include $(TOPDIR)/rules.mk
PKG_NAME:=python-cryptography
-PKG_VERSION:=3.4.8
-PKG_RELEASE:=3
+PKG_VERSION:=41.0.4
+PKG_RELEASE:=1
PYPI_NAME:=cryptography
-PKG_HASH:=94cc5ed4ceaefcbe5bf38c8fba6a21fc1d365bb8fb826ea1688e3370b2e24a1c
+PKG_HASH:=7febc3094125fc126a7f6fb1f420d0da639f3f32cb15c8ff0dc3997c4549f51a
PKG_LICENSE:=Apache-2.0 BSD-3-Clause
PKG_LICENSE_FILES:=LICENSE.APACHE LICENSE.BSD
PKG_MAINTAINER:=Jeffery To <jeffery.to@gmail.com>
-PKG_BUILD_DEPENDS:=libffi/host python-cffi/host # cffi>=1.12
+PKG_BUILD_DEPENDS:=libffi/host python-cffi/host python-setuptools-rust/host
include ../pypi.mk
include $(INCLUDE_DIR)/package.mk
URL:=https://github.com/pyca/cryptography
DEPENDS:= \
+libopenssl \
+ +libopenssl-legacy \
+python3-light \
+python3-email \
- +python3-openssl \
+python3-urllib \
+python3-cffi \
- +python3-six
+ $(RUST_ARCH_DEPENDS)
endef
define Package/python3-cryptography/description
cryptography is a package which provides cryptographic recipes and
-primitives to Python developers. Our goal is for it to be your "cryptographic
-standard library". It supports Python 2.6-2.7, Python 3.3+, and PyPy 2.6+.
+primitives to Python developers. Our goal is for it to be your
+"cryptographic standard library".
endef
$(eval $(call Py3Package,python3-cryptography))
+++ /dev/null
-From 7eefc9c72f522e414f953fee2d6ca9242c566107 Mon Sep 17 00:00:00 2001
-From: Rosen Penev <rosenp@gmail.com>
-Date: Fri, 7 Jun 2019 18:18:46 -0700
-Subject: [PATCH 1/7] Add new ASN1_STRING_get0_data API
-
-Introduced with OpenSSL 1.1
----
- src/_cffi_src/openssl/asn1.py | 4 ++++
- 1 file changed, 4 insertions(+)
-
---- a/src/_cffi_src/openssl/asn1.py
-+++ b/src/_cffi_src/openssl/asn1.py
-@@ -105,4 +105,7 @@ ASN1_NULL *ASN1_NULL_new(void);
- """
-
- CUSTOMIZATIONS = """
-+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
-+#define ASN1_STRING_data ASN1_STRING_get0_data
-+#endif
- """
+++ /dev/null
-From 77b25307a743eb52ef5ead24c956e577f5bd025f Mon Sep 17 00:00:00 2001
-From: Rosen Penev <rosenp@gmail.com>
-Date: Fri, 7 Jun 2019 20:42:04 -0700
-Subject: [PATCH 2/7] Add compatibility for X509_STORE_set_get_issuer
-
-Deprecated under OpenSSL 1.1.
----
- src/_cffi_src/openssl/x509_vfy.py | 8 ++++++++
- src/cryptography/hazmat/bindings/openssl/_conditional.py | 8 ++++++++
- 2 files changed, 16 insertions(+)
-
---- a/src/_cffi_src/openssl/x509_vfy.py
-+++ b/src/_cffi_src/openssl/x509_vfy.py
-@@ -21,6 +21,7 @@ TYPES = """
- static const long Cryptography_HAS_102_VERIFICATION;
- static const long Cryptography_HAS_110_VERIFICATION_PARAMS;
- static const long Cryptography_HAS_X509_STORE_CTX_GET_ISSUER;
-+static const long Cryptography_HAS_X509_CB_ISSUER_CHECK;
-
- typedef ... Cryptography_STACK_OF_ASN1_OBJECT;
- typedef ... Cryptography_STACK_OF_X509_OBJECT;
-@@ -257,4 +258,11 @@ void (*X509_STORE_set_get_issuer)(X509_S
- #else
- static const long Cryptography_HAS_X509_STORE_CTX_GET_ISSUER = 1;
- #endif
-+
-+#ifndef X509_V_FLAG_CB_ISSUER_CHECK
-+static const long Cryptography_HAS_X509_CB_ISSUER_CHECK = 0;
-+#define X509_V_FLAG_CB_ISSUER_CHECK 0x0
-+#else
-+static const long Cryptography_HAS_X509_CB_ISSUER_CHECK = 1;
-+#endif
- """
---- a/src/cryptography/hazmat/bindings/openssl/_conditional.py
