Merge remote-tracking branch 'upstream/main' into ww/downstream-sigstore

pyca · Dec 1, 2024 · 9edac7c · 9edac7c
2 parents 78722fa + 3604502
commit 9edac7c
Show file tree

Hide file tree

Showing 13 changed files with 122 additions and 113 deletions.
diff --git a/.github/requirements/build-requirements.txt b/.github/requirements/build-requirements.txt
@@ -77,28 +77,58 @@ flit-core==3.10.1 \
     --hash=sha256:66e5b87874a0d6e39691f0e22f09306736b633548670ad3c09ec9db03c5662f7 \
     --hash=sha256:cb31a76e8b31ad3351bb89e531f64ef2b05d1e65bd939183250bf81ddf4922a8
     # via -r build-requirements.in
-maturin==1.7.5 \
-    --hash=sha256:0d2d04ab5f47c1bc2b075a5d8255d9a72921e8dceebf9f9e9884f09d67f7cdd6 \
-    --hash=sha256:5563d61cfa2fcd7d1552022df6566300f229fa3aed62020c93a750fa3dca9a99 \
-    --hash=sha256:71cbcfd4a74aac3eafe99a1cd73d83af8049f572986ff4e0e5e4d8fec9c66a93 \
-    --hash=sha256:742cd76a50104fdd832b010a205199e9b02333879f750c0cfca6c93e9472623f \
-    --hash=sha256:76a78284a96c24cd2d0ac3eac865315b4b0be7a443463fd5b3ebea3c6f147703 \
-    --hash=sha256:9044e5e2eb68bbf8ad86c4ffeab365b78b54bf342ba346dc93775531d3a4e647 \
-    --hash=sha256:c1002ca9a23c45123af752d353f6b221151a6eab2b5b65d57a79298b7d8ca6d4 \
-    --hash=sha256:c38e585555be525ebc2602ea7189c7ef3e1c3001c94893e5bc71f934468ff124 \
-    --hash=sha256:c441fe54945fe8077f17cb116834980391169cf712b63631d8380c8c3de781a1 \
-    --hash=sha256:e31c4d25b56346c7872417d58cca81e52387a37469cdb79f7225bae9ad75daf9 \
-    --hash=sha256:e773ade7a1383c24eaf6b665340a91278c80ab544c18687aa69e9661b289cf48 \
-    --hash=sha256:f05ccbdfe96ad58d70dba9c3eed090726db8ccbaf07ec03852113ca2fec6d84b \
-    --hash=sha256:f6c80fa7d67f58fd2cecbcdf309e2c3c5cd6f965216191de73af6cf947ef2ab8
+maturin==1.7.6 \
+    --hash=sha256:18c3f192c0f48e820fe684c9b89cc099f0107fd93845d39d6001610e3b1b94c4 \
+    --hash=sha256:37f42a6e15cd49e12a13475b105239e1da20763d50213d541ad56c78d900df9d \
+    --hash=sha256:41395b4b4d8c35fb2c86143bc3a8808024076a60ed72bfa0002f032f2913ee3d \
+    --hash=sha256:41d3f0af4a15ee328aa16ba5581f1bfdf0ad88f2a3e1ee9ebf77d2fe269d05af \
+    --hash=sha256:44c39226a22c2c587e3b886890c76b6ba950ab0f7b129932f8f0498441d47981 \
+    --hash=sha256:517a0b469199fab8a5e05a2f2477e156c90f80ed160e28e6ee42d5315c2c424b \
+    --hash=sha256:534c0663c10b590f9c1de8c49f06c0d7da7e1d3078f3975b0191b139a73f051b \
+    --hash=sha256:84382c7a10d3c84cdfeb230d9b88f78fd99c2aebbd121fd8f04efc706ff65507 \
+    --hash=sha256:8455cecb948c01ff20689a953a2fd034d4ef94f2bf256cf817beb12572e3051c \
+    --hash=sha256:85eb76c502f3d9923371623fa153f67afc07b81aa3a28a2620340564bf521e6a \
+    --hash=sha256:8c23309b75624cf4dc76682bbfe587ce42c9ba595bdc954c1c0b35ef3869470e \
+    --hash=sha256:cc5a14f42d6f2cf3eff944f2d00d0ce45fc6060d61e51aa8b8c407efbea4dea8 \
+    --hash=sha256:f64b3a30f3af59fbdbeba980508c7a8294b5f5202a292f41800d22cb8ab69238
     # via -r build-requirements.in
 pycparser==2.22 \
     --hash=sha256:491c8be9c040f5390f5bf44a5b07752bd07f56edf992381b05c701439eec10f6 \
