Skip to content

Commit

Permalink
python-cryptography: bump to version 3.3.1
Browse files Browse the repository at this point in the history
Regenerated patches from:
  pyca/cryptography#4920

The patch names were kept as generated via 'git format-patch 3.3.1..'

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
  • Loading branch information
commodo committed Dec 15, 2020
1 parent 2b7f885 commit ce1ce8a
Show file tree
Hide file tree
Showing 8 changed files with 102 additions and 96 deletions.
4 changes: 2 additions & 2 deletions lang/python/python-cryptography/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,11 @@
include $(TOPDIR)/rules.mk

PKG_NAME:=python-cryptography
PKG_VERSION:=3.2.1
PKG_VERSION:=3.3.1
PKG_RELEASE:=1

PYPI_NAME:=cryptography
PKG_HASH:=d3d5e10be0cf2a12214ddee45c6bd203dab435e3d83b4560c03066eda600bfe3
PKG_HASH:=7e177e4bea2de937a584b13645cab32f25e3d96fc0bc4a4cf99c27dc77682be6

PKG_LICENSE:=Apache-2.0 BSD-3-Clause
PKG_LICENSE_FILES:=LICENSE.APACHE LICENSE.BSD
Expand Down
Original file line number Diff line number Diff line change
@@ -1,13 +1,15 @@
From 1d97b931bf4701fbd3478d2b788ec4310d9eb8e1 Mon Sep 17 00:00:00 2001
From 7865528da7ff435df2080d0e9a032b47e6cb27c2 Mon Sep 17 00:00:00 2001
From: Rosen Penev <rosenp@gmail.com>
Date: Fri, 7 Jun 2019 18:18:46 -0700
Subject: [PATCH] Add new ASN1_STRING_get0_data API
Subject: [PATCH 1/7] Add new ASN1_STRING_get0_data API

Introduced with OpenSSL 1.1
---
src/_cffi_src/openssl/asn1.py | 8 ++++++++
1 file changed, 8 insertions(+)
src/_cffi_src/openssl/asn1.py | 4 ++++
1 file changed, 4 insertions(+)

diff --git a/src/_cffi_src/openssl/asn1.py b/src/_cffi_src/openssl/asn1.py
index da55b670..b8cd62d1 100644
--- a/src/_cffi_src/openssl/asn1.py
+++ b/src/_cffi_src/openssl/asn1.py
@@ -45,6 +45,7 @@ void ASN1_OBJECT_free(ASN1_OBJECT *);
Expand All @@ -18,15 +20,14 @@ Introduced with OpenSSL 1.1
int ASN1_STRING_set(ASN1_STRING *, const void *, int);

/* ASN1 OCTET STRING */
@@ -105,4 +106,11 @@ ASN1_NULL *ASN1_NULL_new(void);
@@ -105,4 +106,7 @@ ASN1_NULL *ASN1_NULL_new(void);
"""

CUSTOMIZATIONS = """
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER
+#define ASN1_STRING_get0_data ASN1_STRING_data
+#endif
+
+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
+#define ASN1_STRING_data ASN1_STRING_get0_data
+#endif
"""
--
2.27.0

Original file line number Diff line number Diff line change
@@ -1,14 +1,16 @@
From a30684980e8f1f7472d885487880b405608f4122 Mon Sep 17 00:00:00 2001
From 3edde2f9cb69609e4c23d1ce7203023bc06e362d Mon Sep 17 00:00:00 2001
From: Rosen Penev <rosenp@gmail.com>
Date: Fri, 7 Jun 2019 20:42:04 -0700
Subject: [PATCH] Add compatibility for X509_STORE_set_get_issuer
Subject: [PATCH 2/7] Add compatibility for X509_STORE_set_get_issuer

