!34 Upgrade to support OpenStack Yoga

From: @huangtianhua Reviewed-by: @xiezhipeng1 Signed-off-by: @xiezhipeng1
2022-08-02 10:49:08 +00:00 · 2022-08-02 10:49:08 +00:00 · 4c0e56bb0e
commit 4c0e56bb0e
parent ca117c2588 1bbe0c86af
6 changed files with 30 additions and 442 deletions
--- a/backport-CVE-2020-36242.patch
+++ b/backport-CVE-2020-36242.patch
@ -1,46 +0,0 @@
 From 962eac3925c7184fb5dc174357823223beba0d85 Mon Sep 17 00:00:00 2001
 From: Paul Kehrer <paul.l.kehrer@gmail.com>
 Date: Sun, 7 Feb 2021 11:04:43 -0600
 Subject: [PATCH] port changelog and fix back to master for CVE-2020-36242
 ---
 CHANGELOG.rst                                       | 9 +++++++++
 src/cryptography/hazmat/backends/openssl/ciphers.py | 2 +-
 2 files changed, 10 insertions(+), 1 deletion(-)
 diff --git a/CHANGELOG.rst b/CHANGELOG.rst
 index 3cb53d0..4dd7146 100644
 --- a/CHANGELOG.rst
 +++ b/CHANGELOG.rst
@@ -1,6 +1,15 @@
 Changelog
 =========
 +.. _v3-3-2:
 +
 +3.3.2 - 2021-02-07
 +~~~~~~~~~~~~~~~~~~
 +
 +* **SECURITY ISSUE:** Fixed a bug where certain sequences of ``update()`` calls
 +  when symmetrically encrypting very large payloads (>2GB) could result in an
 +  integer overflow, leading to buffer overflows. *CVE-2020-36242*
 +
 .. _v3-3-1:
 3.3.1 - 2020-12-09
 diff --git a/src/cryptography/hazmat/backends/openssl/ciphers.py b/src/cryptography/hazmat/backends/openssl/ciphers.py
 index 1e805d2..ad5dad3 100644
 --- a/src/cryptography/hazmat/backends/openssl/ciphers.py
 +++ b/src/cryptography/hazmat/backends/openssl/ciphers.py
@@ -17,7 +17,7 @@ from cryptography.hazmat.primitives.ciphers import modes
 class _CipherContext(object):
     _ENCRYPT = 1
     _DECRYPT = 0
 -    _MAX_CHUNK_SIZE = 2 ** 31 - 1
 +    _MAX_CHUNK_SIZE = 2 ** 30 - 1
     def __init__(self, backend, cipher, mode, operation):
         self._backend = backend
 -- 
 1.8.3.1
--- a/backport-add-SM4-symmetric-block-cipher-5834.patch
+++ b/backport-add-SM4-symmetric-block-cipher-5834.patch
@ -1,366 +0,0 @@
 From 1a0c76566944ed09e48f51ce17ff9968cf40c886 Mon Sep 17 00:00:00 2001
 From: tobyp <tobyp@tobyp.net>
 Date: Sun, 28 Feb 2021 20:57:50 +0100
 Subject: [PATCH] Add SM4 symmetric block cipher (#5834)
 Reference:https://github.com/pyca/cryptography/commit/f69f27b1dd20ad2d24f48053a72545527e808104
 Conflict:The content of hazmat/primitives/ciphers/algorithms.py and tests/utils.py are adapted.