     --hash=sha256:c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc
     # via cffi
-tomli==2.1.0 \
-    --hash=sha256:3f646cae2aec94e17d04973e4249548320197cfabdf130015d023de4b74d8ab8 \
-    --hash=sha256:a5c57c3d1c56f5ccdf89f6523458f60ef716e210fc47c4cfb188c5ba473e0391
+tomli==2.2.1 \
+    --hash=sha256:023aa114dd824ade0100497eb2318602af309e5a55595f76b626d6d9f3b7b0a6 \
+    --hash=sha256:02abe224de6ae62c19f090f68da4e27b10af2b93213d36cf44e6e1c5abd19fdd \
+    --hash=sha256:286f0ca2ffeeb5b9bd4fcc8d6c330534323ec51b2f52da063b11c502da16f30c \
+    --hash=sha256:2d0f2fdd22b02c6d81637a3c95f8cd77f995846af7414c5c4b8d0545afa1bc4b \
+    --hash=sha256:33580bccab0338d00994d7f16f4c4ec25b776af3ffaac1ed74e0b3fc95e885a8 \
+    --hash=sha256:400e720fe168c0f8521520190686ef8ef033fb19fc493da09779e592861b78c6 \
+    --hash=sha256:40741994320b232529c802f8bc86da4e1aa9f413db394617b9a256ae0f9a7f77 \
+    --hash=sha256:465af0e0875402f1d226519c9904f37254b3045fc5084697cefb9bdde1ff99ff \
+    --hash=sha256:4a8f6e44de52d5e6c657c9fe83b562f5f4256d8ebbfe4ff922c495620a7f6cea \
+    --hash=sha256:4e340144ad7ae1533cb897d406382b4b6fede8890a03738ff1683af800d54192 \
+    --hash=sha256:678e4fa69e4575eb77d103de3df8a895e1591b48e740211bd1067378c69e8249 \
+    --hash=sha256:6972ca9c9cc9f0acaa56a8ca1ff51e7af152a9f87fb64623e31d5c83700080ee \
+    --hash=sha256:7fc04e92e1d624a4a63c76474610238576942d6b8950a2d7f908a340494e67e4 \
+    --hash=sha256:889f80ef92701b9dbb224e49ec87c645ce5df3fa2cc548664eb8a25e03127a98 \
+    --hash=sha256:8d57ca8095a641b8237d5b079147646153d22552f1c637fd3ba7f4b0b29167a8 \
+    --hash=sha256:8dd28b3e155b80f4d54beb40a441d366adcfe740969820caf156c019fb5c7ec4 \
+    --hash=sha256:9316dc65bed1684c9a98ee68759ceaed29d229e985297003e494aa825ebb0281 \
+    --hash=sha256:a198f10c4d1b1375d7687bc25294306e551bf1abfa4eace6650070a5c1ae2744 \
+    --hash=sha256:a38aa0308e754b0e3c67e344754dff64999ff9b513e691d0e786265c93583c69 \
+    --hash=sha256:a92ef1a44547e894e2a17d24e7557a5e85a9e1d0048b0b5e7541f76c5032cb13 \
+    --hash=sha256:ac065718db92ca818f8d6141b5f66369833d4a80a9d74435a268c52bdfa73140 \
+    --hash=sha256:b82ebccc8c8a36f2094e969560a1b836758481f3dc360ce9a3277c65f374285e \
+    --hash=sha256:c954d2250168d28797dd4e3ac5cf812a406cd5a92674ee4c8f123c889786aa8e \
+    --hash=sha256:cb55c73c5f4408779d0cf3eef9f762b9c9f147a77de7b258bef0a5628adc85cc \
+    --hash=sha256:cd45e1dc79c835ce60f7404ec8119f2eb06d38b1deba146f07ced3bbc44505ff \
+    --hash=sha256:d3f5614314d758649ab2ab3a62d4f2004c825922f9e370b29416484086b264ec \
+    --hash=sha256:d920f33822747519673ee656a4b6ac33e382eca9d331c87770faa3eef562aeb2 \
+    --hash=sha256:db2b95f9de79181805df90bedc5a5ab4c165e6ec3fe99f970d0e302f384ad222 \
+    --hash=sha256:e59e304978767a54663af13c07b3d1af22ddee3bb2fb0618ca1593e4f593a106 \
+    --hash=sha256:e85e99945e688e32d5a35c1ff38ed0b3f41f43fad8df0bdf79f72b2ba7bc5272 \
+    --hash=sha256:ece47d672db52ac607a3d9599a9d48dcb2f2f735c6c2d1f34130085bb12b112a \
+    --hash=sha256:f4039b9cbc3048b2416cc57ab3bda989a6fcf9b36cf8937f01a6e731b64f80d7
     # via maturin
 
