40.0.0 fails tests on 32-bit #8591
Description
when running tests on a 32-bit platform (x86, armv7, ..), a bunch of the following is printed:
=================================== FAILURES ===================================
__________________ TestPKCS7Builder.test_smime_sign_detached ___________________
[gw27] linux -- Python 3.11.2 /home/buildozer/aports/community/py3-cryptography/src/cryptography-40.0.0/test-env/bin/python3
self = <tests.hazmat.primitives.test_pkcs7.TestPKCS7Builder object at 0xf58a8b30>
backend = <OpenSSLBackend(version: OpenSSL 3.1.0 14 Mar 2023, FIPS: False, Legacy: True)>
def test_smime_sign_detached(self, backend):
data = b"hello world"
cert, key = _load_cert_key()
options = [pkcs7.PKCS7Options.DetachedSignature]
builder = (
pkcs7.PKCS7SignatureBuilder()
.set_data(data)
.add_signer(cert, key, hashes.SHA256())
)
> sig = builder.sign(serialization.Encoding.SMIME, options)
tests/hazmat/primitives/test_pkcs7.py:291:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = <cryptography.hazmat.primitives.serialization.pkcs7.PKCS7SignatureBuilder object at 0xf43c58d0>
encoding = <Encoding.SMIME: 'S/MIME'>
options = [<PKCS7Options.DetachedSignature: "Don't embed data in the PKCS7 structure">]
backend = None
def sign(
self,
encoding: serialization.Encoding,
options: typing.Iterable[PKCS7Options],
backend: typing.Any = None,
) -> bytes:
if len(self._signers) == 0:
raise ValueError("Must have at least one signer")
if self._data is None:
raise ValueError("You must add data to sign")
options = list(options)
if not all(isinstance(x, PKCS7Options) for x in options):
raise ValueError("options must be from the PKCS7Options enum")
if encoding not in (
serialization.Encoding.PEM,
serialization.Encoding.DER,
serialization.Encoding.SMIME,
):
raise ValueError(
"Must be PEM, DER, or SMIME from the Encoding enum"
)
# Text is a meaningless option unless it is accompanied by
# DetachedSignature
if (
PKCS7Options.Text in options
and PKCS7Options.DetachedSignature not in options
):
raise ValueError(
"When passing the Text option you must also pass "
"DetachedSignature"
)
if PKCS7Options.Text in options and encoding in (
serialization.Encoding.DER,
serialization.Encoding.PEM,
):
raise ValueError(
"The Text option is only available for SMIME serialization"
)
# No attributes implies no capabilities so we'll error if you try to
# pass both.
if (
PKCS7Options.NoAttributes in options
and PKCS7Options.NoCapabilities in options
):
raise ValueError(
"NoAttributes is a superset of NoCapabilities. Do not pass "
"both values."
)
> return rust_pkcs7.sign_and_serialize(self, encoding, options)
E OverflowError: can't convert negative int to unsigned
test-env/lib/python3.11/site-packages/cryptography/hazmat/primitives/serialization/pkcs7.py:177: OverflowError
python 3.11.2, cryptography 40.0.0, cffi 1.15.1, setuptools 67.6.0, building from source