 hazmat/primitives/ciphers/algorithms.py:
 Community patch:
    +class SM4(CipherAlgorithm, BlockCipherAlgorithm):
 Adaptation patch:
    +@utils.register_interface(BlockCipherAlgorithm)
    +@utils.register_interface(CipherAlgorithm)
    +class SM4(object):
 tests/utils.py:
 Adaptation patch:
    +filepath = os.path.join(os.path.dirname(__file__), "../vectors/cryptography_vectors", filename)
    +if os.path.exists(filepath):
    +    with open(filepath, mode) as vector_file:
    +        return loader(vector_file)
 Co-authored-by: Tobias Peter <tobias.peter@infineon.com>
 Signed-off-by: hanxinke <hanxinke@huawei.com>
 ---
 .../primitives/symmetric-encryption.rst       | 15 +++
 .../hazmat/backends/openssl/backend.py        |  5 +
 .../hazmat/primitives/ciphers/algorithms.py   | 14 +++
 tests/hazmat/primitives/test_sm4.py           | 99 +++++++++++++++++++
 tests/utils.py                                |  4 +
 .../SM4/draft-ribose-cfrg-sm4-10-cbc.txt      | 17 ++++
 .../SM4/draft-ribose-cfrg-sm4-10-cfb.txt      | 17 ++++
 .../SM4/draft-ribose-cfrg-sm4-10-ctr.txt      | 17 ++++
 .../SM4/draft-ribose-cfrg-sm4-10-ecb.txt      | 28 ++++++
 .../SM4/draft-ribose-cfrg-sm4-10-ofb.txt      | 17 ++++
 10 files changed, 233 insertions(+)
 create mode 100644 tests/hazmat/primitives/test_sm4.py
 create mode 100644 vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-cbc.txt
 create mode 100644 vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-cfb.txt
 create mode 100644 vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ctr.txt
 create mode 100644 vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ecb.txt
 create mode 100644 vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ofb.txt
 diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst
 index 8551acb..6e10d67 100644
 --- a/docs/hazmat/primitives/symmetric-encryption.rst
 +++ b/docs/hazmat/primitives/symmetric-encryption.rst
@@ -196,6 +196,19 @@ Algorithms
         :term:`bits` in length.
     :type key: :term:`bytes-like`
 +.. class:: SM4(key)
 +
 +    .. versionadded:: 35.0.0
 +
 +    SM4 is a block cipher developed by the Chinese Government and standardized
 +    in the `GB/T 32907-2016`_. It is used in the Chinese WAPI
 +    (Wired Authentication and Privacy Infrastructure) standard. (An English
 +    description is available at `draft-ribose-cfrg-sm4-10`_.)
 +
 +    :param key: The secret key. This must be kept secret. ``128``
 +        :term:`bits` in length.
 +    :type key: :term:`bytes-like`
 +
 Weak ciphers
 ------------
@@ -815,3 +828,5 @@ Exceptions
 .. _`International Data Encryption Algorithm`: https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
 .. _`OpenPGP`: https://www.openpgp.org/
 .. _`disk encryption`: https://en.wikipedia.org/wiki/Disk_encryption_theory#XTS
 +.. _`GB/T 32907-2016`: http://www.cnnic.cn/gcjsyj/qyjsyj/mmsfbz/sm4/201312/t20131204_43341.htm
 +.. _`draft-ribose-cfrg-sm4-10`: https://tools.ietf.org/html/draft-ribose-cfrg-sm4-10
 diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
 index 45d4a1a..ff9c23c 100644
 --- a/src/cryptography/hazmat/backends/openssl/backend.py