 # The following packages are considered to be unsafe in a requirements file:

diff --git a/.github/requirements/uv-requirements.txt b/.github/requirements/uv-requirements.txt
@@ -1,21 +1,21 @@
 # This file was autogenerated by uv via the following command:
 #    uv pip compile --universal -p 3.8 --generate-hashes -
-uv==0.5.4 \
-    --hash=sha256:05b45c7eefb178dcdab0d49cd642fb7487377d00727102a8d6d306cc034c0d83 \
-    --hash=sha256:2118bb99cbc9787cb5e5cc4a507201e25a3fe88a9f389e8ffb84f242d96038c2 \
-    --hash=sha256:30ce031e36c54d4ba791d743d992d0a4fd8d70480db781d30a2f6f5125f39194 \
-    --hash=sha256:4432215deb8d5c1ccab17ee51cb80f5de1a20865ee02df47532f87442a3d6a58 \
-    --hash=sha256:493aedc3c758bbaede83ecc8d5f7e6a9279ebec151c7f756aa9ea898c73f8ddb \
-    --hash=sha256:69079e900bd26b0f65069ac6fa684c74662ed87121c076f2b1cbcf042539034c \
-    --hash=sha256:8d7a4a3df943a7c16cd032ccbaab8ed21ff64f4cb090b3a0a15a8b7502ccd876 \
-    --hash=sha256:928ed95fefe4e1338d0a7ad2f6b635de59e2ec92adaed4a267f7501a3b252263 \
-    --hash=sha256:a79a0885df364b897da44aae308e6ed9cca3a189d455cf1c205bd6f7b03daafa \
-    --hash=sha256:ca72e6a4c3c6b8b5605867e16a7f767f5c99b7f526de6bbb903c60eb44fd1e01 \
-    --hash=sha256:cd7a5a3a36f975a7678f27849a2d49bafe7272143d938e9b6f3bf28392a3ba00 \
-    --hash=sha256:dd2df2ba823e6684230ab4c581f2320be38d7f46de11ce21d2dbba631470d7b6 \
-    --hash=sha256:df3cb58b7da91f4fc647d09c3e96006cd6c7bd424a81ce2308a58593c6887c39 \
-    --hash=sha256:ed5659cde099f39995f4cb793fd939d2260b4a26e4e29412c91e7537f53d8d25 \
-    --hash=sha256:f07e5e0df40a09154007da41b76932671333f9fecb0735c698b19da25aa08927 \
-    --hash=sha256:f40c6c6c3a1b398b56d3a8b28f7b455ac1ce4cbb1469f8d35d3bbc804d83daa4 \
-    --hash=sha256:f511faf719b797ef0f14688f1abe20b3fd126209cf58512354d1813249745119 \
-    --hash=sha256:f806af0ee451a81099c449c4cff0e813056fdf7dd264f3d3a8fd321b17ff9efc
+uv==0.5.5 \
+    --hash=sha256:0314a4b9a25bf00afe4e5472c338c8c6bd34688c23d63ce1ad35462cf087b492 \
+    --hash=sha256:0f7f04ae5a5430873d8610d8ea0a5d35df92e60bf701f80b3cf24857e0ac5e72 \
+    --hash=sha256:29286cd6b9f8e040d02894a67c6b6304811ea393ca9dfade109e93cf4b3b842c \
+    --hash=sha256:34e894c922ba29a59bbe812a458a7095a575f76b87dfc362e0c3f4f650d6f631 \
+    --hash=sha256:365715e7247c2cd8ef661e8f96927b181248f689c07e48b076c9dbc78a4a0877 \
+    --hash=sha256:3dee9517ebba13d07d8f139c439c5ff63e438d31ebda4d7eb0af8d0f0cc6a181 \
+    --hash=sha256:553901e95cb5a4da1da19e288c29c5f886793f981750400e5cef48e3031b970b \
