packages/python-cryptography
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!34 Upgrade to support OpenStack Yoga

Browse Source 
From: @huangtianhua 
Reviewed-by: @xiezhipeng1 
Signed-off-by: @xiezhipeng1
This commit is contained in:
openeuler-ci-bot 2022-08-02 10:49:08 +00:00 committed by Gitee
commit 4c0e56bb0e
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
6 changed files with 30 additions and 442 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
backport-CVE-2020-36242.patch
View File

@ -1,46 +0,0 @@
From 962eac3925c7184fb5dc174357823223beba0d85 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Sun, 7 Feb 2021 11:04:43 -0600
Subject: [PATCH] port changelog and fix back to master for CVE-2020-36242
---
CHANGELOG.rst | 9 +++++++++
src/cryptography/hazmat/backends/openssl/ciphers.py | 2 +-
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 3cb53d0..4dd7146 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -1,6 +1,15 @@
Changelog
=========
+.. _v3-3-2:
+
+3.3.2 - 2021-02-07
+~~~~~~~~~~~~~~~~~~
+
+* **SECURITY ISSUE:** Fixed a bug where certain sequences of ``update()`` calls
+ when symmetrically encrypting very large payloads (>2GB) could result in an
+ integer overflow, leading to buffer overflows. *CVE-2020-36242*
+
.. _v3-3-1:
3.3.1 - 2020-12-09
diff --git a/src/cryptography/hazmat/backends/openssl/ciphers.py b/src/cryptography/hazmat/backends/openssl/ciphers.py
index 1e805d2..ad5dad3 100644
--- a/src/cryptography/hazmat/backends/openssl/ciphers.py
+++ b/src/cryptography/hazmat/backends/openssl/ciphers.py
@@ -17,7 +17,7 @@ from cryptography.hazmat.primitives.ciphers import modes
class _CipherContext(object):
_ENCRYPT = 1
_DECRYPT = 0
- _MAX_CHUNK_SIZE = 2 ** 31 - 1
+ _MAX_CHUNK_SIZE = 2 ** 30 - 1
def __init__(self, backend, cipher, mode, operation):
self._backend = backend
--
1.8.3.1