-+++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py
-@@ -269,6 +269,11 @@ def cryptography_has_get_proto_version()
- "SSL_get_max_proto_version",
- ]
-
-+def cryptography_has_x509_cb_issuer_check():
-+ return [
-+ "X509_V_FLAG_CB_ISSUER_CHECK",
-+ ]
-+
-
- # This is a mapping of
- # {condition: function-returning-names-dependent-on-that-condition} so we can
-@@ -318,4 +323,7 @@ CONDITIONAL_NAMES = {
- "Cryptography_HAS_VERIFIED_CHAIN": cryptography_has_verified_chain,
- "Cryptography_HAS_SRTP": cryptography_has_srtp,
- "Cryptography_HAS_GET_PROTO_VERSION": cryptography_has_get_proto_version,
-+ "Cryptography_HAS_X509_CB_ISSUER_CHECK": (
-+ cryptography_has_x509_cb_issuer_check
-+ ),
- }
+++ /dev/null
-From 7a55c37e01114dfd1ae733b099fdee1ba1889449 Mon Sep 17 00:00:00 2001
-From: Rosen Penev <rosenp@gmail.com>
-Date: Fri, 7 Jun 2019 21:00:46 -0700
-Subject: [PATCH 3/7] Add compatibility for deprecated TLS methods
-
----
- src/_cffi_src/openssl/ssl.py | 45 +++++++++++++++++--
- .../hazmat/bindings/openssl/_conditional.py | 36 +++++++++++++++
- 2 files changed, 77 insertions(+), 4 deletions(-)
-
---- a/src/_cffi_src/openssl/ssl.py
-+++ b/src/_cffi_src/openssl/ssl.py
-@@ -13,12 +13,14 @@ TYPES = """
- static const long Cryptography_HAS_SSL_ST;
- static const long Cryptography_HAS_TLS_ST;
- static const long Cryptography_HAS_SSL3_METHOD;
--static const long Cryptography_HAS_TLSv1_1;
--static const long Cryptography_HAS_TLSv1_2;
-+static const long Cryptography_HAS_TLS1_METHOD;
-+static const long Cryptography_HAS_TLS1_1_METHOD;
-+static const long Cryptography_HAS_TLS1_2_METHOD;
- static const long Cryptography_HAS_TLSv1_3;
- static const long Cryptography_HAS_SECURE_RENEGOTIATION;
- static const long Cryptography_HAS_SSL_CTX_CLEAR_OPTIONS;
- static const long Cryptography_HAS_DTLS;
-+static const long Cryptography_HAS_DTLS1_METHOD;
- static const long Cryptography_HAS_SIGALGS;
- static const long Cryptography_HAS_PSK;
- static const long Cryptography_HAS_VERIFIED_CHAIN;
-@@ -548,8 +550,43 @@ static const long Cryptography_HAS_SSL3_
-
- static const long Cryptography_HAS_RELEASE_BUFFERS = 1;
- static const long Cryptography_HAS_OP_NO_COMPRESSION = 1;
--static const long Cryptography_HAS_TLSv1_1 = 1;
--static const long Cryptography_HAS_TLSv1_2 = 1;
-+
-+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
-+static const long Cryptography_HAS_TLS1_METHOD = 0;
-+const SSL_METHOD* (*TLSv1_method)(void) = NULL;
-+const SSL_METHOD* (*TLSv1_server_method)(void) = NULL;
-+const SSL_METHOD* (*TLSv1_client_method)(void) = NULL;
-+#else
-+static const long Cryptography_HAS_TLS1_METHOD = 1;
-+#endif
-+
-+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
-+static const long Cryptography_HAS_TLS1_1_METHOD = 0;
-+const SSL_METHOD* (*TLSv1_1_method)(void) = NULL;
-+const SSL_METHOD* (*TLSv1_1_server_method)(void) = NULL;
-+const SSL_METHOD* (*TLSv1_1_client_method)(void) = NULL;
-+#else
-+static const long Cryptography_HAS_TLS1_1_METHOD = 1;
-+#endif
-+
-+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
-+static const long Cryptography_HAS_TLS1_2_METHOD = 0;
-+const SSL_METHOD* (*TLSv1_2_method)(void) = NULL;
-+const SSL_METHOD* (*TLSv1_2_server_method)(void) = NULL;
-+const SSL_METHOD* (*TLSv1_2_client_method)(void) = NULL;
