New upstream version 39.0.1

CHANGELOG.rst

 Changelog
 =========
 
+.. _v39-0-1:
+
+39.0.1 - 2023-02-07
+~~~~~~~~~~~~~~~~~~~
+
+* **SECURITY ISSUE** - Fixed a bug where ``Cipher.update_into`` accepted Python
+  buffer protocol objects, but allowed immutable buffers. **CVE-2023-23931**
+* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.8.
+
+.. _v39-0-0:
+
+39.0.0 - 2023-01-01
+~~~~~~~~~~~~~~~~~~~
+
+* **BACKWARDS INCOMPATIBLE:** Support for OpenSSL 1.1.0 has been removed.
+  Users on older version of OpenSSL will need to upgrade.
+* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.5. The new
+  minimum LibreSSL version is 3.5.0. Going forward our policy is to support
+  versions of LibreSSL that are available in versions of OpenBSD that are
+  still receiving security support.
+* **BACKWARDS INCOMPATIBLE:** Removed the ``encode_point`` and
+  ``from_encoded_point`` methods on
+  :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers`,
+  which had been deprecated for several years.
+  :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.public_bytes`
+  and
+  :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.from_encoded_point`
+  should be used instead.
+* **BACKWARDS INCOMPATIBLE:** Support for using MD5 or SHA1 in
+  :class:`~cryptography.x509.CertificateBuilder`, other X.509 builders, and
+  PKCS7 has been removed.
+* **BACKWARDS INCOMPATIBLE:** Dropped support for macOS 10.10 and 10.11, macOS
+  users must upgrade to 10.12 or newer.
+* **ANNOUNCEMENT:** The next version of ``cryptography`` (40.0) will change
+  the way we link OpenSSL. This will only impact users who build
+  ``cryptography`` from source (i.e., not from a ``wheel``), and specify their
+  own version of OpenSSL. For those users, the ``CFLAGS``, ``LDFLAGS``,
+  ``INCLUDE``, ``LIB``, and ``CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS`` environment
+  variables will no longer be respected. Instead, users will need to
+  configure their builds `as documented here`_.
+* Added support for
+  :ref:`disabling the legacy provider in OpenSSL 3.0.x<legacy-provider>`.
+* Added support for disabling RSA key validation checks when loading RSA
+  keys via
+  :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`,
+  :func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`,
+  and
+  :meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers.private_key`.
+  This speeds up key loading but is :term:`unsafe` if you are loading potentially
+  attacker supplied keys.
+* Significantly improved performance for
+  :class:`~cryptography.hazmat.primitives.ciphers.aead.ChaCha20Poly1305`
+  when repeatedly calling ``encrypt`` or ``decrypt`` with the same key.
+* Added support for creating OCSP requests with precomputed hashes using
+  :meth:`~cryptography.x509.ocsp.OCSPRequestBuilder.add_certificate_by_hash`.
+* Added support for loading multiple PEM-encoded X.509 certificates from
+  a single input via :func:`~cryptography.x509.load_pem_x509_certificates`.
+
 .. _v38-0-4:
 
 38.0.4 - 2022-11-27
@@ -20,8 +78,8 @@ Changelog
 
 .. _v38-0-2:
 
-38.0.2 - 2022-10-11
-~~~~~~~~~~~~~~~~~~~
+38.0.2 - 2022-10-11 (YANKED)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 .. attention::
 
@@ -29,6 +87,7 @@ Changelog
 
 * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.6.
 
+
 .. _v38-0-1:
 
 38.0.1 - 2022-09-07
@@ -2049,5 +2108,6 @@ Changelog
 
 * Initial release.
 
+.. _`as documented here`: https://docs.rs/openssl/latest/openssl/#automatic
 .. _`main`: https://github.com/pyca/cryptography/
 .. _`cffi`: https://cffi.readthedocs.io/

MANIFEST.in

@@ -19,6 +19,4 @@ recursive-exclude vectors *
 
 recursive-exclude .github *
 
-exclude release.py .readthedocs.yml dev-requirements.txt tox.ini mypy.ini
-
-recursive-exclude .circleci *
+exclude release.py .readthedocs.yml ci-constraints-requirements.txt tox.ini mypy.ini