366
backport-add-SM4-symmetric-block-cipher-5834.patch
View File

@ -1,366 +0,0 @@
From 1a0c76566944ed09e48f51ce17ff9968cf40c886 Mon Sep 17 00:00:00 2001
From: tobyp <tobyp@tobyp.net>
Date: Sun, 28 Feb 2021 20:57:50 +0100
Subject: [PATCH] Add SM4 symmetric block cipher (#5834)
Reference:https://github.com/pyca/cryptography/commit/f69f27b1dd20ad2d24f48053a72545527e808104
Conflict:The content of hazmat/primitives/ciphers/algorithms.py and tests/utils.py are adapted.
hazmat/primitives/ciphers/algorithms.py:
Community patch:
+class SM4(CipherAlgorithm, BlockCipherAlgorithm):
Adaptation patch:
+@utils.register_interface(BlockCipherAlgorithm)
+@utils.register_interface(CipherAlgorithm)
+class SM4(object):
tests/utils.py:
Adaptation patch:
+filepath = os.path.join(os.path.dirname(__file__), "../vectors/cryptography_vectors", filename)
+if os.path.exists(filepath):
+ with open(filepath, mode) as vector_file:
+ return loader(vector_file)
Co-authored-by: Tobias Peter <tobias.peter@infineon.com>
Signed-off-by: hanxinke <hanxinke@huawei.com>
---
.../primitives/symmetric-encryption.rst | 15 +++
.../hazmat/backends/openssl/backend.py | 5 +
.../hazmat/primitives/ciphers/algorithms.py | 14 +++
tests/hazmat/primitives/test_sm4.py | 99 +++++++++++++++++++
tests/utils.py | 4 +
.../SM4/draft-ribose-cfrg-sm4-10-cbc.txt | 17 ++++
.../SM4/draft-ribose-cfrg-sm4-10-cfb.txt | 17 ++++
.../SM4/draft-ribose-cfrg-sm4-10-ctr.txt | 17 ++++
.../SM4/draft-ribose-cfrg-sm4-10-ecb.txt | 28 ++++++
.../SM4/draft-ribose-cfrg-sm4-10-ofb.txt | 17 ++++
10 files changed, 233 insertions(+)
create mode 100644 tests/hazmat/primitives/test_sm4.py
create mode 100644 vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-cbc.txt
create mode 100644 vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-cfb.txt
create mode 100644 vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ctr.txt
create mode 100644 vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ecb.txt
create mode 100644 vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ofb.txt
diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst
index 8551acb..6e10d67 100644
--- a/docs/hazmat/primitives/symmetric-encryption.rst
+++ b/docs/hazmat/primitives/symmetric-encryption.rst
@@ -196,6 +196,19 @@ Algorithms
:term:`bits` in length.
:type key: :term:`bytes-like`
+.. class:: SM4(key)
+
+ .. versionadded:: 35.0.0
+
+ SM4 is a block cipher developed by the Chinese Government and standardized
+ in the `GB/T 32907-2016`_. It is used in the Chinese WAPI
+ (Wired Authentication and Privacy Infrastructure) standard. (An English
+ description is available at `draft-ribose-cfrg-sm4-10`_.)
+
+ :param key: The secret key. This must be kept secret. ``128``
+ :term:`bits` in length.
+ :type key: :term:`bytes-like`
+
Weak ciphers
------------
@@ -815,3 +828,5 @@ Exceptions
.. _`International Data Encryption Algorithm`: https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
.. _`OpenPGP`: https://www.openpgp.org/
.. _`disk encryption`: https://en.wikipedia.org/wiki/Disk_encryption_theory#XTS
+.. _`GB/T 32907-2016`: http://www.cnnic.cn/gcjsyj/qyjsyj/mmsfbz/sm4/201312/t20131204_43341.htm
+.. _`draft-ribose-cfrg-sm4-10`: https://tools.ietf.org/html/draft-ribose-cfrg-sm4-10
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index 45d4a1a..ff9c23c 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -139,6 +139,7 @@ from cryptography.hazmat.primitives.ciphers.algorithms import (