-+#else
-+static const long Cryptography_HAS_TLS1_2_METHOD = 1;
-+#endif
-+
-+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
-+static const long Cryptography_HAS_DTLS1_METHOD = 0;
-+const SSL_METHOD* (*DTLSv1_method)(void) = NULL;
-+const SSL_METHOD* (*DTLSv1_server_method)(void) = NULL;
-+const SSL_METHOD* (*DTLSv1_client_method)(void) = NULL;
-+#else
-+static const long Cryptography_HAS_DTLS1_METHOD = 1;
-+#endif
-+
- static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING = 1;
- static const long Cryptography_HAS_SSL_OP_NO_TICKET = 1;
- static const long Cryptography_HAS_SSL_SET_SSL_CTX = 1;
---- a/src/cryptography/hazmat/bindings/openssl/_conditional.py
-+++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py
-@@ -31,6 +31,38 @@ def cryptography_has_ssl3_method():
- ]
-
-
-+def cryptography_has_tls1_method():
-+ return [
-+ "TLSv1_method",
-+ "TLSv1_client_method",
-+ "TLSv1_server_method",
-+ ]
-+
-+
-+def cryptography_has_tls1_1_method():
-+ return [
-+ "TLSv1_1_method",
-+ "TLSv1_1_client_method",
-+ "TLSv1_1_server_method",
-+ ]
-+
-+
-+def cryptography_has_tls1_2_method():
-+ return [
-+ "TLSv1_2_method",
-+ "TLSv1_2_client_method",
-+ "TLSv1_2_server_method",
-+ ]
-+
-+
-+def cryptography_has_dtls1_method():
-+ return [
-+ "DTLSv1_method",
-+ "DTLSv1_client_method",
-+ "DTLSv1_server_method",
-+ ]
-+
-+
- def cryptography_has_102_verification():
- return [
- "X509_V_ERR_SUITE_B_INVALID_VERSION",
-@@ -285,6 +317,10 @@ CONDITIONAL_NAMES = {
- "Cryptography_HAS_RSA_OAEP_MD": cryptography_has_rsa_oaep_md,
- "Cryptography_HAS_RSA_OAEP_LABEL": cryptography_has_rsa_oaep_label,
- "Cryptography_HAS_SSL3_METHOD": cryptography_has_ssl3_method,
-+ "Cryptography_HAS_TLS1_METHOD": cryptography_has_tls1_method,
-+ "Cryptography_HAS_TLS1_1_METHOD": cryptography_has_tls1_1_method,
-+ "Cryptography_HAS_TLS1_2_METHOD": cryptography_has_tls1_2_method,
-+ "Cryptography_HAS_DTLS1_METHOD": cryptography_has_dtls1_method,
- "Cryptography_HAS_102_VERIFICATION": cryptography_has_102_verification,
- "Cryptography_HAS_110_VERIFICATION_PARAMS": (
- cryptography_has_110_verification_params
+++ /dev/null
---- a/pyproject.toml
-+++ b/pyproject.toml
-@@ -6,7 +6,6 @@ requires = [
- "wheel",
- # Must be kept in sync with the `setup_requirements` in `setup.py`
- "cffi>=1.12; platform_python_implementation != 'PyPy'",
-- "setuptools-rust>=0.11.4",
- ]
- build-backend = "setuptools.build_meta"
-
---- a/setup.py
-+++ b/setup.py
-@@ -11,7 +11,7 @@ import sys
- from setuptools import find_packages, setup
-
- try:
-- from setuptools_rust import RustExtension
-+ pass
- except ImportError:
- print(
- """
-@@ -43,9 +43,9 @@ with open(os.path.join(src_dir, "cryptog
- # `pyproject.toml`
- setuptools_rust = "setuptools-rust>=0.11.4"
- install_requirements = ["cffi>=1.12"]
--setup_requirements = install_requirements + [setuptools_rust]
-+setup_requirements = install_requirements
-
--if os.environ.get("CRYPTOGRAPHY_DONT_BUILD_RUST"):
-+if True:
- rust_extensions = []
- else:
- rust_extensions = [
+++ /dev/null
-From 98bf3eda9c950158cf6a0a6a698dd365712201b1 Mon Sep 17 00:00:00 2001
-From: Rosen Penev <rosenp@gmail.com>
-Date: Mon, 25 Nov 2019 12:06:16 -0800