+    --hash=sha256:59d53cce11718ce5d5367afc8c93ebcfc5e1cddfa4a44aedbf08d08d9b738381 \
+    --hash=sha256:5a47345ccafc0105b2f0cc22fcb0bb05be4d0e60df67f5beea28069b0bb372c8 \
+    --hash=sha256:69e15f24493d86c3a2da3764891e35a033ceda09404c1f9b386671d509db95f3 \
+    --hash=sha256:7f8db4bdf7eaef6be271457c4b2a167f41ad115434944a09f5034018a29b4093 \
+    --hash=sha256:9af7018430da1f0960eee1592c820c343e2619f2d71f66c3be62da330826c537 \
+    --hash=sha256:a4f0c7647187044056dc6f6f5d31b01f445d8695eb7d2f442b29fd5c9216a56f \
+    --hash=sha256:b55d507bfe2bd2330c41680e4b0077972381f40975a59b53007254196abc4477 \
+    --hash=sha256:d091e88a9c2c830169c3ccf95fd972759e0ab629dacc2d5eff525e5ba3583904 \
+    --hash=sha256:f0bfc7ced2fe0c85b3070dfa219072a1406133e18aab2f2fe10b6455ede0f8b2 \
+    --hash=sha256:f4e9ddcffc29f009f692cda699912b02f6a12089d741b71d2fcd0b181eb71c5d \
+    --hash=sha256:f5569798fc8eaad58fbb4fb70ced8f09ebe607fbbfb95fa42c559f57bbe0cabd
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -45,10 +45,10 @@ jobs:
           - {VERSION: "3.12", NOXSESSION: "rust,tests", OPENSSL: {TYPE: "libressl", VERSION: "3.9.2"}}
           - {VERSION: "3.12", NOXSESSION: "rust,tests", OPENSSL: {TYPE: "libressl", VERSION: "4.0.0"}}
           - {VERSION: "3.12", NOXSESSION: "tests-randomorder"}
-          # Latest commit on the BoringSSL master branch, as of Nov 27, 2024.
-          - {VERSION: "3.12", NOXSESSION: "rust,tests", OPENSSL: {TYPE: "boringssl", VERSION: "fcef13a49852397a0d39c00be8d7bc2ba1ab6fb9"}}
-          # Latest commit on the OpenSSL master branch, as of Nov 26, 2024.
-          - {VERSION: "3.12", NOXSESSION: "tests", OPENSSL: {TYPE: "openssl", VERSION: "b9886a6f3483e0525596d3b3956416282038da82"}}
+          # Latest commit on the BoringSSL master branch, as of Nov 28, 2024.
+          - {VERSION: "3.12", NOXSESSION: "rust,tests", OPENSSL: {TYPE: "boringssl", VERSION: "059585c8dadc7c8170c788f8c89843ee1c5b8f11"}}
+          # Latest commit on the OpenSSL master branch, as of Nov 30, 2024.
+          - {VERSION: "3.12", NOXSESSION: "tests", OPENSSL: {TYPE: "openssl", VERSION: "4a4505cc645d2e862e368e2823e921a564112ca2"}}
           # Builds with various Rust versions. Includes MSRV and next
           # potential future MSRV.
           # - 1.70: crates.io sparse protocol by default
@@ -262,7 +262,7 @@ jobs:
         timeout-minutes: 2
         uses: ./.github/actions/fetch-vectors
 