PKG-INFO

 Metadata-Version: 2.1
 Name: cryptography
-Version: 38.0.4
+Version: 39.0.1
 Summary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
 Home-page: https://github.com/pyca/cryptography
 Author: The Python Cryptographic Authority and individual contributors
 Author-email: cryptography-dev@python.org
-License: BSD-3-Clause OR Apache-2.0
+License: (Apache-2.0 OR BSD-3-Clause) AND PSF-2.0
 Project-URL: Documentation, https://cryptography.io/
 Project-URL: Source, https://github.com/pyca/cryptography/
 Project-URL: Issues, https://github.com/pyca/cryptography/issues
 Project-URL: Changelog, https://cryptography.io/en/latest/changelog/
-Platform: UNKNOWN
 Classifier: Development Status :: 5 - Production/Stable
 Classifier: Intended Audience :: Developers
 Classifier: License :: OSI Approved :: Apache Software License
@@ -29,12 +28,15 @@ Classifier: Programming Language :: Python :: 3.7
 Classifier: Programming Language :: Python :: 3.8
 Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: Implementation :: CPython
 Classifier: Programming Language :: Python :: Implementation :: PyPy
 Classifier: Topic :: Security :: Cryptography
 Requires-Python: >=3.6
 Description-Content-Type: text/x-rst
+Provides-Extra: tox
 Provides-Extra: test
+Provides-Extra: test-randomorder
 Provides-Extra: docs
 Provides-Extra: docstest
 Provides-Extra: sdist
@@ -61,7 +63,7 @@ pyca/cryptography
 
 
 ``cryptography`` is a package which provides cryptographic recipes and
-primitives to Python developers.  Our goal is for it to be your "cryptographic
+primitives to Python developers. Our goal is for it to be your "cryptographic
 standard library". It supports Python 3.6+ and PyPy3 7.2+.
 
 ``cryptography`` includes both high level recipes and low level interfaces to
@@ -77,9 +79,9 @@ key derivation functions. For example, to encrypt something with
     >>> f = Fernet(key)
     >>> token = f.encrypt(b"A really secret message. Not for prying eyes.")
     >>> token
-    '...'
+    b'...'
     >>> f.decrypt(token)
-    'A really secret message. Not for prying eyes.'
+    b'A really secret message. Not for prying eyes.'
 
 You can find more information in the `documentation`_.
 
@@ -113,5 +115,3 @@ documentation.
 .. _`issue tracker`: https://github.com/pyca/cryptography/issues
 .. _`cryptography-dev`: https://mail.python.org/mailman/listinfo/cryptography-dev
 .. _`security reporting`: https://cryptography.io/en/latest/security/
-
-

README.rst

@@ -14,7 +14,7 @@ pyca/cryptography
 
 
 ``cryptography`` is a package which provides cryptographic recipes and
-primitives to Python developers.  Our goal is for it to be your "cryptographic
+primitives to Python developers. Our goal is for it to be your "cryptographic
 standard library". It supports Python 3.6+ and PyPy3 7.2+.
 
 ``cryptography`` includes both high level recipes and low level interfaces to
@@ -30,9 +30,9 @@ key derivation functions. For example, to encrypt something with
     >>> f = Fernet(key)
     >>> token = f.encrypt(b"A really secret message. Not for prying eyes.")
     >>> token
-    '...'
+    b'...'
     >>> f.decrypt(token)
-    'A really secret message. Not for prying eyes.'
+    b'A really secret message. Not for prying eyes.'
 
 You can find more information in the `documentation`_.
 

docs/_ext/cryptography-docs.py

@@ -5,7 +5,6 @@
 from docutils import nodes
 from docutils.parsers.rst import Directive
 
-
 DANGER_MESSAGE = """
 This is a "Hazardous Materials" module. You should **ONLY** use it if you're
 100% absolutely sure that you know what you're doing because this module is

docs/conf.py

@@ -197,14 +197,14 @@ linkcheck_retries = 10
 linkcheck_timeout = 5
 
 linkcheck_ignore = [
-    # Small DH key results in a TLS failure on modern OpenSSL
-    r"https://info.isl.ntt.co.jp/crypt/eng/camellia/",
     # Inconsistent small DH params they seem incapable of fixing
     r"https://www.secg.org/sec1-v2.pdf",
-    # Incomplete cert chain
+    # Cert is issued from an untrusted root
     r"https://e-trust.gosuslugi.ru",
-    # Expired cert (1 week at time of writing)
-    r"https://www.cosic.esat.kuleuven.be",
+    # Incomplete cert chain
+    r"https://www.oscca.gov.cn",
+    # Cloudflare returns 403s for all non-browser requests
+    r"https://speakerdeck.com",
 ]
 