 +++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -139,6 +139,7 @@ from cryptography.hazmat.primitives.ciphers.algorithms import (
     ChaCha20,
     IDEA,
     SEED,
 +    SM4,
     TripleDES,
 )
 from cryptography.hazmat.primitives.ciphers.modes import (
@@ -415,6 +416,10 @@ class Backend(object):
             ChaCha20, type(None), GetCipherByName("chacha20")
         )
         self.register_cipher_adapter(AES, XTS, _get_xts_cipher)
 +        for mode_cls in [ECB, CBC, OFB, CFB, CTR]:
 +            self.register_cipher_adapter(
 +                SM4, mode_cls, GetCipherByName("sm4-{mode.name}")
 +            )
     def _register_x509_ext_parsers(self):
         ext_handlers = _EXTENSION_HANDLERS_BASE.copy()
 diff --git a/src/cryptography/hazmat/primitives/ciphers/algorithms.py b/src/cryptography/hazmat/primitives/ciphers/algorithms.py
 index 8072ced..a1db984 100644
 --- a/src/cryptography/hazmat/primitives/ciphers/algorithms.py
 +++ b/src/cryptography/hazmat/primitives/ciphers/algorithms.py
@@ -168,3 +168,17 @@ class ChaCha20(object):
     @property
     def key_size(self):
         return len(self.key) * 8
 +
 +@utils.register_interface(BlockCipherAlgorithm)
 +@utils.register_interface(CipherAlgorithm)
 +class SM4(object):
 +    name = "SM4"
 +    block_size = 128
 +    key_sizes = frozenset([128])
 +
 +    def __init__(self, key: bytes):
 +        self.key = _verify_key_size(self, key)
 +
 +    @property
 +    def key_size(self) -> int:
 +        return len(self.key) * 8
 diff --git a/tests/hazmat/primitives/test_sm4.py b/tests/hazmat/primitives/test_sm4.py
 new file mode 100644
 index 0000000..b757344
 --- /dev/null
 +++ b/tests/hazmat/primitives/test_sm4.py
@@ -0,0 +1,99 @@
 +# This file is dual licensed under the terms of the Apache License, Version
 +# 2.0, and the BSD License. See the LICENSE file in the root of this repository
 +# for complete details.
 +
 +import binascii
 +import os
 +
 +import pytest
 +
 +from cryptography.hazmat.backends.interfaces import CipherBackend
 +from cryptography.hazmat.primitives.ciphers import algorithms, modes
 +
 +from .utils import generate_encrypt_test
 +from ...utils import load_nist_vectors
 +
 +
 +@pytest.mark.supported(
 +    only_if=lambda backend: backend.cipher_supported(
 +        algorithms.SM4(b"\x00" * 16), modes.ECB()
 +    ),
 +    skip_message="Does not support SM4 ECB",
 +)
 +@pytest.mark.requires_backend_interface(interface=CipherBackend)
 +class TestSM4ModeECB(object):
 +    test_ecb = generate_encrypt_test(
 +        load_nist_vectors,
 +        os.path.join("ciphers", "SM4"),
 +        ["draft-ribose-cfrg-sm4-10-ecb.txt"],
 +        lambda key, **kwargs: algorithms.SM4(binascii.unhexlify((key))),
 +        lambda **kwargs: modes.ECB(),
 +    )
 +
 +
 +@pytest.mark.supported(
 +    only_if=lambda backend: backend.cipher_supported(
 +        algorithms.SM4(b"\x00" * 16), modes.CBC(b"\x00" * 16)
 +    ),
 +    skip_message="Does not support SM4 CBC",
 +)
 +@pytest.mark.requires_backend_interface(interface=CipherBackend)
 +class TestSM4ModeCBC(object):
 +    test_cbc = generate_encrypt_test(
 +        load_nist_vectors,
