Convert src/backend/hmac.rs to new pyo3 APIs

src/rust/src/backend/hmac.rs

@@ -6,7 +6,7 @@ use crate::backend::hashes::{already_finalized_error, message_digest_from_algori
 use crate::buf::CffiBuf;
 use crate::error::{CryptographyError, CryptographyResult};
 use crate::exceptions;
-use pyo3::PyNativeType;
+use pyo3::prelude::{PyBytesMethods, PyModuleMethods};
 
 #[pyo3::prelude::pyclass(
     module = "cryptography.hazmat.bindings._rust.openssl.hmac",
@@ -22,7 +22,7 @@ impl Hmac {
     pub(crate) fn new_bytes(
         py: pyo3::Python<'_>,
         key: &[u8],
-        algorithm: &pyo3::PyAny,
+        algorithm: &pyo3::Bound<'_, pyo3::PyAny>,
     ) -> CryptographyResult<Hmac> {
         let md = message_digest_from_algorithm(py, &algorithm.as_borrowed())?;
         let ctx = cryptography_openssl::hmac::Hmac::new(key, md).map_err(|_| {
@@ -34,7 +34,7 @@ impl Hmac {
 
         Ok(Hmac {
             ctx: Some(ctx),
-            algorithm: algorithm.into(),
+            algorithm: algorithm.clone().unbind(),
         })
     }
 
@@ -65,7 +65,7 @@ impl Hmac {
     fn new(
         py: pyo3::Python<'_>,
         key: CffiBuf<'_>,
-        algorithm: &pyo3::PyAny,
+        algorithm: &pyo3::Bound<'_, pyo3::PyAny>,
         backend: Option<pyo3::Bound<'_, pyo3::PyAny>>,
     ) -> CryptographyResult<Hmac> {
         let _ = backend;
@@ -80,14 +80,15 @@ impl Hmac {
     pub(crate) fn finalize<'p>(
         &mut self,
         py: pyo3::Python<'p>,
-    ) -> CryptographyResult<&'p pyo3::types::PyBytes> {
+    ) -> CryptographyResult<pyo3::Bound<'p, pyo3::types::PyBytes>> {
         let data = self.get_mut_ctx()?.finish()?;
         self.ctx = None;
-        Ok(pyo3::types::PyBytes::new(py, &data))
+        Ok(pyo3::types::PyBytes::new_bound(py, &data))
     }
 
     fn verify(&mut self, py: pyo3::Python<'_>, signature: &[u8]) -> CryptographyResult<()> {
-        let actual = self.finalize(py)?.as_bytes();
+        let actual_bound = self.finalize(py)?;
+        let actual = actual_bound.as_bytes();
         if actual.len() != signature.len() || !openssl::memcmp::eq(actual, signature) {
             return Err(CryptographyError::from(
                 exceptions::InvalidSignature::new_err("Signature did not match digest."),
@@ -105,8 +106,10 @@ impl Hmac {
     }
 }
 
-pub(crate) fn create_module(py: pyo3::Python<'_>) -> pyo3::PyResult<&pyo3::prelude::PyModule> {
-    let m = pyo3::prelude::PyModule::new(py, "hmac")?;
+pub(crate) fn create_module(
+    py: pyo3::Python<'_>,
+) -> pyo3::PyResult<pyo3::Bound<'_, pyo3::prelude::PyModule>> {
+    let m = pyo3::prelude::PyModule::new_bound(py, "hmac")?;
     m.add_class::<Hmac>()?;
 
     Ok(m)

src/rust/src/backend/mod.rs

@@ -43,7 +43,7 @@ pub(crate) fn add_to_module(module: &pyo3::prelude::PyModule) -> pyo3::PyResult<
     module.add_submodule(poly1305::create_module(module.py())?)?;
 
     module.add_submodule(hashes::create_module(module.py())?.into_gil_ref())?;
-    module.add_submodule(hmac::create_module(module.py())?)?;
+    module.add_submodule(hmac::create_module(module.py())?.into_gil_ref())?;
     module.add_submodule(kdf::create_module(module.py())?.into_gil_ref())?;
     module.add_submodule(rsa::create_module(module.py())?.into_gil_ref())?;