 autosectionlabel_prefix_document = True

docs/development/custom-vectors/arc4/generate_arc4.py

@@ -7,7 +7,6 @@ import binascii
 from cryptography.hazmat.primitives import ciphers
 from cryptography.hazmat.primitives.ciphers import algorithms
 
-
 _RFC6229_KEY_MATERIALS = [
     (
         True,

docs/development/custom-vectors/rsa-oaep-sha2/generate_rsa_oaep_sha2.py

@@ -8,7 +8,6 @@ import os
 
 from cryptography.hazmat.primitives import hashes
 from cryptography.hazmat.primitives.asymmetric import padding, rsa
-
 from tests.utils import load_pkcs1_vectors, load_vectors_from_file
 
 

docs/development/custom-vectors/secp256k1/generate_secp256k1.py

@@ -7,7 +7,6 @@ from ecdsa import SECP256k1, SigningKey
 from ecdsa.util import sigdecode_der, sigencode_der
 
 from cryptography_vectors import open_vector_file
-
 from tests.utils import load_fips_ecdsa_signing_vectors, load_vectors_from_file
 
 HASHLIB_HASH_TYPES = {

docs/development/custom-vectors/secp256k1/verify_secp256k1.py

@@ -5,7 +5,6 @@ from cryptography.hazmat.primitives.asymmetric import ec
 from cryptography.hazmat.primitives.asymmetric.utils import (
     encode_dss_signature,
 )
-
 from tests.utils import load_fips_ecdsa_signing_vectors, load_vectors_from_file
 
 CRYPTOGRAPHY_HASH_TYPES = {

docs/development/submitting-patches.rst

@@ -20,7 +20,7 @@ Code
 
 When in doubt, refer to :pep:`8` for Python code. You can check if your code
 meets our automated requirements by formatting it with ``black`` and running
-``flake8`` against it. If you've installed the development requirements this
+``ruff`` against it. If you've installed the development requirements this
 will automatically use our configuration. You can also run the ``tox`` job with
 ``tox -e flake``.
 

docs/development/test-vectors.rst

@@ -220,6 +220,8 @@ X.509
   legacy PEM header format.
 * ``cryptography.io.chain.pem`` - The same as ``cryptography.io.pem``,
   but ``rapidssl_sha256_ca_g3.pem`` is concatenated to the end.
+* ``cryptography.io.chain_with_garbage.pem`` - The same as
+  ``cryptography.io.chain.pem``, but with other sections and text around it.
 * ``cryptography.io.with_garbage.pem`` - The same as ``cryptography.io.pem``,
   but with other sections and text around it.
 * ``rapidssl_sha256_ca_g3.pem`` - The intermediate CA that issued the

docs/doing-a-release.rst

@@ -82,18 +82,20 @@ the expected OpenSSL version.
 Post-release tasks
 ------------------
 
+* Send an email to the `mailing list`_ and `python-announce`_ announcing the
+  release.
+* Close the `milestone`_ for the previous release on GitHub.
+* For major version releases, send a pull request to pyOpenSSL increasing the
+  maximum ``cryptography`` version pin and perform a pyOpenSSL release.
 * Update the version number to the next major (e.g. ``0.5.dev1``) in
   ``src/cryptography/__about__.py`` and
   ``vectors/cryptography_vectors/__about__.py``.
-* Close the `milestone`_ for the previous release on GitHub.
 * Add new :doc:`/changelog` entry with next version and note that it is under
   active development
 * Send a pull request with these items
 * Check for any outstanding code undergoing a deprecation cycle by looking in
   ``cryptography.utils`` for ``DeprecatedIn**`` definitions. If any exist open
   a ticket to increment them for the next release.
-* Send an email to the `mailing list`_ and `python-announce`_ announcing the
-  release.
 