-      - uses: dawidd6/action-download-artifact@bf251b5aa9c2f7eeb574a96ee720e24f801b7c11 # v6
+      - uses: dawidd6/action-download-artifact@80620a5d27ce0ae443b965134db88467fc607b43 # v7
         with:
           repo: pyca/infra
           workflow: build-macos-openssl.yml
@@ -323,7 +323,7 @@ jobs:
           key: ${{ matrix.PYTHON.NOXSESSION }}-${{ matrix.WINDOWS.ARCH }}-${{ steps.setup-python.outputs.python-version }}
       - run: python -m pip install -c ci-constraints-requirements.txt "nox" "nox[uv]; python_version >= '3.8'" "tomli; python_version < '3.11'"
 
-      - uses: dawidd6/action-download-artifact@bf251b5aa9c2f7eeb574a96ee720e24f801b7c11 # v6
+      - uses: dawidd6/action-download-artifact@80620a5d27ce0ae443b965134db88467fc607b43 # v7
         with:
           repo: pyca/infra
           workflow: build-windows-openssl.yml

diff --git a/.github/workflows/pypi-publish.yml b/.github/workflows/pypi-publish.yml
@@ -43,7 +43,7 @@ jobs:
           echo "PYPI_URL=https://test.pypi.org/legacy/" >> $GITHUB_ENV
         if: github.event_name == 'workflow_dispatch' && github.event.inputs.environment == 'testpypi'
 
-      - uses: dawidd6/action-download-artifact@bf251b5aa9c2f7eeb574a96ee720e24f801b7c11 # v6
+      - uses: dawidd6/action-download-artifact@80620a5d27ce0ae443b965134db88467fc607b43 # v7
         with:
           path: tmpdist/
           run_id: ${{ github.event.inputs.run_id || github.event.workflow_run.id }}

diff --git a/.github/workflows/wheel-builder.yml b/.github/workflows/wheel-builder.yml
@@ -211,7 +211,7 @@ jobs:
         with:
           python-version: ${{ matrix.PYTHON.VERSION }}
         if: contains(matrix.PYTHON.VERSION, 'pypy')
-      - uses: dawidd6/action-download-artifact@bf251b5aa9c2f7eeb574a96ee720e24f801b7c11 # v6
+      - uses: dawidd6/action-download-artifact@80620a5d27ce0ae443b965134db88467fc607b43 # v7
         with:
           repo: pyca/infra
           workflow: build-macos-openssl.yml
@@ -305,7 +305,7 @@ jobs:
           toolchain: stable
           target: ${{ matrix.WINDOWS.RUST_TRIPLE }}
 
-      - uses: dawidd6/action-download-artifact@bf251b5aa9c2f7eeb574a96ee720e24f801b7c11 # v6
+      - uses: dawidd6/action-download-artifact@80620a5d27ce0ae443b965134db88467fc607b43 # v7
         with:
           repo: pyca/infra
           workflow: build-windows-openssl.yml

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/ci-constraints-requirements.txt b/ci-constraints-requirements.txt
@@ -110,7 +110,7 @@ mypy==1.13.0 ; python_full_version >= '3.8'
     # via cryptography (pyproject.toml)
 mypy-extensions==1.0.0
     # via mypy
-nh3==0.2.18 ; python_full_version >= '3.8'
+nh3==0.2.19 ; python_full_version >= '3.8'
     # via readme-renderer
 nox==2024.4.15 ; python_full_version < '3.8'
     # via cryptography (pyproject.toml)
@@ -202,7 +202,7 @@ requests==2.31.0 ; python_full_version < '3.8'
     # via sphinx
 requests==2.32.3 ; python_full_version >= '3.8'
     # via sphinx
-ruff==0.8.0
+ruff==0.8.1
     # via cryptography (pyproject.toml)
 six==1.16.0 ; python_full_version < '3.8'
     # via bleach
@@ -292,7 +292,7 @@ urllib3==2.0.7 ; python_full_version < '3.8'
     # via requests
 urllib3==2.2.3 ; python_full_version >= '3.8'
     # via requests
-uv==0.5.4 ; python_full_version >= '3.8'
+uv==0.5.5 ; python_full_version >= '3.8'
     # via nox
 virtualenv==20.26.6 ; python_full_version < '3.8'
     # via nox