Deprecated under OpenSSL 1.1.
---
src/_cffi_src/openssl/x509_vfy.py | 8 ++++++++
src/cryptography/hazmat/bindings/openssl/_conditional.py | 9 +++++++++
2 files changed, 17 insertions(+)
src/cryptography/hazmat/bindings/openssl/_conditional.py | 8 ++++++++
2 files changed, 16 insertions(+)

diff --git a/src/_cffi_src/openssl/x509_vfy.py b/src/_cffi_src/openssl/x509_vfy.py
index ba3d3dbb..845c522a 100644
--- a/src/_cffi_src/openssl/x509_vfy.py
+++ b/src/_cffi_src/openssl/x509_vfy.py
@@ -22,6 +22,7 @@ TYPES = """
Expand All @@ -19,7 +21,7 @@ Deprecated under OpenSSL 1.1.

typedef ... Cryptography_STACK_OF_ASN1_OBJECT;
typedef ... Cryptography_STACK_OF_X509_OBJECT;
@@ -274,4 +275,11 @@ void (*X509_STORE_set_get_issuer)(X509_S
@@ -252,4 +253,11 @@ void (*X509_STORE_set_get_issuer)(X509_STORE *,
#else
static const long Cryptography_HAS_X509_STORE_CTX_GET_ISSUER = 1;
#endif
Expand All @@ -31,26 +33,30 @@ Deprecated under OpenSSL 1.1.
+static const long Cryptography_HAS_X509_CB_ISSUER_CHECK = 1;
+#endif
"""
diff --git a/src/cryptography/hazmat/bindings/openssl/_conditional.py b/src/cryptography/hazmat/bindings/openssl/_conditional.py
index ca50fed1..c4c567bf 100644
--- a/src/cryptography/hazmat/bindings/openssl/_conditional.py
+++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py
@@ -291,6 +291,12 @@ def cryptography_has_srtp():
@@ -270,6 +270,11 @@ def cryptography_has_get_proto_version():
"SSL_get_max_proto_version",
]


+def cryptography_has_x509_cb_issuer_check():
+ return [
+ "X509_V_FLAG_CB_ISSUER_CHECK",
+ ]
+
+
# This is a mapping of
# {condition: function-returning-names-dependent-on-that-condition} so we can
# loop over them and delete unsupported names at runtime. It will be removed
@@ -342,4 +348,7 @@ CONDITIONAL_NAMES = {
"Cryptography_HAS_ENGINE": cryptography_has_engine,
@@ -319,4 +324,7 @@ CONDITIONAL_NAMES = {
"Cryptography_HAS_VERIFIED_CHAIN": cryptography_has_verified_chain,
"Cryptography_HAS_SRTP": cryptography_has_srtp,
"Cryptography_HAS_GET_PROTO_VERSION": cryptography_has_get_proto_version,
+ "Cryptography_HAS_X509_CB_ISSUER_CHECK": (
+ cryptography_has_x509_cb_issuer_check
+ ),
}
--
2.27.0

Original file line number Diff line number Diff line change
@@ -1,18 +1,20 @@
From 3f3b85a59d3c2cb021174ad92ad3a43d9eb73e62 Mon Sep 17 00:00:00 2001
From 48dbc51737a96f0e87e28bf96693f545b433e3aa Mon Sep 17 00:00:00 2001
From: Rosen Penev <rosenp@gmail.com>
Date: Fri, 7 Jun 2019 21:00:46 -0700
Subject: [PATCH] Add compatibility for deprecated TLS methods
Subject: [PATCH 3/7] Add compatibility for deprecated TLS methods

---
src/_cffi_src/openssl/ssl.py | 45 +++++++++++++++++--
.../hazmat/bindings/openssl/_conditional.py | 36 +++++++++++++++
2 files changed, 77 insertions(+), 4 deletions(-)

diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py
index 9400f115..a824ebfd 100644
--- a/src/_cffi_src/openssl/ssl.py
+++ b/src/_cffi_src/openssl/ssl.py
@@ -15,8 +15,9 @@ static const long Cryptography_HAS_SSL_S
@@ -14,12 +14,14 @@ TYPES = """
static const long Cryptography_HAS_SSL_ST;
static const long Cryptography_HAS_TLS_ST;
static const long Cryptography_HAS_SSL2;
static const long Cryptography_HAS_SSL3_METHOD;
-static const long Cryptography_HAS_TLSv1_1;
-static const long Cryptography_HAS_TLSv1_2;
Expand All @@ -21,17 +23,14 @@ Subject: [PATCH] Add compatibility for deprecated TLS methods
+static const long Cryptography_HAS_TLS1_2_METHOD;
static const long Cryptography_HAS_TLSv1_3;
static const long Cryptography_HAS_SECURE_RENEGOTIATION;
static const long Cryptography_HAS_TLSEXT_STATUS_REQ_CB;
@@ -24,6 +25,7 @@ static const long Cryptography_HAS_STATU
static const long Cryptography_HAS_TLSEXT_STATUS_REQ_TYPE;
static const long Cryptography_HAS_SSL_CTX_CLEAR_OPTIONS;
static const long Cryptography_HAS_DTLS;
+static const long Cryptography_HAS_DTLS1_METHOD;
static const long Cryptography_HAS_SIGALGS;
static const long Cryptography_HAS_PSK;
static const long Cryptography_HAS_CIPHER_DETAILS;
@@ -596,8 +598,43 @@ static const long Cryptography_HAS_STATU
static const long Cryptography_HAS_TLSEXT_STATUS_REQ_TYPE = 1;
static const long Cryptography_HAS_VERIFIED_CHAIN;
@@ -543,8 +545,43 @@ static const long Cryptography_HAS_SSL3_METHOD = 1;

static const long Cryptography_HAS_RELEASE_BUFFERS = 1;
static const long Cryptography_HAS_OP_NO_COMPRESSION = 1;
-static const long Cryptography_HAS_TLSv1_1 = 1;
Expand Down Expand Up @@ -76,6 +75,8 @@ Subject: [PATCH] Add compatibility for deprecated TLS methods
static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING = 1;
static const long Cryptography_HAS_SSL_OP_NO_TICKET = 1;
static const long Cryptography_HAS_SSL_SET_SSL_CTX = 1;
diff --git a/src/cryptography/hazmat/bindings/openssl/_conditional.py b/src/cryptography/hazmat/bindings/openssl/_conditional.py
index c4c567bf..4aaffbf0 100644
--- a/src/cryptography/hazmat/bindings/openssl/_conditional.py
+++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py
@@ -33,6 +33,38 @@ def cryptography_has_ssl3_method():
Expand Down Expand Up @@ -117,7 +118,7 @@ Subject: [PATCH] Add compatibility for deprecated TLS methods
def cryptography_has_102_verification():
return [
"X509_V_ERR_SUITE_B_INVALID_VERSION",
@@ -307,6 +339,10 @@ CONDITIONAL_NAMES = {
@@ -286,6 +318,10 @@ CONDITIONAL_NAMES = {
"Cryptography_HAS_RSA_OAEP_MD": cryptography_has_rsa_oaep_md,
"Cryptography_HAS_RSA_OAEP_LABEL": cryptography_has_rsa_oaep_label,
"Cryptography_HAS_SSL3_METHOD": cryptography_has_ssl3_method,
Expand All @@ -128,3 +129,6 @@ Subject: [PATCH] Add compatibility for deprecated TLS methods
"Cryptography_HAS_102_VERIFICATION": cryptography_has_102_verification,
"Cryptography_HAS_110_VERIFICATION_PARAMS": (
cryptography_has_110_verification_params
--
2.27.0

Original file line number Diff line number Diff line change
@@ -1,38 +1,38 @@
From 50c1e937342c8b13c8a80c3bb55ce245aecdcdfe Mon Sep 17 00:00:00 2001
From d46c5b4af395b2fe9b0f95d7ad482cdf32052aae Mon Sep 17 00:00:00 2001
From: Rosen Penev <rosenp@gmail.com>
Date: Sat, 15 Jun 2019 17:49:25 -0700
Subject: [PATCH] Replace EVP_CIPHER_CTX_cleanup with EVP_CIPHER_CTX_reset
Subject: [PATCH 4/7] Replace EVP_CIPHER_CTX_cleanup with EVP_CIPHER_CTX_reset