 .. _`CVE from MITRE`: https://cveform.mitre.org/
 .. _`oss-security`: https://www.openwall.com/lists/oss-security/

docs/faq.rst

@@ -111,14 +111,14 @@ earlier the default compiler is extremely old. Use ``pkg_add`` to install a
 newer ``gcc`` and then install ``cryptography`` using
 ``CC=/path/to/newer/gcc pip install cryptography``.
 
-Installing cryptography with OpenSSL 0.9.8, 1.0.0, 1.0.1, 1.0.2 fails
----------------------------------------------------------------------
+Installing cryptography with OpenSSL 0.9.8, 1.0.0, 1.0.1, 1.0.2, 1.1.0 fails
+----------------------------------------------------------------------------
 
-The OpenSSL project has dropped support for the 0.9.8, 1.0.0, 1.0.1, and 1.0.2
-release series. Since they are no longer receiving security patches from
-upstream, ``cryptography`` is also dropping support for them. To fix this issue
-you should upgrade to a newer version of OpenSSL (1.1.0 or later). This may
-require you to upgrade to a newer operating system.
+The OpenSSL project has dropped support for the 0.9.8, 1.0.0, 1.0.1, 1.0.2,
+and 1.1.0 release series. Since they are no longer receiving security patches
+from upstream, ``cryptography`` is also dropping support for them. To fix this
+issue you should upgrade to a newer version of OpenSSL (1.1.1 or later). This
+may require you to upgrade to a newer operating system.
 
 Installing ``cryptography`` fails with ``error: Can not find Rust compiler``
 ----------------------------------------------------------------------------
@@ -185,6 +185,7 @@ For example, this is a PEM file for a RSA Public Key: ::
 
 What happened to the backend argument?
 --------------------------------------
+
 ``cryptography`` stopped requiring the use of ``backend`` arguments in
 version 3.1 and deprecated their use in version 36.0. If you are on an older
 version that requires these arguments please view the appropriate documentation
@@ -194,10 +195,27 @@ Note that for forward compatibility ``backend`` is still silently accepted by
 functions that previously required it, but it is ignored and no longer
 documented.
 
+Will you upload wheels for my non-x86 non-ARM64 CPU architecture?
+-----------------------------------------------------------------
+
+Maybe! But there's some pre-requisites. For us to build wheels and upload them
+to PyPI, we consider it necessary to run our tests for that architecture as a
+part of our CI (i.e. for every commit). If we don't run the tests, it's hard
+to have confidence that everything works -- particularly with cryptography,
+which frequently employs per-architecture assembly code.
+
+For us to add something to CI we need a provider which offers builds on that
+architecture, which integrate into our workflows, has sufficient capacity, and
+performs well enough not to regress the contributor experience. We don't think
+this is an insurmountable bar, but it's also not one that can be cleared
+lightly.
+
+If you are interested in helping support a new CPU architecture, we encourage
+you to reach out, discuss, and contribute that support. We will attempt to be
+supportive, but we cannot commit to doing the work ourselves.
 
 .. _`NaCl`: https://nacl.cr.yp.to/
 .. _`PyNaCl`: https://pynacl.readthedocs.io
-.. _`WSGIApplicationGroup`: https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIApplicationGroup.html
 .. _`issue`: https://github.com/pyca/cryptography/issues
 .. _`memory safety`: https://alexgaynor.net/2019/aug/12/introduction-to-memory-unsafety-for-vps-of-engineering/
 .. _`building .zip archives for Lambda`: https://docs.aws.amazon.com/lambda/latest/dg/python-package.html

docs/fernet.rst

@@ -237,7 +237,7 @@ password through a key derivation function such as
     ...     algorithm=hashes.SHA256(),
     ...     length=32,
     ...     salt=salt,
-    ...     iterations=390000,
+    ...     iterations=480000,
     ... )
     >>> key = base64.urlsafe_b64encode(kdf.derive(password))
     >>> f = Fernet(key)
@@ -252,7 +252,7 @@ to derive the same key from the password in the future.
 
 The iteration count used should be adjusted to be as high as your server can
 tolerate. A good default is at least 480,000 iterations, which is what `Django
-recommends as of July 2022`_.
+recommends as of December 2022`_.
 
 Implementation
 --------------
@@ -280,5 +280,5 @@ unsuitable for very large files at this time.
 