diff --git a/src/_cffi_src/openssl/evp.py b/src/_cffi_src/openssl/evp.py
@@ -11,10 +11,8 @@
 TYPES = """
 typedef ... EVP_CIPHER;
 typedef ... EVP_MD;
-typedef ... EVP_MD_CTX;
 
 typedef ... EVP_PKEY;
-typedef ... EVP_PKEY_CTX;
 static const int EVP_PKEY_RSA;
 static const int EVP_PKEY_DSA;
 static const int EVP_PKEY_DH;
@@ -32,27 +30,12 @@
 EVP_PKEY *EVP_PKEY_new(void);
 void EVP_PKEY_free(EVP_PKEY *);
 int EVP_PKEY_type(int);
-int EVP_PKEY_size(EVP_PKEY *);
 RSA *EVP_PKEY_get1_RSA(EVP_PKEY *);
 
-int EVP_SignInit(EVP_MD_CTX *, const EVP_MD *);
-int EVP_SignUpdate(EVP_MD_CTX *, const void *, size_t);
-int EVP_SignFinal(EVP_MD_CTX *, unsigned char *, unsigned int *, EVP_PKEY *);
-
-int EVP_VerifyInit(EVP_MD_CTX *, const EVP_MD *);
-int EVP_VerifyUpdate(EVP_MD_CTX *, const void *, size_t);
-int EVP_VerifyFinal(EVP_MD_CTX *, const unsigned char *, unsigned int,
-                    EVP_PKEY *);
-
-
-int EVP_PKEY_set1_RSA(EVP_PKEY *, RSA *);
 int EVP_PKEY_set1_DSA(EVP_PKEY *, DSA *);
 
 int EVP_PKEY_id(const EVP_PKEY *);
 
-EVP_MD_CTX *EVP_MD_CTX_new(void);
-void EVP_MD_CTX_free(EVP_MD_CTX *);
-
 int EVP_PKEY_bits(const EVP_PKEY *);
 
 int EVP_PKEY_assign_RSA(EVP_PKEY *, RSA *);

diff --git a/src/_cffi_src/openssl/pem.py b/src/_cffi_src/openssl/pem.py
@@ -26,10 +26,6 @@
 
 X509_REQ *PEM_read_bio_X509_REQ(BIO *, X509_REQ **, pem_password_cb *, void *);
 
-X509_CRL *PEM_read_bio_X509_CRL(BIO *, X509_CRL **, pem_password_cb *, void *);
-
-int PEM_write_bio_X509_CRL(BIO *, X509_CRL *);
-
 DH *PEM_read_bio_DHparams(BIO *, DH **, pem_password_cb *, void *);
 
 EVP_PKEY *PEM_read_bio_PUBKEY(BIO *, EVP_PKEY **, pem_password_cb *, void *);

diff --git a/src/_cffi_src/openssl/x509.py b/src/_cffi_src/openssl/x509.py
@@ -15,18 +15,15 @@
  * Note that the result is an opaque type.
  */
 typedef STACK_OF(X509) Cryptography_STACK_OF_X509;
-typedef STACK_OF(X509_REVOKED) Cryptography_STACK_OF_X509_REVOKED;
 """
 
 TYPES = """
 typedef ... Cryptography_STACK_OF_X509;
-typedef ... Cryptography_STACK_OF_X509_REVOKED;
 
 typedef ... X509_ALGOR;
 typedef ... X509_EXTENSION;
 typedef ... X509_EXTENSIONS;
 typedef ... X509_REQ;
-typedef ... X509_REVOKED;
 typedef ... X509_CRL;
 typedef ... X509;
 
@@ -78,25 +75,7 @@
 int X509V3_EXT_print(BIO *, X509_EXTENSION *, unsigned long, int);
 ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *);
 
