diff --git a/backport-CVE-2020-36242.patch b/backport-CVE-2020-36242.patch deleted file mode 100644 index fbfb2a277a7197559d7b9940702fe5f9e55f96a5..0000000000000000000000000000000000000000 --- a/backport-CVE-2020-36242.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 962eac3925c7184fb5dc174357823223beba0d85 Mon Sep 17 00:00:00 2001 -From: Paul Kehrer -Date: Sun, 7 Feb 2021 11:04:43 -0600 -Subject: [PATCH] port changelog and fix back to master for CVE-2020-36242 - ---- - CHANGELOG.rst | 9 +++++++++ - src/cryptography/hazmat/backends/openssl/ciphers.py | 2 +- - 2 files changed, 10 insertions(+), 1 deletion(-) - -diff --git a/CHANGELOG.rst b/CHANGELOG.rst -index 3cb53d0..4dd7146 100644 ---- a/CHANGELOG.rst -+++ b/CHANGELOG.rst -@@ -1,6 +1,15 @@ - Changelog - ========= - -+.. _v3-3-2: -+ -+3.3.2 - 2021-02-07 -+~~~~~~~~~~~~~~~~~~ -+ -+* **SECURITY ISSUE:** Fixed a bug where certain sequences of ``update()`` calls -+ when symmetrically encrypting very large payloads (>2GB) could result in an -+ integer overflow, leading to buffer overflows. *CVE-2020-36242* -+ - .. _v3-3-1: - - 3.3.1 - 2020-12-09 -diff --git a/src/cryptography/hazmat/backends/openssl/ciphers.py b/src/cryptography/hazmat/backends/openssl/ciphers.py -index 1e805d2..ad5dad3 100644 ---- a/src/cryptography/hazmat/backends/openssl/ciphers.py -+++ b/src/cryptography/hazmat/backends/openssl/ciphers.py -@@ -17,7 +17,7 @@ from cryptography.hazmat.primitives.ciphers import modes - class _CipherContext(object): - _ENCRYPT = 1 - _DECRYPT = 0 -- _MAX_CHUNK_SIZE = 2 ** 31 - 1 -+ _MAX_CHUNK_SIZE = 2 ** 30 - 1 - - def __init__(self, backend, cipher, mode, operation): - self._backend = backend --- -1.8.3.1 - diff --git a/backport-add-SM4-symmetric-block-cipher-5834.patch b/backport-add-SM4-symmetric-block-cipher-5834.patch deleted file mode 100644 index 7b600260c1189d2e9a36445da748a301049fb872..0000000000000000000000000000000000000000 --- a/backport-add-SM4-symmetric-block-cipher-5834.patch +++ /dev/null @@ -1,366 +0,0 @@ -From 1a0c76566944ed09e48f51ce17ff9968cf40c886 Mon Sep 17 00:00:00 2001 -From: tobyp -Date: Sun, 28 Feb 2021 20:57:50 +0100 -Subject: [PATCH] Add SM4 symmetric block cipher (#5834) - -Reference:https://github.com/pyca/cryptography/commit/f69f27b1dd20ad2d24f48053a72545527e808104 -Conflict:The content of hazmat/primitives/ciphers/algorithms.py and tests/utils.py are adapted. -hazmat/primitives/ciphers/algorithms.py: -Community patch: - +class SM4(CipherAlgorithm, BlockCipherAlgorithm): -Adaptation patch: - +@utils.register_interface(BlockCipherAlgorithm) - +@utils.register_interface(CipherAlgorithm) - +class SM4(object): -tests/utils.py: -Adaptation patch: - +filepath = os.path.join(os.path.dirname(__file__), "../vectors/cryptography_vectors", filename) - +if os.path.exists(filepath): - + with open(filepath, mode) as vector_file: - + return loader(vector_file) - -Co-authored-by: Tobias Peter -Signed-off-by: hanxinke ---- - .../primitives/symmetric-encryption.rst | 15 +++ - .../hazmat/backends/openssl/backend.py | 5 + - .../hazmat/primitives/ciphers/algorithms.py | 14 +++ - tests/hazmat/primitives/test_sm4.py | 99 +++++++++++++++++++ - tests/utils.py | 4 + - .../SM4/draft-ribose-cfrg-sm4-10-cbc.txt | 17 ++++ - .../SM4/draft-ribose-cfrg-sm4-10-cfb.txt | 17 ++++ - .../SM4/draft-ribose-cfrg-sm4-10-ctr.txt | 17 ++++ - .../SM4/draft-ribose-cfrg-sm4-10-ecb.txt | 28 ++++++ - .../SM4/draft-ribose-cfrg-sm4-10-ofb.txt | 17 ++++ - 10 files changed, 233 insertions(+) - create mode 100644 tests/hazmat/primitives/test_sm4.py - create mode 100644 vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-cbc.txt - create mode 100644 vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-cfb.txt - create mode 100644 vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ctr.txt - create mode 100644 vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ecb.txt - create mode 100644 vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ofb.txt - -diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst -index 8551acb..6e10d67 100644 ---- a/docs/hazmat/primitives/symmetric-encryption.rst -+++ b/docs/hazmat/primitives/symmetric-encryption.rst -@@ -196,6 +196,19 @@ Algorithms - :term:`bits` in length. - :type key: :term:`bytes-like` - -+.. class:: SM4(key) -+ -+ .. versionadded:: 35.0.0 -+ -+ SM4 is a block cipher developed by the Chinese Government and standardized -+ in the `GB/T 32907-2016`_. It is used in the Chinese WAPI -+ (Wired Authentication and Privacy Infrastructure) standard. (An English -+ description is available at `draft-ribose-cfrg-sm4-10`_.) -+ -+ :param key: The secret key. This must be kept secret. ``128`` -+ :term:`bits` in length. -+ :type key: :term:`bytes-like` -+ - Weak ciphers - ------------ - -@@ -815,3 +828,5 @@ Exceptions - .. _`International Data Encryption Algorithm`: https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm - .. _`OpenPGP`: https://www.openpgp.org/ - .. _`disk encryption`: https://en.wikipedia.org/wiki/Disk_encryption_theory#XTS -+.. _`GB/T 32907-2016`: http://www.cnnic.cn/gcjsyj/qyjsyj/mmsfbz/sm4/201312/t20131204_43341.htm -+.. _`draft-ribose-cfrg-sm4-10`: https://tools.ietf.org/html/draft-ribose-cfrg-sm4-10 -diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py -index 45d4a1a..ff9c23c 100644 ---- a/src/cryptography/hazmat/backends/openssl/backend.py -+++ b/src/cryptography/hazmat/backends/openssl/backend.py -@@ -139,6 +139,7 @@ from cryptography.hazmat.primitives.ciphers.algorithms import ( - ChaCha20, - IDEA, - SEED, -+ SM4, - TripleDES, - ) - from cryptography.hazmat.primitives.ciphers.modes import ( -@@ -415,6 +416,10 @@ class Backend(object): - ChaCha20, type(None), GetCipherByName("chacha20") - ) - self.register_cipher_adapter(AES, XTS, _get_xts_cipher) -+ for mode_cls in [ECB, CBC, OFB, CFB, CTR]: -+ self.register_cipher_adapter( -+ SM4, mode_cls, GetCipherByName("sm4-{mode.name}") -+ ) - - def _register_x509_ext_parsers(self): - ext_handlers = _EXTENSION_HANDLERS_BASE.copy() -diff --git a/src/cryptography/hazmat/primitives/ciphers/algorithms.py