Deprecated in OpenSSL 1.1
---
src/_cffi_src/openssl/evp.py | 10 ++++++++++
src/cryptography/hazmat/backends/openssl/ciphers.py | 2 +-
2 files changed, 11 insertions(+), 1 deletion(-)
src/_cffi_src/openssl/evp.py | 6 ++++++
src/cryptography/hazmat/backends/openssl/ciphers.py | 2 +-
2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/_cffi_src/openssl/evp.py b/src/_cffi_src/openssl/evp.py
index ab7cfeb3..aceb84c1 100644
--- a/src/_cffi_src/openssl/evp.py
+++ b/src/_cffi_src/openssl/evp.py
@@ -48,6 +48,7 @@ int EVP_CipherUpdate(EVP_CIPHER_CTX *, u
@@ -48,6 +48,7 @@ int EVP_CipherUpdate(EVP_CIPHER_CTX *, unsigned char *, int *,
const unsigned char *, int);
int EVP_CipherFinal_ex(EVP_CIPHER_CTX *, unsigned char *, int *);
int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *);
+int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *);
EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *);
int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *, int);
@@ -273,4 +274,13 @@ static const long Cryptography_HAS_EVP_D
@@ -269,4 +270,9 @@ static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 1;
#ifndef EVP_PKEY_POLY1305
#define EVP_PKEY_POLY1305 NID_poly1305
#endif
+
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER
+#define EVP_CIPHER_CTX_reset EVP_CIPHER_CTX_cleanup
+#endif
+
+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
+#define EVP_CIPHER_CTX_cleanup EVP_CIPHER_CTX_reset
+#define OpenSSL_add_all_algorithms() do {} while(0)
+#endif
"""
diff --git a/src/cryptography/hazmat/backends/openssl/ciphers.py b/src/cryptography/hazmat/backends/openssl/ciphers.py
index 1e805d23..8fa38db1 100644
--- a/src/cryptography/hazmat/backends/openssl/ciphers.py
+++ b/src/cryptography/hazmat/backends/openssl/ciphers.py
@@ -199,7 +199,7 @@ class _CipherContext(object):
Expand All @@ -44,3 +44,6 @@ Deprecated in OpenSSL 1.1
self._backend.openssl_assert(res == 1)
return self._backend._ffi.buffer(buf)[: outlen[0]]

--
2.27.0

Original file line number Diff line number Diff line change
@@ -1,15 +1,17 @@
From 645c30f76bce250772ce4e0b878e7228bd104277 Mon Sep 17 00:00:00 2001
From 9fea553483e93799cec7dbcaf11fcf0b419c7fa3 Mon Sep 17 00:00:00 2001
From: Rosen Penev <rosenp@gmail.com>
Date: Sat, 15 Jun 2019 18:47:46 -0700
Subject: [PATCH] Switch get_*Update APIs to get0
Subject: [PATCH 5/7] Switch get_*Update APIs to get0

Deprecated in 1.1
---
src/_cffi_src/openssl/x509.py | 34 ++++++++++++++++---
.../hazmat/backends/openssl/backend.py | 4 +--
.../hazmat/backends/openssl/x509.py | 8 ++---
3 files changed, 36 insertions(+), 10 deletions(-)
src/_cffi_src/openssl/x509.py | 15 +++++++++++----
.../hazmat/backends/openssl/backend.py | 4 ++--
src/cryptography/hazmat/backends/openssl/x509.py | 8 ++++----
3 files changed, 17 insertions(+), 10 deletions(-)

diff --git a/src/_cffi_src/openssl/x509.py b/src/_cffi_src/openssl/x509.py
index 24946ea4..cedcddd6 100644
--- a/src/_cffi_src/openssl/x509.py
+++ b/src/_cffi_src/openssl/x509.py
@@ -202,8 +202,10 @@ long X509_get_version(X509 *);
Expand All @@ -25,7 +27,7 @@ Deprecated in 1.1