 +        os.path.join("ciphers", "SM4"),
 +        ["draft-ribose-cfrg-sm4-10-cbc.txt"],
 +        lambda key, **kwargs: algorithms.SM4(binascii.unhexlify((key))),
 +        lambda iv, **kwargs: modes.CBC(binascii.unhexlify(iv)),
 +    )
 +
 +
 +@pytest.mark.supported(
 +    only_if=lambda backend: backend.cipher_supported(
 +        algorithms.SM4(b"\x00" * 16), modes.OFB(b"\x00" * 16)
 +    ),
 +    skip_message="Does not support SM4 OFB",
 +)
 +@pytest.mark.requires_backend_interface(interface=CipherBackend)
 +class TestSM4ModeOFB(object):
 +    test_ofb = generate_encrypt_test(
 +        load_nist_vectors,
 +        os.path.join("ciphers", "SM4"),
 +        ["draft-ribose-cfrg-sm4-10-ofb.txt"],
 +        lambda key, **kwargs: algorithms.SM4(binascii.unhexlify((key))),
 +        lambda iv, **kwargs: modes.OFB(binascii.unhexlify(iv)),
 +    )
 +
 +
 +@pytest.mark.supported(
 +    only_if=lambda backend: backend.cipher_supported(
 +        algorithms.SM4(b"\x00" * 16), modes.CFB(b"\x00" * 16)
 +    ),
 +    skip_message="Does not support SM4 CFB",
 +)
 +@pytest.mark.requires_backend_interface(interface=CipherBackend)
 +class TestSM4ModeCFB(object):
 +    test_cfb = generate_encrypt_test(
 +        load_nist_vectors,
 +        os.path.join("ciphers", "SM4"),
 +        ["draft-ribose-cfrg-sm4-10-cfb.txt"],
 +        lambda key, **kwargs: algorithms.SM4(binascii.unhexlify((key))),
 +        lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)),
 +    )
 +
 +
 +@pytest.mark.supported(
 +    only_if=lambda backend: backend.cipher_supported(
 +        algorithms.SM4(b"\x00" * 16), modes.CTR(b"\x00" * 16)
 +    ),
 +    skip_message="Does not support SM4 CTR",
 +)
 +@pytest.mark.requires_backend_interface(interface=CipherBackend)
 +class TestSM4ModeCTR(object):
 +    test_cfb = generate_encrypt_test(
 +        load_nist_vectors,
 +        os.path.join("ciphers", "SM4"),
 +        ["draft-ribose-cfrg-sm4-10-ctr.txt"],
 +        lambda key, **kwargs: algorithms.SM4(binascii.unhexlify((key))),
 +        lambda iv, **kwargs: modes.CTR(binascii.unhexlify(iv)),
 +    )
 diff --git a/tests/utils.py b/tests/utils.py
 index 497fde8..053ca50 100644
 --- a/tests/utils.py
 +++ b/tests/utils.py
@@ -41,6 +41,10 @@ def raises_unsupported_algorithm(reason):
 def load_vectors_from_file(filename, loader, mode="r"):
 +    filepath = os.path.join(os.path.dirname(__file__), "../vectors/cryptography_vectors", filename)
 +    if os.path.exists(filepath):
 +        with open(filepath, mode) as vector_file:
 +            return loader(vector_file)
     with cryptography_vectors.open_vector_file(filename, mode) as vector_file:
         return loader(vector_file)
 diff --git a/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-cbc.txt b/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-cbc.txt
 new file mode 100644
 index 0000000..49c5f85
 --- /dev/null
 +++ b/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-cbc.txt
@@ -0,0 +1,17 @@
 +# Vectors from draft-ribose-cfrg-sm4-10.txt. Reformatted to work with the NIST loader
 +# SM4 CBC
 +[ENCRYPT]
 +
 +# A.2.2.1
 +COUNT = 0
 +KEY = 0123456789abcdeffedcba9876543210