 
 .. _`Fernet`: https://github.com/fernet/spec/
-.. _`Django recommends as of July 2022`: https://github.com/django/django/blob/main/django/contrib/auth/hashers.py
+.. _`Django recommends as of December 2022`: https://github.com/django/django/blob/main/django/contrib/auth/hashers.py
 .. _`specification`: https://github.com/fernet/spec/blob/master/Spec.md

docs/glossary.rst

@@ -100,6 +100,11 @@ Glossary
         name. U-labels use unicode characters outside the ASCII range and
         are encoded as A-labels when stored in certificates.
 
+    unsafe
+        This is a term used to describe an operation where the user must
+        ensure that the input is correct. Failure to do so can result in
+        crashes, hangs, and other security issues.
+
 .. _`hardware security module`: https://en.wikipedia.org/wiki/Hardware_security_module
 .. _`idna`: https://pypi.org/project/idna/
 .. _`buffer protocol`: https://docs.python.org/3/c-api/buffer.html

docs/hazmat/primitives/asymmetric/rsa.rst

@@ -473,7 +473,21 @@ is unavailable.
         A `Chinese remainder theorem`_ coefficient used to speed up RSA
         operations. Calculated as: q\ :sup:`-1` mod p
 
-    .. method:: private_key()
+    .. method:: private_key(*, unsafe_skip_rsa_key_validation=False)
+
+        :param unsafe_skip_rsa_key_validation:
+
+            .. versionadded:: 39.0.0
+
+            A keyword-only argument that defaults to ``False``. If ``True``
+            RSA private keys will not be validated. This significantly speeds up
+            loading the keys, but is :term:`unsafe` unless you are certain
+            the key is valid. User supplied keys should never be loaded with
+            this parameter set to ``True``. If you do load an invalid key this
+            way and attempt to use it OpenSSL may hang, crash, or otherwise
+            misbehave.
+
+        :type unsafe_skip_rsa_key_validation: bool
 
         :returns: An instance of
             :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`.
@@ -541,6 +555,11 @@ Key interfaces
 
         .. versionadded:: 0.4
 
+        .. warning::
+
+            Our implementation of PKCS1 v1.5 decryption is not constant time. See
+            :doc:`/limitations` for details.
+
         Decrypt data that was encrypted with the public key.
 
         :param bytes ciphertext: The ciphertext to decrypt.

docs/hazmat/primitives/asymmetric/serialization.rst

@@ -125,7 +125,7 @@ all begin with ``-----BEGIN {format}-----`` and end with ``-----END
     extract the public key with
     :meth:`Certificate.public_key <cryptography.x509.Certificate.public_key>`.
 
-.. function:: load_pem_private_key(data, password)
+.. function:: load_pem_private_key(data, password, *, unsafe_skip_rsa_key_validation=False)
 
     .. versionadded:: 0.6
 
@@ -141,7 +141,20 @@ all begin with ``-----BEGIN {format}-----`` and end with ``-----END
 
     :param password: The password to use to decrypt the data. Should
         be ``None`` if the private key is not encrypted.
-    :type data: :term:`bytes-like`
+    :type password: :term:`bytes-like`
+
+    :param unsafe_skip_rsa_key_validation:
+
+        .. versionadded:: 39.0.0
+
+        A keyword-only argument that defaults to ``False``. If ``True``
+        RSA private keys will not be validated. This significantly speeds up
+        loading the keys, but is :term:`unsafe` unless you are certain the
+        key is valid. User supplied keys should never be loaded with this
+        parameter set to ``True``. If you do load an invalid key this way and
+        attempt to use it OpenSSL may hang, crash, or otherwise misbehave.
+
+    :type unsafe_skip_rsa_key_validation: bool
 
     :returns: One of
         :class:`~cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey`,
@@ -234,7 +247,7 @@ data is binary. DER keys may be in a variety of formats, but as long as you
 know whether it is a public or private key the loading functions will handle
 the rest.
 