ChaCha20,
IDEA,
SEED,
+ SM4,
TripleDES,
)
from cryptography.hazmat.primitives.ciphers.modes import (
@@ -415,6 +416,10 @@ class Backend(object):
ChaCha20, type(None), GetCipherByName("chacha20")
)
self.register_cipher_adapter(AES, XTS, _get_xts_cipher)
+ for mode_cls in [ECB, CBC, OFB, CFB, CTR]:
+ self.register_cipher_adapter(
+ SM4, mode_cls, GetCipherByName("sm4-{mode.name}")
+ )
def _register_x509_ext_parsers(self):
ext_handlers = _EXTENSION_HANDLERS_BASE.copy()
diff --git a/src/cryptography/hazmat/primitives/ciphers/algorithms.py b/src/cryptography/hazmat/primitives/ciphers/algorithms.py
index 8072ced..a1db984 100644
--- a/src/cryptography/hazmat/primitives/ciphers/algorithms.py
+++ b/src/cryptography/hazmat/primitives/ciphers/algorithms.py
@@ -168,3 +168,17 @@ class ChaCha20(object):
@property
def key_size(self):
return len(self.key) * 8
+
+@utils.register_interface(BlockCipherAlgorithm)
+@utils.register_interface(CipherAlgorithm)
+class SM4(object):
+ name = "SM4"
+ block_size = 128
+ key_sizes = frozenset([128])
+
+ def __init__(self, key: bytes):
+ self.key = _verify_key_size(self, key)
+
+ @property
+ def key_size(self) -> int:
+ return len(self.key) * 8
diff --git a/tests/hazmat/primitives/test_sm4.py b/tests/hazmat/primitives/test_sm4.py
new file mode 100644
index 0000000..b757344
--- /dev/null
+++ b/tests/hazmat/primitives/test_sm4.py
@@ -0,0 +1,99 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+import binascii
+import os
+
+import pytest
+
+from cryptography.hazmat.backends.interfaces import CipherBackend
+from cryptography.hazmat.primitives.ciphers import algorithms, modes
+
+from .utils import generate_encrypt_test
+from ...utils import load_nist_vectors
+
+
+@pytest.mark.supported(
+ only_if=lambda backend: backend.cipher_supported(
+ algorithms.SM4(b"\x00" * 16), modes.ECB()
+ ),
+ skip_message="Does not support SM4 ECB",
+)
+@pytest.mark.requires_backend_interface(interface=CipherBackend)
+class TestSM4ModeECB(object):
+ test_ecb = generate_encrypt_test(
+ load_nist_vectors,
+ os.path.join("ciphers", "SM4"),
+ ["draft-ribose-cfrg-sm4-10-ecb.txt"],
+ lambda key, **kwargs: algorithms.SM4(binascii.unhexlify((key))),
+ lambda **kwargs: modes.ECB(),
+ )
+
+
+@pytest.mark.supported(
+ only_if=lambda backend: backend.cipher_supported(
+ algorithms.SM4(b"\x00" * 16), modes.CBC(b"\x00" * 16)
+ ),
+ skip_message="Does not support SM4 CBC",
+)
+@pytest.mark.requires_backend_interface(interface=CipherBackend)
+class TestSM4ModeCBC(object):
+ test_cbc = generate_encrypt_test(
+ load_nist_vectors,
+ os.path.join("ciphers", "SM4"),
+ ["draft-ribose-cfrg-sm4-10-cbc.txt"],
+ lambda key, **kwargs: algorithms.SM4(binascii.unhexlify((key))),
+ lambda iv, **kwargs: modes.CBC(binascii.unhexlify(iv)),
+ )
+
+
+@pytest.mark.supported(
+ only_if=lambda backend: backend.cipher_supported(
+ algorithms.SM4(b"\x00" * 16), modes.OFB(b"\x00" * 16)
+ ),
+ skip_message="Does not support SM4 OFB",
+)
+@pytest.mark.requires_backend_interface(interface=CipherBackend)
+class TestSM4ModeOFB(object):
+ test_ofb = generate_encrypt_test(
+ load_nist_vectors,
+ os.path.join("ciphers", "SM4"),
+ ["draft-ribose-cfrg-sm4-10-ofb.txt"],
+ lambda key, **kwargs: algorithms.SM4(binascii.unhexlify((key))),
+ lambda iv, **kwargs: modes.OFB(binascii.unhexlify(iv)),
+ )
+
+
+@pytest.mark.supported(