 +PLAINTEXT = aaaaaaaabbbbbbbbccccccccddddddddeeeeeeeeffffffffaaaaaaaabbbbbbbb
 +IV = 000102030405060708090a0b0c0d0e0f
 +CIPHERTEXT = 78ebb11cc40b0a48312aaeb2040244cb4cb7016951909226979b0d15dc6a8f6d
 +
 +# A.2.2.2
 +COUNT = 1
 +KEY = fedcba98765432100123456789abcdef
 +PLAINTEXT = aaaaaaaabbbbbbbbccccccccddddddddeeeeeeeeffffffffaaaaaaaabbbbbbbb
 +IV = 000102030405060708090a0b0c0d0e0f
 +CIPHERTEXT = 0d3a6ddc2d21c698857215587b7bb59a91f2c147911a4144665e1fa1d40bae38
 diff --git a/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-cfb.txt b/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-cfb.txt
 new file mode 100644
 index 0000000..4c2e4ab
 --- /dev/null
 +++ b/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-cfb.txt
@@ -0,0 +1,17 @@
 +# Vectors from draft-ribose-cfrg-sm4-10.txt. Reformatted to work with the NIST loader
 +# SM4 CFB
 +[ENCRYPT]
 +
 +# A.2.4.1
 +COUNT = 0
 +KEY = 0123456789abcdeffedcba9876543210
 +PLAINTEXT = aaaaaaaabbbbbbbbccccccccddddddddeeeeeeeeffffffffaaaaaaaabbbbbbbb
 +IV = 000102030405060708090a0b0c0d0e0f
 +CIPHERTEXT = ac3236cb861dd316e6413b4e3c7524b769d4c54ed433b9a0346009beb37b2b3f
 +
 +# A.2.4.2
 +COUNT = 1
 +KEY = fedcba98765432100123456789abcdef
 +PLAINTEXT = aaaaaaaabbbbbbbbccccccccddddddddeeeeeeeeffffffffaaaaaaaabbbbbbbb
 +IV = 000102030405060708090a0b0c0d0e0f
 +CIPHERTEXT = 5dcccd25a84ba16560d7f265887068490d9b86ff20c3bfe115ffa02ca6192cc5
 diff --git a/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ctr.txt b/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ctr.txt
 new file mode 100644
 index 0000000..0aea157
 --- /dev/null
 +++ b/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ctr.txt
@@ -0,0 +1,17 @@
 +# Vectors from draft-ribose-cfrg-sm4-10.txt. Reformatted to work with the NIST loader
 +# SM4 CTR
 +[ENCRYPT]
 +
 +# A.2.5.1
 +COUNT = 0
 +KEY = 0123456789abcdeffedcba9876543210
 +PLAINTEXT = aaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbccccccccccccccccddddddddddddddddeeeeeeeeeeeeeeeeffffffffffffffffaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbb
 +IV = 000102030405060708090a0b0c0d0e0f
 +CIPHERTEXT = ac3236cb970cc20791364c395a1342d1a3cbc1878c6f30cd074cce385cdd70c7f234bc0e24c11980fd1286310ce37b926e02fcd0faa0baf38b2933851d824514
 +
 +# A.2.5.2
 +COUNT = 1
 +KEY = fedcba98765432100123456789abcdef
 +PLAINTEXT = aaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbccccccccccccccccddddddddddddddddeeeeeeeeeeeeeeeeffffffffffffffffaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbb
 +IV = 000102030405060708090a0b0c0d0e0f
 +CIPHERTEXT = 5dcccd25b95ab07417a08512ee160e2f8f661521cbbab44cc87138445bc29e5c0ae0297205d62704173b21239b887f6c8cb5b800917a2488284bde9e16ea2906
 diff --git a/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ecb.txt b/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ecb.txt
 new file mode 100644
 index 0000000..c9a6874
 --- /dev/null
 +++ b/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ecb.txt
@@ -0,0 +1,28 @@
 +# Vectors from draft-ribose-cfrg-sm4-10.txt. Reformatted to work with the NIST loader
 +# Originally from GB/T 32907-2016 Example 1
 +# SM4 ECB
 +[ENCRYPT]
 +
 +# A.1.1/A.1.2
 +COUNT = 0