-Subject: [PATCH 6/7] Add X509_STORE_CTX_trusted_stack compatibility macro
-
-Deprecated in 1.1
-
-Signed-off-by: Rosen Penev <rosenp@gmail.com>
----
- src/_cffi_src/openssl/x509_vfy.py | 12 +++++++++++-
- 1 file changed, 11 insertions(+), 1 deletion(-)
-
---- a/src/_cffi_src/openssl/x509_vfy.py
-+++ b/src/_cffi_src/openssl/x509_vfy.py
-@@ -265,4 +265,10 @@ static const long Cryptography_HAS_X509_
- #else
- static const long Cryptography_HAS_X509_CB_ISSUER_CHECK = 1;
- #endif
-+
-+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
-+#define X509_STORE_CTX_trusted_stack X509_STORE_CTX_set0_trusted_stack
-+#define X509_STORE_CTX_set_chain X509_STORE_CTX_set0_untrusted
-+#define X509_STORE_CTX_get_chain X509_STORE_CTX_get1_chain
-+#endif
- """
+++ /dev/null
-From e96af1cee523c5551c7fc5f36eba8e271fa51b20 Mon Sep 17 00:00:00 2001
-From: Rosen Penev <rosenp@gmail.com>
-Date: Thu, 5 Dec 2019 12:52:13 -0800
-Subject: [PATCH 7/7] Add defines for totally deprecated functions
-
----
- src/_cffi_src/openssl/conf.py | 4 ++++
- src/_cffi_src/openssl/crypto.py | 4 ++++
- src/_cffi_src/openssl/ecdh.py | 3 +++
- src/_cffi_src/openssl/ssl.py | 5 +++++
- 4 files changed, 16 insertions(+)
-
---- a/src/_cffi_src/openssl/conf.py
-+++ b/src/_cffi_src/openssl/conf.py
-@@ -17,4 +17,8 @@ void OPENSSL_no_config(void);
- """
-
- CUSTOMIZATIONS = """
-+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
-+#define OPENSSL_config(x) 0
-+#define OPENSSL_no_config() 0
-+#endif
- """
---- a/src/_cffi_src/openssl/crypto.py
-+++ b/src/_cffi_src/openssl/crypto.py
-@@ -113,4 +113,8 @@ void *Cryptography_realloc_wrapper(void
- void Cryptography_free_wrapper(void *ptr, const char *path, int line) {
- free(ptr);
- }
-+
-+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
-+#define CRYPTO_get_locking_callback() 0
-+#endif
- """
---- a/src/_cffi_src/openssl/ecdh.py
-+++ b/src/_cffi_src/openssl/ecdh.py
-@@ -17,4 +17,7 @@ long SSL_CTX_set_ecdh_auto(SSL_CTX *, in
- """
-
- CUSTOMIZATIONS = """
-+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
-+#define SSL_CTX_set_ecdh_auto(a, b) ((b) != 0)
-+#endif
- """
---- a/src/_cffi_src/openssl/ssl.py
-+++ b/src/_cffi_src/openssl/ssl.py
-@@ -745,4 +745,9 @@ long (*SSL_get_max_proto_version)(SSL *)
- #else
- static const long Cryptography_HAS_GET_PROTO_VERSION = 1;
- #endif
-+
-+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
-+#define SSL_library_init() 1
-+#define SSL_load_error_strings() 0
-+#endif
- """
--- /dev/null
+Fixes https://rustsec.org/advisories/RUSTSEC-2023-0042.html
+
+--- a/src/rust/Cargo.toml
++++ b/src/rust/Cargo.toml
+@@ -15,7 +15,7 @@ cryptography-cffi = { path = "cryptograp
+ cryptography-x509 = { path = "cryptography-x509" }
+ cryptography-openssl = { path = "cryptography-openssl" }
+ pem = "1.1"
+-ouroboros = "0.15"
++ouroboros = "0.18"
+ openssl = "0.10.54"
+ openssl-sys = "0.9.88"
+ foreign-types-shared = "0.1"
--- /dev/null
+#!/bin/sh
+
+[ "$1" = python3-cryptography ] || exit 0
+
+python3 - << EOF
+import sys
+from cryptography.fernet import Fernet
+key = Fernet.generate_key()
+f = Fernet(key)
+token = f.encrypt(b"my deep dark secret")
+sys.exit(0 if f.decrypt(token) == b"my deep dark secret" else 1)
+EOF
projects / feed / packages.git / commitdiff