+ only_if=lambda backend: backend.cipher_supported(
+ algorithms.SM4(b"\x00" * 16), modes.CFB(b"\x00" * 16)
+ ),
+ skip_message="Does not support SM4 CFB",
+)
+@pytest.mark.requires_backend_interface(interface=CipherBackend)
+class TestSM4ModeCFB(object):
+ test_cfb = generate_encrypt_test(
+ load_nist_vectors,
+ os.path.join("ciphers", "SM4"),
+ ["draft-ribose-cfrg-sm4-10-cfb.txt"],
+ lambda key, **kwargs: algorithms.SM4(binascii.unhexlify((key))),
+ lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)),
+ )
+
+
+@pytest.mark.supported(
+ only_if=lambda backend: backend.cipher_supported(
+ algorithms.SM4(b"\x00" * 16), modes.CTR(b"\x00" * 16)
+ ),
+ skip_message="Does not support SM4 CTR",
+)
+@pytest.mark.requires_backend_interface(interface=CipherBackend)
+class TestSM4ModeCTR(object):
+ test_cfb = generate_encrypt_test(
+ load_nist_vectors,
+ os.path.join("ciphers", "SM4"),
+ ["draft-ribose-cfrg-sm4-10-ctr.txt"],
+ lambda key, **kwargs: algorithms.SM4(binascii.unhexlify((key))),
+ lambda iv, **kwargs: modes.CTR(binascii.unhexlify(iv)),
+ )
diff --git a/tests/utils.py b/tests/utils.py
index 497fde8..053ca50 100644
--- a/tests/utils.py
+++ b/tests/utils.py
@@ -41,6 +41,10 @@ def raises_unsupported_algorithm(reason):
def load_vectors_from_file(filename, loader, mode="r"):
+ filepath = os.path.join(os.path.dirname(__file__), "../vectors/cryptography_vectors", filename)
+ if os.path.exists(filepath):
+ with open(filepath, mode) as vector_file:
+ return loader(vector_file)
with cryptography_vectors.open_vector_file(filename, mode) as vector_file:
return loader(vector_file)
diff --git a/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-cbc.txt b/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-cbc.txt
new file mode 100644
index 0000000..49c5f85
--- /dev/null
+++ b/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-cbc.txt
@@ -0,0 +1,17 @@
+# Vectors from draft-ribose-cfrg-sm4-10.txt. Reformatted to work with the NIST loader
+# SM4 CBC
+[ENCRYPT]
+
+# A.2.2.1
+COUNT = 0
+KEY = 0123456789abcdeffedcba9876543210
+PLAINTEXT = aaaaaaaabbbbbbbbccccccccddddddddeeeeeeeeffffffffaaaaaaaabbbbbbbb
+IV = 000102030405060708090a0b0c0d0e0f
+CIPHERTEXT = 78ebb11cc40b0a48312aaeb2040244cb4cb7016951909226979b0d15dc6a8f6d
+
+# A.2.2.2
+COUNT = 1
+KEY = fedcba98765432100123456789abcdef
+PLAINTEXT = aaaaaaaabbbbbbbbccccccccddddddddeeeeeeeeffffffffaaaaaaaabbbbbbbb
+IV = 000102030405060708090a0b0c0d0e0f
+CIPHERTEXT = 0d3a6ddc2d21c698857215587b7bb59a91f2c147911a4144665e1fa1d40bae38
diff --git a/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-cfb.txt b/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-cfb.txt
new file mode 100644
index 0000000..4c2e4ab
--- /dev/null
+++ b/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-cfb.txt
@@ -0,0 +1,17 @@
+# Vectors from draft-ribose-cfrg-sm4-10.txt. Reformatted to work with the NIST loader
+# SM4 CFB
+[ENCRYPT]
+
+# A.2.4.1
+COUNT = 0
+KEY = 0123456789abcdeffedcba9876543210
+PLAINTEXT = aaaaaaaabbbbbbbbccccccccddddddddeeeeeeeeffffffffaaaaaaaabbbbbbbb
+IV = 000102030405060708090a0b0c0d0e0f
+CIPHERTEXT = ac3236cb861dd316e6413b4e3c7524b769d4c54ed433b9a0346009beb37b2b3f
+
+# A.2.4.2
+COUNT = 1
+KEY = fedcba98765432100123456789abcdef
+PLAINTEXT = aaaaaaaabbbbbbbbccccccccddddddddeeeeeeeeffffffffaaaaaaaabbbbbbbb
+IV = 000102030405060708090a0b0c0d0e0f
+CIPHERTEXT = 5dcccd25a84ba16560d7f265887068490d9b86ff20c3bfe115ffa02ca6192cc5