-X509_REVOKED *X509_REVOKED_new(void);
-void X509_REVOKED_free(X509_REVOKED *);
-
-int X509_REVOKED_set_serialNumber(X509_REVOKED *, ASN1_INTEGER *);
-
-int X509_REVOKED_add1_ext_i2d(X509_REVOKED *, int, void *, int, unsigned long);
-X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *, int);
-
-int X509_REVOKED_set_revocationDate(X509_REVOKED *, ASN1_TIME *);
-
-X509_CRL *X509_CRL_new(void);
 X509_CRL *d2i_X509_CRL_bio(BIO *, X509_CRL **);
-int X509_CRL_add0_revoked(X509_CRL *, X509_REVOKED *);
-int X509_CRL_print(BIO *, X509_CRL *);
-int X509_CRL_set_issuer_name(X509_CRL *, X509_NAME *);
-int X509_CRL_set_version(X509_CRL *, long);
-int X509_CRL_sign(X509_CRL *, EVP_PKEY *, const EVP_MD *);
-int X509_CRL_sort(X509_CRL *);
-int i2d_X509_CRL_bio(BIO *, X509_CRL *);
 void X509_CRL_free(X509_CRL *);
 
 /*  ASN1 serialization */
@@ -128,11 +107,6 @@
 
 int X509_EXTENSION_get_critical(const X509_EXTENSION *);
 
-int X509_REVOKED_get_ext_count(const X509_REVOKED *);
-X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *, int);
-
-X509_REVOKED *X509_REVOKED_dup(X509_REVOKED *);
-
 const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *);
 
 long X509_get_version(X509 *);
@@ -156,18 +130,6 @@
 void sk_X509_EXTENSION_free(X509_EXTENSIONS *);
 void sk_X509_EXTENSION_pop_free(X509_EXTENSIONS *, sk_X509_EXTENSION_freefunc);
 
-int sk_X509_REVOKED_num(Cryptography_STACK_OF_X509_REVOKED *);
-X509_REVOKED *sk_X509_REVOKED_value(Cryptography_STACK_OF_X509_REVOKED *, int);
-
-X509_NAME *X509_CRL_get_issuer(X509_CRL *);
-Cryptography_STACK_OF_X509_REVOKED *X509_CRL_get_REVOKED(X509_CRL *);
-
-int X509_CRL_set1_lastUpdate(X509_CRL *, const ASN1_TIME *);
-int X509_CRL_set1_nextUpdate(X509_CRL *, const ASN1_TIME *);
-
-const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *);
-const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *);
-
 void X509_ALGOR_get0(const ASN1_OBJECT **, int *, const void **,
                      const X509_ALGOR *);
 """

diff --git a/src/cryptography/hazmat/primitives/serialization/ssh.py b/src/cryptography/hazmat/primitives/serialization/ssh.py
@@ -612,6 +612,13 @@ def load_public(
         _, data = load_application(data)
         return public_key, data
 
+    def get_public(self, data: memoryview) -> typing.Never:
+        # Confusingly `get_public` is an entry point used by private key
+        # loading.
+        raise UnsupportedAlgorithm(
+            "sk-ssh-ed25519 private keys cannot be loaded"
+        )
+
 
 class _SSHFormatSKECDSA:
     """
@@ -631,6 +638,13 @@ def load_public(
         _, data = load_application(data)
         return public_key, data
 
+    def get_public(self, data: memoryview) -> typing.Never:
+        # Confusingly `get_public` is an entry point used by private key
+        # loading.
+        raise UnsupportedAlgorithm(
+            "sk-ecdsa-sha2-nistp256 private keys cannot be loaded"
+        )
+
 
 _KEY_FORMATS = {
     _SSH_RSA: _SSHFormatRSA(),

diff --git a/src/rust/cryptography-cffi/Cargo.toml b/src/rust/cryptography-cffi/Cargo.toml
@@ -11,7 +11,7 @@ pyo3.workspace = true
 openssl-sys = "0.9.104"
 
 [build-dependencies]
-cc = "1.2.1"
+cc = "1.2.2"
 
 [lints.rust]
 unexpected_cfgs = { level = "warn", check-cfg = ['cfg(python_implementation, values("CPython", "PyPy"))'] }