long X509_REQ_get_version(X509_REQ *);
X509_NAME *X509_REQ_get_subject_name(X509_REQ *);
@@ -235,6 +237,8 @@ X509_CRL *sk_X509_CRL_value(Cryptography
@@ -235,6 +237,8 @@ X509_CRL *sk_X509_CRL_value(Cryptography_STACK_OF_X509_CRL *, int);
long X509_CRL_get_version(X509_CRL *);
ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *);
ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *);
Expand All @@ -34,7 +36,7 @@ Deprecated in 1.1
X509_NAME *X509_CRL_get_issuer(X509_CRL *);
Cryptography_STACK_OF_X509_REVOKED *X509_CRL_get_REVOKED(X509_CRL *);

@@ -243,8 +247,11 @@ int X509_CRL_set_lastUpdate(X509_CRL *,
@@ -243,8 +247,11 @@ int X509_CRL_set_lastUpdate(X509_CRL *, ASN1_TIME *);
int X509_CRL_set_nextUpdate(X509_CRL *, ASN1_TIME *);
int X509_set_notBefore(X509 *, ASN1_TIME *);
int X509_set_notAfter(X509 *, ASN1_TIME *);
Expand All @@ -48,35 +50,11 @@ Deprecated in 1.1

EC_KEY *d2i_EC_PUBKEY_bio(BIO *, EC_KEY **);
int i2d_EC_PUBKEY_bio(BIO *, EC_KEY *);
@@ -339,6 +346,25 @@ const ASN1_INTEGER *X509_REVOKED_get0_se
#define X509_set1_notAfter X509_set_notAfter
#define X509_getm_notAfter X509_get_notAfter
#define X509_getm_notBefore X509_get_notBefore
+#define X509_get0_notAfter X509_get_notAfter
+#define X509_get0_notBefore X509_get_notBefore
+
+#define X509_CRL_set1_lastUpdate X509_CRL_set_lastUpdate
+#define X509_CRL_set1_nextUpdate X509_CRL_set_nextUpdate
+#define X509_CRL_get0_lastUpdate X509_CRL_get_lastUpdate
+#define X509_CRL_get0_nextUpdate X509_CRL_get_nextUpdate
#endif
#endif
+
+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
+#define X509_set_notBefore X509_set1_notBefore
+#define X509_set_notAfter X509_set1_notAfter
+#define X509_get_notAfter X509_get0_notAfter
+#define X509_get_notBefore X509_get0_notBefore
+
+#define X509_CRL_get_lastUpdate X509_CRL_get0_lastUpdate
+#define X509_CRL_get_nextUpdate X509_CRL_get0_nextUpdate
+#define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate
+#define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate
+#endif
"""
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index 45d4a1a1..653b72db 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -1127,12 +1127,12 @@ class Backend(object):
@@ -1128,12 +1128,12 @@ class Backend(object):

# Set the last update time.
last_update = self._create_asn1_time(builder._last_update)
Expand All @@ -91,6 +69,8 @@ Deprecated in 1.1
self.openssl_assert(res == 1)

# Add extensions.
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index 4d0dac76..074211e6 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -86,12 +86,12 @@ class _Certificate(object):
Expand All @@ -108,7 +88,7 @@ Deprecated in 1.1
return _parse_asn1_time(self._backend, asn1_time)

@property
@@ -277,13 +277,13 @@ class _CertificateRevocationList(object)
@@ -277,13 +277,13 @@ class _CertificateRevocationList(object):

@property
def next_update(self):
Expand All @@ -124,3 +104,6 @@ Deprecated in 1.1
self._backend.openssl_assert(lu != self._backend._ffi.NULL)
return _parse_asn1_time(self._backend, lu)

--
2.27.0

Loading

0 comments on commit ce1ce8a

Please sign in to comment.