diff --git a/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ctr.txt b/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ctr.txt
new file mode 100644
index 0000000..0aea157
--- /dev/null
+++ b/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ctr.txt
@@ -0,0 +1,17 @@
+# Vectors from draft-ribose-cfrg-sm4-10.txt. Reformatted to work with the NIST loader
+# SM4 CTR
+[ENCRYPT]
+
+# A.2.5.1
+COUNT = 0
+KEY = 0123456789abcdeffedcba9876543210
+PLAINTEXT = aaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbccccccccccccccccddddddddddddddddeeeeeeeeeeeeeeeeffffffffffffffffaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbb
+IV = 000102030405060708090a0b0c0d0e0f
+CIPHERTEXT = ac3236cb970cc20791364c395a1342d1a3cbc1878c6f30cd074cce385cdd70c7f234bc0e24c11980fd1286310ce37b926e02fcd0faa0baf38b2933851d824514
+
+# A.2.5.2
+COUNT = 1
+KEY = fedcba98765432100123456789abcdef
+PLAINTEXT = aaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbccccccccccccccccddddddddddddddddeeeeeeeeeeeeeeeeffffffffffffffffaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbb
+IV = 000102030405060708090a0b0c0d0e0f
+CIPHERTEXT = 5dcccd25b95ab07417a08512ee160e2f8f661521cbbab44cc87138445bc29e5c0ae0297205d62704173b21239b887f6c8cb5b800917a2488284bde9e16ea2906
diff --git a/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ecb.txt b/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ecb.txt
new file mode 100644
index 0000000..c9a6874
--- /dev/null
+++ b/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ecb.txt
@@ -0,0 +1,28 @@
+# Vectors from draft-ribose-cfrg-sm4-10.txt. Reformatted to work with the NIST loader
+# Originally from GB/T 32907-2016 Example 1
+# SM4 ECB
+[ENCRYPT]
+
+# A.1.1/A.1.2
+COUNT = 0
+KEY = 0123456789abcdeffedcba9876543210
+PLAINTEXT = 0123456789abcdeffedcba9876543210
+CIPHERTEXT = 681edf34d206965e86b3e94f536e4246
+
+# A.1.4/A.1.5
+COUNT = 1
+KEY = fedcba98765432100123456789abcdef
+PLAINTEXT = 000102030405060708090a0b0c0d0e0f
+CIPHERTEXT = f766678f13f01adeac1b3ea955adb594
+
+# A.2.1.1
+COUNT = 2
+KEY = 0123456789abcdeffedcba9876543210
+PLAINTEXT = aaaaaaaabbbbbbbbccccccccddddddddeeeeeeeeffffffffaaaaaaaabbbbbbbb
+CIPHERTEXT = 5ec8143de509cff7b5179f8f474b86192f1d305a7fb17df985f81c8482192304
+
+# A.2.1.2
+COUNT = 3
+KEY = fedcba98765432100123456789abcdef
+PLAINTEXT = aaaaaaaabbbbbbbbccccccccddddddddeeeeeeeeffffffffaaaaaaaabbbbbbbb
+CIPHERTEXT = c5876897e4a59bbba72a10c83872245b12dd90bc2d200692b529a4155ac9e600
diff --git a/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ofb.txt b/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ofb.txt
new file mode 100644
index 0000000..27c611d
--- /dev/null
+++ b/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ofb.txt
@@ -0,0 +1,17 @@
+# Vectors from draft-ribose-cfrg-sm4-10.txt. Reformatted to work with the NIST loader
+# SM4 OFB
+[ENCRYPT]
+
+# A.2.3.1
+COUNT = 0
+KEY = 0123456789abcdeffedcba9876543210
+PLAINTEXT = aaaaaaaabbbbbbbbccccccccddddddddeeeeeeeeffffffffaaaaaaaabbbbbbbb
+IV = 000102030405060708090a0b0c0d0e0f
+CIPHERTEXT = ac3236cb861dd316e6413b4e3c7524b71d01aca2487ca582cbf5463e6698539b
+
+# A.2.3.2
+COUNT = 1
+KEY = fedcba98765432100123456789abcdef
+PLAINTEXT = aaaaaaaabbbbbbbbccccccccddddddddeeeeeeeeffffffffaaaaaaaabbbbbbbb
+IV = 000102030405060708090a0b0c0d0e0f
+CIPHERTEXT = 5dcccd25a84ba16560d7f2658870684933fa16bd5cd9c856cacaa1e101897a97
--
2.27.0

