add some more mypy flags (#6751)

remove some unneeded type ignores. This work found a missing type and
added it as well.

pyproject.toml

@@ -25,6 +25,8 @@ markers = [
 show_error_codes = true
 check_untyped_defs = true
 no_implicit_reexport = true
+warn_redundant_casts = true
+warn_unused_ignores = true
 
 [[tool.mypy.overrides]]
 module = [

src/cryptography/hazmat/primitives/kdf/kbkdf.py

@@ -186,7 +186,7 @@ class KBKDFHMAC(KeyDerivationFunction):
     def _prf(self, key_material: bytes):
         return hmac.HMAC(key_material, self._algorithm)
 
-    def derive(self, key_material) -> bytes:
+    def derive(self, key_material: bytes) -> bytes:
         return self._deriver.derive(key_material, self._algorithm.digest_size)
 
     def verify(self, key_material: bytes, expected_key: bytes) -> None:

src/cryptography/hazmat/primitives/serialization/ssh.py

@@ -624,10 +624,7 @@ def serialize_ssh_private_key(
         ciph.encryptor().update_into(buf[ofs:mlen], buf[ofs:])
 
     txt = _ssh_pem_encode(buf[:mlen])
-    # Ignore the following type because mypy wants
-    # Sequence[bytes] but what we're passing is fine.
-    # https://github.com/python/mypy/issues/9999
-    buf[ofs:mlen] = bytearray(slen)  # type: ignore
+    buf[ofs:mlen] = bytearray(slen)
     return txt
 
 

src/cryptography/utils.py

@@ -139,9 +139,7 @@ class _ModuleWithDeprecations(types.ModuleType):
 def deprecated(value, module_name, message, warning_class):
     module = sys.modules[module_name]
     if not isinstance(module, _ModuleWithDeprecations):
-        sys.modules[module_name] = _ModuleWithDeprecations(
-            module
-        )  # type: ignore[assignment]
+        sys.modules[module_name] = _ModuleWithDeprecations(module)
     return _DeprecatedValue(value, message, warning_class)
 
 

tests/hazmat/primitives/test_kbkdf.py

@@ -541,7 +541,7 @@ class TestKBKDFCMAC(object):
     def test_unsupported_algorithm(self, backend):
         with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER):
             KBKDFCMAC(
-                object,  # type: ignore[arg-type]
+                object,
                 Mode.CounterMode,
                 32,
                 4,
@@ -657,7 +657,7 @@ class TestKBKDFCMAC(object):
             backend=backend,
         )
         with pytest.raises(ValueError):
-            kdf.derive(b"material")  # type: ignore[arg-type]
+            kdf.derive(b"material")
 
     def test_buffer_protocol(self, backend):
         kdf = KBKDFCMAC(

tests/hazmat/primitives/test_rsa.py

@@ -563,7 +563,7 @@ class TestRSASignature(object):
             private_key.sign(
                 b"msg",
                 padding.PSS(
-                    mgf=DummyMGF(),  # type: ignore[arg-type]
+                    mgf=DummyMGF(),
                     salt_length=padding.PSS.MAX_LENGTH,
                 ),
                 hashes.SHA1(),
@@ -952,7 +952,7 @@ class TestRSAVerification(object):
         # Hash algorithm cannot be absent for PSS padding
         with pytest.raises(TypeError):
             public_key.recover_data_from_signature(
-                signature, pss_padding, None  # type: ignore[arg-type]
+                signature, pss_padding, None
             )
 
         # Signature data recovery not supported with PSS

tests/test_meta.py

@@ -15,7 +15,7 @@ def find_all_modules() -> typing.List[str]:
     return sorted(
         mod
         for _, mod, _ in pkgutil.walk_packages(
-            cryptography.__path__,  # type: ignore[attr-defined]
+            cryptography.__path__,
             prefix=cryptography.__name__ + ".",
         )
     )

tests/x509/test_x509.py

@@ -4816,7 +4816,7 @@ class TestNameAttribute(object):
         with pytest.raises(TypeError):
             x509.NameAttribute(
                 x509.ObjectIdentifier("2.999.1"),
-                b"bytes",  # type:ignore[arg-type]
+                b"bytes",
             )
 
     def test_init_bitstring_not_bytes(self):