 +KEY = 0123456789abcdeffedcba9876543210
 +PLAINTEXT = 0123456789abcdeffedcba9876543210
 +CIPHERTEXT = 681edf34d206965e86b3e94f536e4246
 +
 +# A.1.4/A.1.5
 +COUNT = 1
 +KEY = fedcba98765432100123456789abcdef
 +PLAINTEXT = 000102030405060708090a0b0c0d0e0f
 +CIPHERTEXT = f766678f13f01adeac1b3ea955adb594
 +
 +# A.2.1.1
 +COUNT = 2
 +KEY = 0123456789abcdeffedcba9876543210
 +PLAINTEXT = aaaaaaaabbbbbbbbccccccccddddddddeeeeeeeeffffffffaaaaaaaabbbbbbbb
 +CIPHERTEXT = 5ec8143de509cff7b5179f8f474b86192f1d305a7fb17df985f81c8482192304
 +
 +# A.2.1.2
 +COUNT = 3
 +KEY = fedcba98765432100123456789abcdef
 +PLAINTEXT = aaaaaaaabbbbbbbbccccccccddddddddeeeeeeeeffffffffaaaaaaaabbbbbbbb
 +CIPHERTEXT = c5876897e4a59bbba72a10c83872245b12dd90bc2d200692b529a4155ac9e600
 diff --git a/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ofb.txt b/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ofb.txt
 new file mode 100644
 index 0000000..27c611d
 --- /dev/null
 +++ b/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ofb.txt
@@ -0,0 +1,17 @@
 +# Vectors from draft-ribose-cfrg-sm4-10.txt. Reformatted to work with the NIST loader
 +# SM4 OFB
 +[ENCRYPT]
 +
 +# A.2.3.1
 +COUNT = 0
 +KEY = 0123456789abcdeffedcba9876543210
 +PLAINTEXT = aaaaaaaabbbbbbbbccccccccddddddddeeeeeeeeffffffffaaaaaaaabbbbbbbb
 +IV = 000102030405060708090a0b0c0d0e0f
 +CIPHERTEXT = ac3236cb861dd316e6413b4e3c7524b71d01aca2487ca582cbf5463e6698539b
 +
 +# A.2.3.2
 +COUNT = 1
 +KEY = fedcba98765432100123456789abcdef
 +PLAINTEXT = aaaaaaaabbbbbbbbccccccccddddddddeeeeeeeeffffffffaaaaaaaabbbbbbbb
 +IV = 000102030405060708090a0b0c0d0e0f
 +CIPHERTEXT = 5dcccd25a84ba16560d7f2658870684933fa16bd5cd9c856cacaa1e101897a97
 -- 
 2.27.0
--- a/backport-provide-openssl-apis-related-to-SM-for-python.patch
+++ b/backport-provide-openssl-apis-related-to-SM-for-python.patch
@ -1,25 +1,15 @@
 From 52325495900f1bd9e1f228f24c81c0746520dc85 Mon Sep 17 00:00:00 2001
 From: hanxinke <hanxinke@huawei.com>
 Date: Tue, 3 Aug 2021 10:45:22 +0800
 Subject: [PATCH] provide openssl apis related to SM for python
 Signed-off-by: hanxinke <hanxinke@huawei.com>
 ---
 src/_cffi_src/openssl/evp.py | 7 +++++++
 1 file changed, 7 insertions(+)
 diff --git a/src/_cffi_src/openssl/evp.py b/src/_cffi_src/openssl/evp.py
-index ab7cfeb..0fa817d 100644
+index ad7a0e7..13069dc 100644
 --- a/src/_cffi_src/openssl/evp.py
 +++ b/src/_cffi_src/openssl/evp.py
-@@ -37,6 +37,7 @@ static const int Cryptography_HAS_EVP_PKEY_get_set_tls_encodedpoint;
+@@ -36,6 +36,7 @@ static const int Cryptography_HAS_EVP_PKEY_get_set_tls_encodedpoint;
 static const int Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY;
 static const long Cryptography_HAS_RAW_KEY;
 static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF;
 +static const int EVP_PKEY_SM2;
 static const long Cryptography_HAS_300_FIPS;
 static const long Cryptography_HAS_EVP_PKEY_DH;
 """
 FUNCTIONS = """
@@ -89,6 +90,9 @@ int EVP_DigestSignFinal(EVP_MD_CTX *, unsigned char *, size_t *);
 int EVP_DigestVerifyInit(EVP_MD_CTX *, EVP_PKEY_CTX **, const EVP_MD *,
                          ENGINE *, EVP_PKEY *);
@ -30,16 +20,14 @@ index ab7cfeb..0fa817d 100644
 EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *, ENGINE *);
-@@ -165,6 +169,9 @@ EVP_PKEY *EVP_PKEY_new_raw_public_key(int, ENGINE *, const unsigned char *,
+@@ -165,6 +169,10 @@ EVP_PKEY *EVP_PKEY_new_raw_public_key(int, ENGINE *, const unsigned char *,
                                       size_t);
 int EVP_PKEY_get_raw_private_key(const EVP_PKEY *, unsigned char *, size_t *);
 int EVP_PKEY_get_raw_public_key(const EVP_PKEY *, unsigned char *, size_t *);
 +int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type);
 +void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx);
 +const EVP_MD *EVP_sm3(void);
 +
 int EVP_default_properties_is_fips_enabled(OSSL_LIB_CTX *);
 int EVP_default_properties_enable_fips(OSSL_LIB_CTX *, int);
 """
 CUSTOMIZATIONS = """
 -- 
 2.27.0
--- a/cryptography-3.3.1.tar.gz
+++ b/cryptography-3.3.1.tar.gz
--- a/cryptography-36.0.1.tar.gz
+++ b/cryptography-36.0.1.tar.gz
--- a/python-cryptography.spec
+++ b/python-cryptography.spec
@ -1,17 +1,15 @@
 %global srcname cryptography
 Name:           python-%{srcname}
-Version:        3.3.1
+Version:        36.0.1
-Release:        4
+Release:        1
 Summary:        PyCA's cryptography library
 License:        ASL 2.0 or BSD
 URL:            https://cryptography.io/en/latest/  
-Source0:        %{pypi_source}
+Source0:        %{srcname}-%{version}.tar.gz
 Patch6000:      backport-CVE-2020-36242.patch
 Patch6001:      backport-add-SM4-symmetric-block-cipher-5834.patch
 Patch6002:      backport-provide-openssl-apis-related-to-SM-for-python.patch
-BuildRequires:  openssl-devel
+BuildRequires:  openssl-devel cargo
 BuildRequires:  gcc
 BuildRequires:  python%{python3_pkgversion}-devel
@ -26,7 +24,9 @@ BuildRequires:  python%{python3_pkgversion}-pytz
 BuildRequires:  python%{python3_pkgversion}-idna >= 2.1
 BuildRequires:  python%{python3_pkgversion}-six >= 1.4.1
 BuildRequires:  python%{python3_pkgversion}-cffi >= 1.7
-
+BuildRequires:  python%{python3_pkgversion}-setuptools-rust
 BuildRequires:  python3-pip
 BuildRequires:  python3-pytest-subtests
 %description
 cryptography is a package designed to expose cryptographic primitives and
 recipes to Python developers.
@ -51,6 +51,15 @@ recipes to Python developers.
 %prep
 %autosetup -n cryptography-%{version} -p1
 mkdir .cargo
 cat >> .cargo/config.toml << EOF
 [source.crates-io]
 replace-with = "vendored-sources"
 [source.vendored-sources]
 directory = "src/rust/vendor"
 EOF
 %build
 %py3_build
@ -63,7 +72,7 @@ PYTHONPATH=%{buildroot}%{python3_sitearch} %{__python3} -m pytest -k "not (test_
 %files -n python%{python3_pkgversion}-cryptography
 %defattr(-,root,root)
-%doc AUTHORS.rst
+#%doc AUTHORS.rst
 %license LICENSE LICENSE.APACHE LICENSE.BSD
 %{python3_sitearch}/*
 %{python3_sitearch}/cryptography-%{version}-py*.egg-info
@ -73,6 +82,9 @@ PYTHONPATH=%{buildroot}%{python3_sitearch} %{__python3} -m pytest -k "not (test_
 %doc README.rst docs
 %changelog
 * Tue Jul 19 2022 huangtianhua <huangtianhua@huawei.com> - 36.0.1-1
 - Upgrade package to 36.0.1
 * Fri Jul 01 2022 tianwei<tianwei12@h-partners.com> -3.3.1-4
 - Type:bugfix
 - ID:NA