b/src/cryptography/hazmat/primitives/ciphers/algorithms.py -index 8072ced..a1db984 100644 ---- a/src/cryptography/hazmat/primitives/ciphers/algorithms.py -+++ b/src/cryptography/hazmat/primitives/ciphers/algorithms.py -@@ -168,3 +168,17 @@ class ChaCha20(object): - @property - def key_size(self): - return len(self.key) * 8 -+ -+@utils.register_interface(BlockCipherAlgorithm) -+@utils.register_interface(CipherAlgorithm) -+class SM4(object): -+ name = "SM4" -+ block_size = 128 -+ key_sizes = frozenset([128]) -+ -+ def __init__(self, key: bytes): -+ self.key = _verify_key_size(self, key) -+ -+ @property -+ def key_size(self) -> int: -+ return len(self.key) * 8 -diff --git a/tests/hazmat/primitives/test_sm4.py b/tests/hazmat/primitives/test_sm4.py -new file mode 100644 -index 0000000..b757344 ---- /dev/null -+++ b/tests/hazmat/primitives/test_sm4.py -@@ -0,0 +1,99 @@ -+# This file is dual licensed under the terms of the Apache License, Version -+# 2.0, and the BSD License. See the LICENSE file in the root of this repository -+# for complete details. -+ -+import binascii -+import os -+ -+import pytest -+ -+from cryptography.hazmat.backends.interfaces import CipherBackend -+from cryptography.hazmat.primitives.ciphers import algorithms, modes -+ -+from .utils import generate_encrypt_test -+from ...utils import load_nist_vectors -+ -+ -+@pytest.mark.supported( -+ only_if=lambda backend: backend.cipher_supported( -+ algorithms.SM4(b"\x00" * 16), modes.ECB() -+ ), -+ skip_message="Does not support SM4 ECB", -+) -+@pytest.mark.requires_backend_interface(interface=CipherBackend) -+class TestSM4ModeECB(object): -+ test_ecb = generate_encrypt_test( -+ load_nist_vectors, -+ os.path.join("ciphers", "SM4"), -+ ["draft-ribose-cfrg-sm4-10-ecb.txt"], -+ lambda key, **kwargs: algorithms.SM4(binascii.unhexlify((key))), -+ lambda **kwargs: modes.ECB(), -+ ) -+ -+ -+@pytest.mark.supported( -+ only_if=lambda backend: backend.cipher_supported( -+ algorithms.SM4(b"\x00" * 16), modes.CBC(b"\x00" * 16) -+ ), -+ skip_message="Does not support SM4 CBC", -+) -+@pytest.mark.requires_backend_interface(interface=CipherBackend) -+class TestSM4ModeCBC(object): -+ test_cbc = generate_encrypt_test( -+ load_nist_vectors, -+ os.path.join("ciphers", "SM4"), -+ ["draft-ribose-cfrg-sm4-10-cbc.txt"], -+ lambda key, **kwargs: algorithms.SM4(binascii.unhexlify((key))), -+ lambda iv, **kwargs: modes.CBC(binascii.unhexlify(iv)), -+ ) -+ -+ -+@pytest.mark.supported( -+ only_if=lambda backend: backend.cipher_supported( -+ algorithms.SM4(b"\x00" * 16), modes.OFB(b"\x00" * 16) -+ ), -+ skip_message="Does not support SM4 OFB", -+) -+@pytest.mark.requires_backend_interface(interface=CipherBackend) -+class TestSM4ModeOFB(object): -+ test_ofb = generate_encrypt_test( -+ load_nist_vectors, -+ os.path.join("ciphers", "SM4"), -+ ["draft-ribose-cfrg-sm4-10-ofb.txt"], -+ lambda key, **kwargs: algorithms.SM4(binascii.unhexlify((key))), -+ lambda iv, **kwargs: modes.OFB(binascii.unhexlify(iv)), -+ ) -+ -+ -+@pytest.mark.supported( -+ only_if=lambda backend: backend.cipher_supported( -+ algorithms.SM4(b"\x00" * 16), modes.CFB(b"\x00" * 16) -+ ), -+ skip_message="Does not support SM4 CFB", -+) -+@pytest.mark.requires_backend_interface(interface=CipherBackend) -+class TestSM4ModeCFB(object): -+ test_cfb = generate_encrypt_test( -+ load_nist_vectors, -+ os.path.join("ciphers", "SM4"), -+ ["draft-ribose-cfrg-sm4-10-cfb.txt"], -+ lambda key, **kwargs: algorithms.SM4(binascii.unhexlify((key))), -+ lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)), -+ ) -+ -+ -+@pytest.mark.supported( -+ only_if=lambda backend: backend.cipher_supported( -+ algorithms.SM4(b"\x00" * 16), modes.CTR(b"\x00" * 16) -+ ), -+ skip_message="Does not support SM4 CTR", -+) -+@pytest.mark.requires_backend_interface(interface=CipherBackend) -+class TestSM4ModeCTR(object): -+ test_cfb = generate_encrypt_test( -+ load_nist_vectors, -+ os.path.join("ciphers", "SM4"), -+ ["draft-ribose-cfrg-sm4-10-ctr.txt"], -+ lambda key, **kwargs: algorithms.SM4(binascii.unhexlify((key))), -+ lambda iv, **kwargs: modes.CTR(binascii.unhexlify(iv)), -+ ) -diff --git a/tests/utils.py b/tests/utils.py -index 497fde8..053ca50 100644 ---- a/tests/utils.py -+++ b/tests/utils.py -@@ -41,6 +41,10 @@ def raises_unsupported_algorithm(reason): - - - def load_vectors_from_file(filename, loader, mode="r"): -+ filepath = os.path.join(os.path.dirname(__file__), "../vectors/cryptography_vectors", filename) -+ if os.path.exists(filepath): -+ with open(filepath, mode) as vector_file: -+ return loader(vector_file) - with cryptography_vectors.open_vector_file(filename, mode) as vector_file: - return loader(vector_file) - -diff --git a/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-cbc.txt b/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-cbc.txt -new file mode 100644 -index 0000000..49c5f85 ---- /dev/null -+++ b/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-cbc.txt -@@ -0,0 +1,17 @@ -+# Vectors from draft-ribose-cfrg-sm4-10.txt. Reformatted to work with the NIST loader -+# SM4 CBC -+[ENCRYPT] -+ -+# A.2.2.1 -+COUNT = 0 -+KEY = 0123456789abcdeffedcba9876543210 -+PLAINTEXT = aaaaaaaabbbbbbbbccccccccddddddddeeeeeeeeffffffffaaaaaaaabbbbbbbb -+IV = 000102030405060708090a0b0c0d0e0f -+CIPHERTEXT = 78ebb11cc40b0a48312aaeb2040244cb4cb7016951909226979b0d15dc6a8f6d -+ -+# A.2.2.2 -+COUNT = 1 -+KEY = fedcba98765432100123456789abcdef -+PLAINTEXT = aaaaaaaabbbbbbbbccccccccddddddddeeeeeeeeffffffffaaaaaaaabbbbbbbb -+IV = 000102030405060708090a0b0c0d0e0f -+CIPHERTEXT = 0d3a6ddc2d21c698857215587b7bb59a91f2c147911a4144665e1fa1d40bae38 -diff --git a/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-cfb.txt b/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-cfb.txt -new file mode 100644 -index 0000000..4c2e4ab ---- /dev/null -+++ b/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-cfb.txt -@@ -0,0 +1,17 @@ -+# Vectors from draft-ribose-cfrg-sm4-10.txt. Reformatted to work with the NIST loader -+# SM4 CFB -+[ENCRYPT] -+ -+# A.2.4.1 -+COUNT = 0 -+KEY = 0123456789abcdeffedcba9876543210 -+PLAINTEXT = aaaaaaaabbbbbbbbccccccccddddddddeeeeeeeeffffffffaaaaaaaabbbbbbbb -+IV = 000102030405060708090a0b0c0d0e0f -+CIPHERTEXT = ac3236cb861dd316e6413b4e3c7524b769d4c54ed433b9a0346009beb37b2b3f -+ -+# A.2.4.2 -+COUNT = 1 -+KEY = fedcba98765432100123456789abcdef -+PLAINTEXT = aaaaaaaabbbbbbbbccccccccddddddddeeeeeeeeffffffffaaaaaaaabbbbbbbb -+IV = 000102030405060708090a0b0c0d0e0f -+CIPHERTEXT = 5dcccd25a84ba16560d7f265887068490d9b86ff20c3bfe115ffa02ca6192cc5 -diff --git a/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ctr.txt b/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ctr.txt -new file mode 100644 -index 0000000..0aea157 ---- /dev/null -+++ b/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ctr.txt -@@ -0,0 +1,17 @@ -+# Vectors from draft-ribose-cfrg-sm4-10.txt. Reformatted to work with the NIST loader -+# SM4 CTR -+[ENCRYPT] -+ -+# A.2.5.1 -+COUNT = 0 -+KEY = 0123456789abcdeffedcba9876543210 -+PLAINTEXT = aaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbccccccccccccccccddddddddddddddddeeeeeeeeeeeeeeeeffffffffffffffffaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbb -+IV = 000102030405060708090a0b0c0d0e0f -+CIPHERTEXT = ac3236cb970cc20791364c395a1342d1a3cbc1878c6f30cd074cce385cdd70c7f234bc0e24c11980fd1286310ce37b926e02fcd0faa0baf38b2933851d824514 -+ -+# A.2.5.2 -+COUNT = 1 -+KEY = fedcba98765432100123456789abcdef -+PLAINTEXT = aaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbccccccccccccccccddddddddddddddddeeeeeeeeeeeeeeeeffffffffffffffffaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbb -+IV = 000102030405060708090a0b0c0d0e0f -+CIPHERTEXT = 5dcccd25b95ab07417a08512ee160e2f8f661521cbbab44cc87138445bc29e5c0ae0297205d62704173b21239b887f6c8cb5b800917a2488284bde9e16ea2906 -diff --git a/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ecb.txt b/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ecb.txt -new file mode 100644 -index 0000000..c9a6874 ---- /dev/null -+++ b/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ecb.txt -@@ -0,0 +1,28 @@ -+# Vectors from draft-ribose-cfrg-sm4-10.txt. Reformatted to work with the NIST loader -+# Originally from GB/T 32907-2016 Example 1 -+# SM4 ECB -+[ENCRYPT] -+ -+# A.1.1/A.1.2 -+COUNT = 0 -+KEY = 0123456789abcdeffedcba9876543210 -+PLAINTEXT = 0123456789abcdeffedcba9876543210 -+CIPHERTEXT = 681edf34d206965e86b3e94f536e4246 -+ -+# A.1.4/A.1.5 -+COUNT = 1 -+KEY = fedcba98765432100123456789abcdef -+PLAINTEXT = 000102030405060708090a0b0c0d0e0f -+CIPHERTEXT = f766678f13f01adeac1b3ea955adb594 -+ -+# A.2.1.1 -+COUNT = 2 -+KEY = 0123456789abcdeffedcba9876543210 -+PLAINTEXT = aaaaaaaabbbbbbbbccccccccddddddddeeeeeeeeffffffffaaaaaaaabbbbbbbb -+CIPHERTEXT = 5ec8143de509cff7b5179f8f474b86192f1d305a7fb17df985f81c8482192304 -+ -+# A.2.1.2 -+COUNT = 3 -+KEY = fedcba98765432100123456789abcdef -+PLAINTEXT = aaaaaaaabbbbbbbbccccccccddddddddeeeeeeeeffffffffaaaaaaaabbbbbbbb -+CIPHERTEXT = c5876897e4a59bbba72a10c83872245b12dd90bc2d200692b529a4155ac9e600 -diff --git a/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ofb.txt b/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ofb.txt -new file mode 100644 -index 0000000..27c611d ---- /dev/null -+++ b/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ofb.txt -@@ -0,0 +1,17 @@ -+# Vectors from draft-ribose-cfrg-sm4-10.txt. Reformatted to work with the NIST loader -+# SM4 OFB -+[ENCRYPT] -+ -+# A.2.3.1 -+COUNT = 0 -+KEY = 0123456789abcdeffedcba9876543210 -+PLAINTEXT = aaaaaaaabbbbbbbbccccccccddddddddeeeeeeeeffffffffaaaaaaaabbbbbbbb -+IV = 000102030405060708090a0b0c0d0e0f -+CIPHERTEXT = ac3236cb861dd316e6413b4e3c7524b71d01aca2487ca582cbf5463e6698539b -+ -+# A.2.3.2 -+COUNT = 1 -+KEY = fedcba98765432100123456789abcdef -+PLAINTEXT = aaaaaaaabbbbbbbbccccccccddddddddeeeeeeeeffffffffaaaaaaaabbbbbbbb -+IV = 000102030405060708090a0b0c0d0e0f -+CIPHERTEXT = 5dcccd25a84ba16560d7f2658870684933fa16bd5cd9c856cacaa1e101897a97 --- -2.27.0 - diff --git a/backport-provide-openssl-apis-related-to-SM-for-python.patch b/backport-provide-openssl-apis-related-to-SM-for-python.patch index 08c3b8896061f3a6d994ec6c13fd349b01d9f47d..db3c9d798e3020da71aeabc1d51768243e04e88d 100644 --- a/backport-provide-openssl-apis-related-to-SM-for-python.patch +++ b/backport-provide-openssl-apis-related-to-SM-for-python.patch @@ -1,45 +1,33 @@ -From 52325495900f1bd9e1f228f24c81c0746520dc85 Mon Sep 17 00:00:00 2001 -From: hanxinke -Date: Tue, 3 Aug 2021 10:45:22 +0800 -Subject: [PATCH] provide openssl apis related to SM for python - -Signed-off-by: hanxinke ---- - src/_cffi_src/openssl/evp.py | 7 +++++++ - 1 file changed, 7 insertions(+) - diff --git a/src/_cffi_src/openssl/evp.py b/src/_cffi_src/openssl/evp.py -index ab7cfeb..0fa817d 100644 +index ad7a0e7..13069dc 100644 --- a/src/_cffi_src/openssl/evp.py +++ b/src/_cffi_src/openssl/evp.py -@@ -37,6 +37,7 @@ static const int Cryptography_HAS_EVP_PKEY_get_set_tls_encodedpoint; +@@ -36,6 +36,7 @@ static const int Cryptography_HAS_EVP_PKEY_get_set_tls_encodedpoint; static const int Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY; static const long Cryptography_HAS_RAW_KEY; static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF; +static const int EVP_PKEY_SM2; + static const long Cryptography_HAS_300_FIPS; + static const long Cryptography_HAS_EVP_PKEY_DH; """ - - FUNCTIONS = """ @@ -89,6 +90,9 @@ int EVP_DigestSignFinal(EVP_MD_CTX *, unsigned char *, size_t *); int EVP_DigestVerifyInit(EVP_MD_CTX *, EVP_PKEY_CTX **, const EVP_MD *, ENGINE *, EVP_PKEY *); +int EVP_DigestVerifyUpdate(EVP_MD_CTX *, const void *, size_t); +int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, -+ size_t siglen); ++ size_t siglen); EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *, ENGINE *); -@@ -165,6 +169,9 @@ EVP_PKEY *EVP_PKEY_new_raw_public_key(int, ENGINE *, const unsigned char *, - size_t); +@@ -165,6 +169,10 @@ EVP_PKEY *EVP_PKEY_new_raw_public_key(int, ENGINE *, const unsigned char *, int EVP_PKEY_get_raw_private_key(const EVP_PKEY *, unsigned char *, size_t *); int EVP_PKEY_get_raw_public_key(const EVP_PKEY *, unsigned char *, size_t *); + +int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type); +void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx); +const EVP_MD *EVP_sm3(void); ++ + int EVP_default_properties_is_fips_enabled(OSSL_LIB_CTX *); + int EVP_default_properties_enable_fips(OSSL_LIB_CTX *, int); """ - - CUSTOMIZATIONS = """ --- -2.27.0 - diff --git a/cryptography-3.3.1.tar.gz b/cryptography-3.3.1.tar.gz deleted file mode 100644 index 4d9671e137977c843779ee4fb70e1315c71f5328..0000000000000000000000000000000000000000 Binary files a/cryptography-3.3.1.tar.gz and /dev/null differ diff --git a/cryptography-36.0.1.tar.gz b/cryptography-36.0.1.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..9189a1aa080cc2fbbfe3bcd6c4cfce37e3a65f09 Binary files /dev/null and b/cryptography-36.0.1.tar.gz differ diff --git a/python-cryptography.spec b/python-cryptography.spec index 65d7418199b4f30ecabb80ffd25135607ca8fd1b..b4bb5055c70cc45f1fe114913546db9d57a69bf2 100644 --- a/python-cryptography.spec +++ b/python-cryptography.spec @@ -1,17 +1,15 @@ %global srcname cryptography Name: python-%{srcname} -Version: 3.3.1 -Release: 4 +Version: 36.0.1 +Release: 1 Summary: PyCA's cryptography library License: ASL 2.0 or BSD URL: https://cryptography.io/en/latest/ -Source0: %{pypi_source} +Source0: %{srcname}-%{version}.tar.gz -Patch6000: backport-CVE-2020-36242.patch -Patch6001: backport-add-SM4-symmetric-block-cipher-5834.patch Patch6002: backport-provide-openssl-apis-related-to-SM-for-python.patch -BuildRequires: openssl-devel +BuildRequires: openssl-devel cargo BuildRequires: gcc BuildRequires: python%{python3_pkgversion}-devel @@ -26,7 +24,9 @@ BuildRequires: python%{python3_pkgversion}-pytz BuildRequires: python%{python3_pkgversion}-idna >= 2.1 BuildRequires: python%{python3_pkgversion}-six >= 1.4.1 BuildRequires: python%{python3_pkgversion}-cffi >= 1.7 - +BuildRequires: python%{python3_pkgversion}-setuptools-rust +BuildRequires: python3-pip +BuildRequires: python3-pytest-subtests %description cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. @@ -51,6 +51,15 @@ recipes to Python developers. %prep %autosetup -n cryptography-%{version} -p1 +mkdir .cargo +cat >> .cargo/config.toml << EOF +[source.crates-io] +replace-with = "vendored-sources" + +[source.vendored-sources] +directory = "src/rust/vendor" +EOF + %build %py3_build @@ -63,7 +72,7 @@ PYTHONPATH=%{buildroot}%{python3_sitearch} %{__python3} -m pytest -k "not (test_ %files -n python%{python3_pkgversion}-cryptography %defattr(-,root,root) -%doc AUTHORS.rst +#%doc AUTHORS.rst %license LICENSE LICENSE.APACHE LICENSE.BSD %{python3_sitearch}/* %{python3_sitearch}/cryptography-%{version}-py*.egg-info @@ -73,6 +82,9 @@ PYTHONPATH=%{buildroot}%{python3_sitearch} %{__python3} -m pytest -k "not (test_ %doc README.rst docs %changelog +* Tue Jul 19 2022 huangtianhua - 36.0.1-1 +- Upgrade package to 36.0.1 + * Fri Jul 01 2022 tianwei -3.3.1-4 - Type:bugfix - ID:NA