-.. function:: load_der_private_key(data, password)
+.. function:: load_der_private_key(data, password, *, unsafe_skip_rsa_key_validation=False)
 
     .. versionadded:: 0.8
 
@@ -248,6 +261,19 @@ the rest.
         be ``None`` if the private key is not encrypted.
     :type password: :term:`bytes-like`
 
+    :param unsafe_skip_rsa_key_validation:
+
+        .. versionadded:: 39.0.0
+
+        A keyword-only argument that defaults to ``False``. If ``True``
+        RSA private keys will not be validated. This significantly speeds up
+        loading the keys, but is :term:`unsafe` unless you are certain the
+        key is valid. User supplied keys should never be loaded with this
+        parameter set to ``True``. If you do load an invalid key this way and
+        attempt to use it OpenSSL may hang, crash, or otherwise misbehave.
+
+    :type unsafe_skip_rsa_key_validation: bool
+
     :returns: One of
         :class:`~cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey`,
         :class:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PrivateKey`,
@@ -618,6 +644,7 @@ file suffix.
         instances.
 
 .. class:: PBES
+    :canonical: cryptography.hazmat.primitives._serialization.PBES
 
     .. versionadded:: 38.0.0
 
@@ -840,6 +867,7 @@ Serialization Formats
 .. currentmodule:: cryptography.hazmat.primitives.serialization
 
 .. class:: PrivateFormat
+    :canonical: cryptography.hazmat.primitives._serialization.PrivateFormat
 
     .. versionadded:: 0.8
 
@@ -1026,6 +1054,7 @@ Serialization Encodings
 ~~~~~~~~~~~~~~~~~~~~~~~
 
 .. class:: Encoding
+    :canonical: cryptography.hazmat.primitives._serialization.Encoding
 
     An enumeration for encoding types. Used with the ``private_bytes`` method
     available on
@@ -1086,6 +1115,7 @@ Serialization Encryption Types
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 .. class:: KeySerializationEncryption
+    :canonical: cryptography.hazmat.primitives._serialization.KeySerializationEncryption
 
     Objects with this interface are usable as encryption types with methods
     like ``private_bytes`` available on
@@ -1099,6 +1129,7 @@ Serialization Encryption Types
     encryption and have this interface.
 
 .. class:: BestAvailableEncryption(password)
+    :canonical: cryptography.hazmat.primitives._serialization.BestAvailableEncryption
 
     Encrypt using the best available encryption for a given key.
     This is a curated encryption choice and the algorithm may change over
@@ -1108,6 +1139,7 @@ Serialization Encryption Types
     :param bytes password: The password to use for encryption.
 
 .. class:: NoEncryption
+    :canonical: cryptography.hazmat.primitives._serialization.NoEncryption
 
     Do not encrypt.
 

docs/hazmat/primitives/cryptographic-hashes.rst

@@ -117,7 +117,7 @@ SHA-family of hashes.
 .. note::
 
     While the RFC specifies keying, personalization, and salting features,
-    these are not supported at this time due to limitations in OpenSSL 1.1.0.
+    these are not supported at this time due to limitations in OpenSSL.
 
 .. class:: BLAKE2b(digest_size)
 
@@ -292,5 +292,5 @@ Interfaces
 .. _`Lifetimes of cryptographic hash functions`: https://valerieaurora.org/hash.html
 .. _`BLAKE2`: https://blake2.net
 .. _`length-extension attacks`: https://en.wikipedia.org/wiki/Length_extension_attack
-.. _`GM/T 0004-2012`: http://www.oscca.gov.cn/sca/xxgk/2010-12/17/1002389/files/302a3ada057c4a73830536d03e683110.pdf
+.. _`GM/T 0004-2012`: https://www.oscca.gov.cn/sca/xxgk/2010-12/17/1002389/files/302a3ada057c4a73830536d03e683110.pdf
 .. _`draft-sca-cfrg-sm3`: https://datatracker.ietf.org/doc/html/draft-sca-cfrg-sm3

docs/hazmat/primitives/key-derivation-functions.rst

@@ -62,7 +62,7 @@ PBKDF2
         ...     algorithm=hashes.SHA256(),
         ...     length=32,
         ...     salt=salt,
-        ...     iterations=390000,
+        ...     iterations=480000,
         ... )
         >>> key = kdf.derive(b"my great password")
         >>> # verify
@@ -70,7 +70,7 @@ PBKDF2
         ...     algorithm=hashes.SHA256(),
         ...     length=32,
         ...     salt=salt,
-        ...     iterations=390000,
+        ...     iterations=480000,
         ... )
         >>> kdf.verify(b"my great password", key)