bump MSRV to 1.74

.github/workflows/ci.yml

@@ -48,10 +48,11 @@ jobs:
           - {VERSION: "3.13", NOXSESSION: "tests", OPENSSL: {TYPE: "openssl", VERSION: "0d3f0876ac1addda7ce044063e08ac68b39ad8b9"}}
           # Builds with various Rust versions. Includes MSRV and next
           # potential future MSRV.
-          # - 1.70: crates.io sparse protocol by default
           # - 1.77: offset_of! in std (for pyo3)
           # - 1.80: LazyLock in std
-          - {VERSION: "3.13", NOXSESSION: "rust,tests", RUST: "1.65.0"}
+          # - 1.83: const context Option<T>::unwrap()
+          - {VERSION: "3.13", NOXSESSION: "rust,tests", RUST: "1.74.0"}
+          - {VERSION: "3.13", NOXSESSION: "rust,tests", RUST: "1.80.0"}
           - {VERSION: "3.13", NOXSESSION: "rust,tests", RUST: "beta"}
           - {VERSION: "3.13", NOXSESSION: "rust,tests", RUST: "nightly"}
           - {VERSION: "3.13", NOXSESSION: "tests-rust-debug"}

CHANGELOG.rst

@@ -10,6 +10,7 @@ Changelog
 
 * Support for Python 3.7 is deprecated and will be removed in the next
   ``cryptography`` release.
+* Updated the minimum supported Rust version (MSRV) to 1.74.0, from 1.65.0.
 * Added support for serialization of PKCS#12 Java truststores in
   :func:`~cryptography.hazmat.primitives.serialization.pkcs12.serialize_java_truststore`
 * Added :meth:`~cryptography.hazmat.primitives.kdf.argon2.Argon2id.derive_phc_encoded` and

Cargo.toml

@@ -17,7 +17,7 @@ authors = ["The cryptography developers <cryptography-dev@python.org>"]
 edition = "2021"
 publish = false
 # This specifies the MSRV
-rust-version = "1.65.0"
+rust-version = "1.74.0"
 license = "Apache-2.0 OR BSD-3-Clause"
 
 [workspace.dependencies]

docs/installation.rst

@@ -46,8 +46,8 @@ above supported platforms:
 * ``OpenSSL 3.4-latest``
 * ``OpenSSL 3.5-latest``
 
-We also test against the latest commit of BoringSSL, the latest ``aws-lc`` release, 
-and versions of LibreSSL that are receiving security support at the time of a 
+We also test against the latest commit of BoringSSL, the latest ``aws-lc`` release,
+and versions of LibreSSL that are receiving security support at the time of a
 given ``cryptography`` release.
 
 
@@ -113,7 +113,7 @@ available<installation:Rust>`.
 
     .. warning::
 
-        The Rust available by default in Alpine < 3.17 is older than the minimum
+        The Rust available by default in Alpine < 3.19 is older than the minimum
         supported version. See the :ref:`Rust installation instructions
         <installation:Rust>` for information about installing a newer Rust.
 
@@ -127,7 +127,7 @@ available<installation:Rust>`.
 
     .. warning::
 
-        The Rust available in Debian versions prior to Bookworm are older than the
+        The Rust available in Debian versions prior to Trixie are older than the
         minimum supported version. See the :ref:`Rust installation instructions
         <installation:Rust>` for information about installing a newer Rust.
 
@@ -140,8 +140,8 @@ available<installation:Rust>`.
 
     .. warning::
 
-        For RHEL and CentOS you must be on version 8.8 or newer for the command
-        below to install a sufficiently new Rust. If your Rust is less than 1.65.0
+        For RHEL and CentOS you must be on version 8.10 or newer for the command
+        below to install a sufficiently new Rust. If your Rust is less than 1.74.0
         please see the :ref:`Rust installation instructions <installation:Rust>`
         for information about installing a newer Rust.
 
@@ -319,7 +319,7 @@ Rust
     a Rust toolchain.
 
 Building ``cryptography`` requires having a working Rust toolchain. The current
-minimum supported Rust version is 1.65.0. **This is newer than the Rust some
+minimum supported Rust version is 1.74.0. **This is newer than the Rust some
 package managers ship**, so users may need to install with the
 instructions below.
 

src/rust/build.rs

@@ -40,8 +40,7 @@ fn main() {
         println!("cargo:rustc-cfg=CRYPTOGRAPHY_IS_AWSLC");
     }
 
-    if env::var("CRYPTOGRAPHY_BUILD_OPENSSL_NO_LEGACY").map_or(false, |v| !v.is_empty() && v != "0")
-    {
+    if env::var("CRYPTOGRAPHY_BUILD_OPENSSL_NO_LEGACY").is_ok_and(|v| !v.is_empty() && v != "0") {
         println!("cargo:rustc-cfg=CRYPTOGRAPHY_BUILD_OPENSSL_NO_LEGACY");
     }
 

src/rust/cryptography-crypto/src/pkcs12.rs

@@ -39,8 +39,8 @@ pub fn kdf(
     // then so is P.
     //
     // 4. Set I=S||P to be the concatenation of S and P.
-    let s_len = block_size * ((salt.len() + block_size - 1) / block_size);
-    let p_len = block_size * ((pass.len() + block_size - 1) / block_size);
+    let s_len = block_size * salt.len().div_ceil(block_size);
+    let p_len = block_size * pass.len().div_ceil(block_size);
 
     let mut init_key = vec![0; s_len + p_len];
     for i in 0..s_len {

src/rust/cryptography-x509-verification/src/policy/mod.rs

@@ -183,7 +183,7 @@ impl Subject<'_> {
     fn subject_alt_name_matches(&self, general_name: &GeneralName<'_>) -> bool {
         match (general_name, self) {
             (GeneralName::DNSName(pattern), Self::DNS(name)) => {
-                DNSPattern::new(pattern.0).map_or(false, |p| p.matches(name))
+                DNSPattern::new(pattern.0).is_some_and(|p| p.matches(name))
             }
             (GeneralName::IPAddress(addr), Self::IP(name)) => {
                 IPAddress::from_bytes(addr) == Some(*name)
@@ -438,7 +438,7 @@ impl<'a, B: CryptoOps> Policy<'a, B> {
             // to test here.
             if bc
                 .path_length
-                .map_or(false, |len| u64::from(current_depth) > len)
+                .is_some_and(|len| u64::from(current_depth) > len)
             {
                 return Err(ValidationError::new(ValidationErrorKind::Other(
                     "path length constraint violated".to_string(),

src/rust/src/lib.rs

@@ -62,7 +62,7 @@ fn _initialize_providers(py: pyo3::Python<'_>) -> CryptographyResult<LoadedProvi
     // any time soon.
 
     let load_legacy = !cfg!(CRYPTOGRAPHY_BUILD_OPENSSL_NO_LEGACY)
-        && !env::var("CRYPTOGRAPHY_OPENSSL_NO_LEGACY").map_or(false, |v| !v.is_empty() && v != "0");
+        && !env::var("CRYPTOGRAPHY_OPENSSL_NO_LEGACY").is_ok_and(|v| !v.is_empty() && v != "0");
 
     let legacy = if load_legacy {
         let legacy_result = provider::Provider::load(None, "legacy");