32
backport-provide-openssl-apis-related-to-SM-for-python.patch
View File

@ -1,45 +1,33 @@
From 52325495900f1bd9e1f228f24c81c0746520dc85 Mon Sep 17 00:00:00 2001
From: hanxinke <hanxinke@huawei.com>
Date: Tue, 3 Aug 2021 10:45:22 +0800
Subject: [PATCH] provide openssl apis related to SM for python
Signed-off-by: hanxinke <hanxinke@huawei.com>
---
src/_cffi_src/openssl/evp.py | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/_cffi_src/openssl/evp.py b/src/_cffi_src/openssl/evp.py
index ab7cfeb..0fa817d 100644
index ad7a0e7..13069dc 100644
--- a/src/_cffi_src/openssl/evp.py
+++ b/src/_cffi_src/openssl/evp.py
@@ -37,6 +37,7 @@ static const int Cryptography_HAS_EVP_PKEY_get_set_tls_encodedpoint;
@@ -36,6 +36,7 @@ static const int Cryptography_HAS_EVP_PKEY_get_set_tls_encodedpoint;
static const int Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY;
static const long Cryptography_HAS_RAW_KEY;
static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF;
+static const int EVP_PKEY_SM2;
static const long Cryptography_HAS_300_FIPS;
static const long Cryptography_HAS_EVP_PKEY_DH;
"""
FUNCTIONS = """
@@ -89,6 +90,9 @@ int EVP_DigestSignFinal(EVP_MD_CTX *, unsigned char *, size_t *);
int EVP_DigestVerifyInit(EVP_MD_CTX *, EVP_PKEY_CTX **, const EVP_MD *,
ENGINE *, EVP_PKEY *);
+int EVP_DigestVerifyUpdate(EVP_MD_CTX *, const void *, size_t);
+int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
+ size_t siglen);
+ size_t siglen);
EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *, ENGINE *);
@@ -165,6 +169,9 @@ EVP_PKEY *EVP_PKEY_new_raw_public_key(int, ENGINE *, const unsigned char *,
size_t);
@@ -165,6 +169,10 @@ EVP_PKEY *EVP_PKEY_new_raw_public_key(int, ENGINE *, const unsigned char *,
int EVP_PKEY_get_raw_private_key(const EVP_PKEY *, unsigned char *, size_t *);
int EVP_PKEY_get_raw_public_key(const EVP_PKEY *, unsigned char *, size_t *);
+int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type);
+void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx);
+const EVP_MD *EVP_sm3(void);
+
int EVP_default_properties_is_fips_enabled(OSSL_LIB_CTX *);
int EVP_default_properties_enable_fips(OSSL_LIB_CTX *, int);
"""
CUSTOMIZATIONS = """
--
2.27.0

BIN
cryptography-3.3.1.tar.gz
View File

Binary file not shown.

BIN
cryptography-36.0.1.tar.gz Normal file
View File

Binary file not shown.

28
python-cryptography.spec
View File

@ -1,17 +1,15 @@
%global srcname cryptography
Name: python-%{srcname}
Version: 3.3.1
Release: 4
Version: 36.0.1
Release: 1
Summary: PyCA's cryptography library
License: ASL 2.0 or BSD
URL: https://cryptography.io/en/latest/
Source0: %{pypi_source}
Source0: %{srcname}-%{version}.tar.gz
Patch6000: backport-CVE-2020-36242.patch
Patch6001: backport-add-SM4-symmetric-block-cipher-5834.patch
Patch6002: backport-provide-openssl-apis-related-to-SM-for-python.patch
BuildRequires: openssl-devel
BuildRequires: openssl-devel cargo
BuildRequires: gcc
BuildRequires: python%{python3_pkgversion}-devel
@ -26,7 +24,9 @@ BuildRequires: python%{python3_pkgversion}-pytz
BuildRequires: python%{python3_pkgversion}-idna >= 2.1
BuildRequires: python%{python3_pkgversion}-six >= 1.4.1
BuildRequires: python%{python3_pkgversion}-cffi >= 1.7
BuildRequires: python%{python3_pkgversion}-setuptools-rust
BuildRequires: python3-pip
BuildRequires: python3-pytest-subtests
%description
cryptography is a package designed to expose cryptographic primitives and
recipes to Python developers.
@ -51,6 +51,15 @@ recipes to Python developers.
%prep
%autosetup -n cryptography-%{version} -p1
mkdir .cargo
cat >> .cargo/config.toml << EOF
[source.crates-io]
replace-with = "vendored-sources"
[source.vendored-sources]
directory = "src/rust/vendor"
EOF
%build
%py3_build
@ -63,7 +72,7 @@ PYTHONPATH=%{buildroot}%{python3_sitearch} %{__python3} -m pytest -k "not (test_
%files -n python%{python3_pkgversion}-cryptography
%defattr(-,root,root)
%doc AUTHORS.rst
#%doc AUTHORS.rst
%license LICENSE LICENSE.APACHE LICENSE.BSD
%{python3_sitearch}/*
%{python3_sitearch}/cryptography-%{version}-py*.egg-info
@ -73,6 +82,9 @@ PYTHONPATH=%{buildroot}%{python3_sitearch} %{__python3} -m pytest -k "not (test_
%doc README.rst docs
%changelog
* Tue Jul 19 2022 huangtianhua <huangtianhua@huawei.com> - 36.0.1-1
- Upgrade package to 36.0.1
* Fri Jul 01 2022 tianwei<tianwei12@h-partners.com> -3.3.1-4
- Type:bugfix
- ID:NA