         result = _raw_blake2s_lib.blake2s_init(state.address_of(),

lib/Crypto/Math/_IntegerNative.py

@@ -263,7 +263,7 @@ class IntegerNative(IntegerBase):
                     raise ValueError("negative bit count")
         except OverflowError:
             result = 0
-        return result
+        return bool(result)
 
     # Extra
     def is_odd(self):

lib/Crypto/Protocol/HPKE.py

@@ -446,8 +446,6 @@ def new(*, receiver_key: EccKey,
         In the latter case,
         correctness of all the keys and parameters will only
         be assessed with the first call to ``unseal()``.
-
-    .. _HPKE: https://datatracker.ietf.org/doc/rfc9180/
     """
 
     if aead_id not in AEAD:

lib/Crypto/SelfTest/Hash/test_BLAKE2.py

@@ -158,9 +158,18 @@ class Blake2Test(unittest.TestCase):
 
         prefix = "1.3.6.1.4.1.1722.12.2." + self.oid_variant + "."
 
+        suffix = {
+            128: "4",
+            160: "5",
+            224: "7",
+            256: "8",
+            384: "12",
+            512: "16"
+        }
+
         for digest_bits in self.digest_bits_oid:
             h = self.BLAKE2.new(digest_bits=digest_bits)
-            self.assertEqual(h.oid, prefix + str(digest_bits // 8))
+            self.assertEqual(h.oid, prefix + suffix[digest_bits])
 
             h = self.BLAKE2.new(digest_bits=digest_bits, key=b"secret")
             self.assertRaises(AttributeError, lambda: h.oid)
@@ -477,6 +486,7 @@ def get_tests(config={}):
 
 if __name__ == '__main__':
     import unittest
+
     def suite():
         return unittest.TestSuite(get_tests())
     unittest.main(defaultTest='suite')

lib/Crypto/__init__.py

@@ -1,6 +1,6 @@
 __all__ = ['Cipher', 'Hash', 'Protocol', 'PublicKey', 'Util', 'Signature',
            'IO', 'Math']
 
-version_info = (3, 23, '0b0')
+version_info = (3, 24, '0b0')
 
 __version__ = ".".join([str(x) for x in version_info])

src/test/CMakeLists.txt

@@ -3,14 +3,14 @@ project(test_crypto LANGUAGES C)
 include(CMakePrintHelpers)
 enable_testing()
 
-cmake_print_variables(CMAKE_CXX_COMPILER_ID CMAKE_CXX_COMPILER_VERSION CMAKE_SIZEOF_VOID_P CMAKE_SYSTEM_PROCESSOR SSE)
+cmake_print_variables(CMAKE_CXX_COMPILER_ID CMAKE_CXX_COMPILER_VERSION CMAKE_SIZEOF_VOID_P SSE CMAKE_C_COMPILER_ARCHITECTURE_ID)
 
-# https://stackoverflow.com/questions/70475665/what-are-the-possible-values-of-cmake-system-processor
-if (CMAKE_SYSTEM_PROCESSOR MATCHES "x86_64|AMD64|i686")
+if (CMAKE_C_COMPILER_ARCHITECTURE_ID MATCHES "x86_64|AMD64|i686|X86|x64")
     set(X86 TRUE)
 endif()
 
 if (X86)
+   message(STATUS "Enabling SSE and AESNI")
    option(SSE "Enable SSE instructions on Intel targets" ON)
    option(AESNI "Enable AESNI instructions on Intel targets" ON)
 endif()
@@ -22,6 +22,7 @@ else()
 endif()
 
 include_directories("${CMAKE_SOURCE_DIR}/..")
+INCLUDE (${CMAKE_ROOT}/Modules/CheckIncludeFile.cmake)
 
 # Disable any code related to CPython modules
 # This is only required for MSVC, and it avoids a dependency on the CPython libraries
@@ -33,12 +34,16 @@ add_compile_definitions(STATIC=)
 # TODO: add check for big endianess too
 add_compile_definitions(PYCRYPTO_LITTLE_ENDIAN)
 
+CHECK_INCLUDE_FILE("stdint.h"    CMAKE_HAVE_STDINT_H)
+if (CMAKE_HAVE_STDINT_H)
+    add_compile_definitions(HAVE_STDINT_H)
+endif()
+
 if (MSVC)
     add_compile_options(/Wall /sdl)
     # Disable certain warnings
     add_compile_options(/wd4100 /wd4820 /wd5045)
 else()
-    add_compile_definitions(HAVE_STDINT_H)
     add_compile_definitions(HAVE_POSIX_MEMALIGN)
     add_compile_options(-O2 -g -fstrict-aliasing -Wall -Werror)
     if( CMAKE_SIZEOF_VOID_P EQUAL 8 )
@@ -65,10 +70,12 @@ else()
 endif()
 
 if (MSVC)
-    add_compile_definitions(HAVE_INTRIN_H)
-    add_compile_definitions(USE_SSE2)
-    add_compile_definitions(HAVE_WMMINTRIN_H)
-    add_compile_definitions(HAVE_TMMINTRIN_H)
+    if (SSE)
+    	add_compile_definitions(HAVE_INTRIN_H)
+    	add_compile_definitions(USE_SSE2)
+    	add_compile_definitions(HAVE_WMMINTRIN_H)
+    	add_compile_definitions(HAVE_TMMINTRIN_H)
+    endif()
 else()
     if (SSE)
         message(STATUS "Using SSE instructions")