diff --git a/lang/python/python-cryptography/Makefile b/lang/python/python-cryptography/Makefile index aefc728e5e..ebbbf88c91 100644 --- a/lang/python/python-cryptography/Makefile +++ b/lang/python/python-cryptography/Makefile @@ -8,11 +8,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-cryptography -PKG_VERSION:=3.2.1 +PKG_VERSION:=3.3.1 PKG_RELEASE:=1 PYPI_NAME:=cryptography -PKG_HASH:=d3d5e10be0cf2a12214ddee45c6bd203dab435e3d83b4560c03066eda600bfe3 +PKG_HASH:=7e177e4bea2de937a584b13645cab32f25e3d96fc0bc4a4cf99c27dc77682be6 PKG_LICENSE:=Apache-2.0 BSD-3-Clause PKG_LICENSE_FILES:=LICENSE.APACHE LICENSE.BSD diff --git a/lang/python/python-cryptography/patches/010-Add-new-ASN1_STRING_get0_data-API.patch b/lang/python/python-cryptography/patches/0001-Add-new-ASN1_STRING_get0_data-API.patch similarity index 61% rename from lang/python/python-cryptography/patches/010-Add-new-ASN1_STRING_get0_data-API.patch rename to lang/python/python-cryptography/patches/0001-Add-new-ASN1_STRING_get0_data-API.patch index 3857a787a0..6b206b4ce1 100644 --- a/lang/python/python-cryptography/patches/010-Add-new-ASN1_STRING_get0_data-API.patch +++ b/lang/python/python-cryptography/patches/0001-Add-new-ASN1_STRING_get0_data-API.patch @@ -1,12 +1,12 @@ -From 1d97b931bf4701fbd3478d2b788ec4310d9eb8e1 Mon Sep 17 00:00:00 2001 +From 7eefc9c72f522e414f953fee2d6ca9242c566107 Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Fri, 7 Jun 2019 18:18:46 -0700 -Subject: [PATCH] Add new ASN1_STRING_get0_data API +Subject: [PATCH 1/7] Add new ASN1_STRING_get0_data API Introduced with OpenSSL 1.1 --- - src/_cffi_src/openssl/asn1.py | 8 ++++++++ - 1 file changed, 8 insertions(+) + src/_cffi_src/openssl/asn1.py | 4 ++++ + 1 file changed, 4 insertions(+) --- a/src/_cffi_src/openssl/asn1.py +++ b/src/_cffi_src/openssl/asn1.py @@ -18,14 +18,10 @@ Introduced with OpenSSL 1.1 int ASN1_STRING_set(ASN1_STRING *, const void *, int); /* ASN1 OCTET STRING */ -@@ -105,4 +106,11 @@ ASN1_NULL *ASN1_NULL_new(void); +@@ -105,4 +106,7 @@ ASN1_NULL *ASN1_NULL_new(void); """ CUSTOMIZATIONS = """ -+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER -+#define ASN1_STRING_get0_data ASN1_STRING_data -+#endif -+ +#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL +#define ASN1_STRING_data ASN1_STRING_get0_data +#endif diff --git a/lang/python/python-cryptography/patches/020-Add-compatibility-for-X509_STORE_set_get_issuer.patch b/lang/python/python-cryptography/patches/0002-Add-compatibility-for-X509_STORE_set_get_issuer.patch similarity index 74% rename from lang/python/python-cryptography/patches/020-Add-compatibility-for-X509_STORE_set_get_issuer.patch rename to lang/python/python-cryptography/patches/0002-Add-compatibility-for-X509_STORE_set_get_issuer.patch index 8f5cb784e9..dc31500b6c 100644 --- a/lang/python/python-cryptography/patches/020-Add-compatibility-for-X509_STORE_set_get_issuer.patch +++ b/lang/python/python-cryptography/patches/0002-Add-compatibility-for-X509_STORE_set_get_issuer.patch @@ -1,13 +1,13 @@ -From a30684980e8f1f7472d885487880b405608f4122 Mon Sep 17 00:00:00 2001 +From 77b25307a743eb52ef5ead24c956e577f5bd025f Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Fri, 7 Jun 2019 20:42:04 -0700 -Subject: [PATCH] Add compatibility for X509_STORE_set_get_issuer +Subject: [PATCH 2/7] Add compatibility for X509_STORE_set_get_issuer Deprecated under OpenSSL 1.1. --- src/_cffi_src/openssl/x509_vfy.py | 8 ++++++++ - src/cryptography/hazmat/bindings/openssl/_conditional.py | 9 +++++++++ - 2 files changed, 17 insertions(+) + src/cryptography/hazmat/bindings/openssl/_conditional.py | 8 ++++++++ + 2 files changed, 16 insertions(+) --- a/src/_cffi_src/openssl/x509_vfy.py +++ b/src/_cffi_src/openssl/x509_vfy.py @@ -19,7 +19,7 @@ Deprecated under OpenSSL 1.1. typedef ... Cryptography_STACK_OF_ASN1_OBJECT; typedef ... Cryptography_STACK_OF_X509_OBJECT; -@@ -274,4 +275,11 @@ void (*X509_STORE_set_get_issuer)(X509_S +@@ -252,4 +253,11 @@ void (*X509_STORE_set_get_issuer)(X509_S #else static const long Cryptography_HAS_X509_STORE_CTX_GET_ISSUER = 1; #endif @@ -33,23 +33,22 @@ Deprecated under OpenSSL 1.1. """ --- a/src/cryptography/hazmat/bindings/openssl/_conditional.py +++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py -@@ -291,6 +291,12 @@ def cryptography_has_srtp(): +@@ -270,6 +270,11 @@ def cryptography_has_get_proto_version() + "SSL_get_max_proto_version", ] - +def cryptography_has_x509_cb_issuer_check(): + return [ + "X509_V_FLAG_CB_ISSUER_CHECK", + ] + -+ + # This is a mapping of # {condition: function-returning-names-dependent-on-that-condition} so we can - # loop over them and delete unsupported names at runtime. It will be removed -@@ -342,4 +348,7 @@ CONDITIONAL_NAMES = { - "Cryptography_HAS_ENGINE": cryptography_has_engine, +@@ -319,4 +324,7 @@ CONDITIONAL_NAMES = { "Cryptography_HAS_VERIFIED_CHAIN": cryptography_has_verified_chain, "Cryptography_HAS_SRTP": cryptography_has_srtp, + "Cryptography_HAS_GET_PROTO_VERSION": cryptography_has_get_proto_version, + "Cryptography_HAS_X509_CB_ISSUER_CHECK": ( + cryptography_has_x509_cb_issuer_check + ), diff --git a/lang/python/python-cryptography/patches/030-Add-compatibility-for-deprecated-TLS-methods.patch b/lang/python/python-cryptography/patches/0003-Add-compatibility-for-deprecated-TLS-methods.patch similarity index 87% rename from lang/python/python-cryptography/patches/030-Add-compatibility-for-deprecated-TLS-methods.patch rename to lang/python/python-cryptography/patches/0003-Add-compatibility-for-deprecated-TLS-methods.patch index 2050e464c5..ddad984d0b 100644 --- a/lang/python/python-cryptography/patches/030-Add-compatibility-for-deprecated-TLS-methods.patch +++ b/lang/python/python-cryptography/patches/0003-Add-compatibility-for-deprecated-TLS-methods.patch @@ -1,7 +1,7 @@ -From 3f3b85a59d3c2cb021174ad92ad3a43d9eb73e62 Mon Sep 17 00:00:00 2001 +From 7a55c37e01114dfd1ae733b099fdee1ba1889449 Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Fri, 7 Jun 2019 21:00:46 -0700 -Subject: [PATCH] Add compatibility for deprecated TLS methods +Subject: [PATCH 3/7] Add compatibility for deprecated TLS methods --- src/_cffi_src/openssl/ssl.py | 45 +++++++++++++++++-- @@ -10,9 +10,9 @@ Subject: [PATCH] Add compatibility for deprecated TLS methods --- a/src/_cffi_src/openssl/ssl.py +++ b/src/_cffi_src/openssl/ssl.py -@@ -15,8 +15,9 @@ static const long Cryptography_HAS_SSL_S +@@ -14,12 +14,14 @@ TYPES = """ + static const long Cryptography_HAS_SSL_ST; static const long Cryptography_HAS_TLS_ST; - static const long Cryptography_HAS_SSL2; static const long Cryptography_HAS_SSL3_METHOD; -static const long Cryptography_HAS_TLSv1_1; -static const long Cryptography_HAS_TLSv1_2; @@ -21,17 +21,14 @@ Subject: [PATCH] Add compatibility for deprecated TLS methods +static const long Cryptography_HAS_TLS1_2_METHOD; static const long Cryptography_HAS_TLSv1_3; static const long Cryptography_HAS_SECURE_RENEGOTIATION; - static const long Cryptography_HAS_TLSEXT_STATUS_REQ_CB; -@@ -24,6 +25,7 @@ static const long Cryptography_HAS_STATU - static const long Cryptography_HAS_TLSEXT_STATUS_REQ_TYPE; static const long Cryptography_HAS_SSL_CTX_CLEAR_OPTIONS; static const long Cryptography_HAS_DTLS; +static const long Cryptography_HAS_DTLS1_METHOD; static const long Cryptography_HAS_SIGALGS; static const long Cryptography_HAS_PSK; - static const long Cryptography_HAS_CIPHER_DETAILS; -@@ -596,8 +598,43 @@ static const long Cryptography_HAS_STATU - static const long Cryptography_HAS_TLSEXT_STATUS_REQ_TYPE = 1; + static const long Cryptography_HAS_VERIFIED_CHAIN; +@@ -543,8 +545,43 @@ static const long Cryptography_HAS_SSL3_ + static const long Cryptography_HAS_RELEASE_BUFFERS = 1; static const long Cryptography_HAS_OP_NO_COMPRESSION = 1; -static const long Cryptography_HAS_TLSv1_1 = 1; @@ -117,7 +114,7 @@ Subject: [PATCH] Add compatibility for deprecated TLS methods def cryptography_has_102_verification(): return [ "X509_V_ERR_SUITE_B_INVALID_VERSION", -@@ -307,6 +339,10 @@ CONDITIONAL_NAMES = { +@@ -286,6 +318,10 @@ CONDITIONAL_NAMES = { "Cryptography_HAS_RSA_OAEP_MD": cryptography_has_rsa_oaep_md, "Cryptography_HAS_RSA_OAEP_LABEL": cryptography_has_rsa_oaep_label, "Cryptography_HAS_SSL3_METHOD": cryptography_has_ssl3_method, diff --git a/lang/python/python-cryptography/patches/040-Replace-EVP_CIPHER_CTX_cleanup-with-EVP_CIPHER_CTX_r.patch b/lang/python/python-cryptography/patches/0004-Replace-EVP_CIPHER_CTX_cleanup-with-EVP_CIPHER_CTX_r.patch similarity index 72% rename from lang/python/python-cryptography/patches/040-Replace-EVP_CIPHER_CTX_cleanup-with-EVP_CIPHER_CTX_r.patch rename to lang/python/python-cryptography/patches/0004-Replace-EVP_CIPHER_CTX_cleanup-with-EVP_CIPHER_CTX_r.patch index 8193644135..79b84dc5bb 100644 --- a/lang/python/python-cryptography/patches/040-Replace-EVP_CIPHER_CTX_cleanup-with-EVP_CIPHER_CTX_r.patch +++ b/lang/python/python-cryptography/patches/0004-Replace-EVP_CIPHER_CTX_cleanup-with-EVP_CIPHER_CTX_r.patch @@ -1,13 +1,13 @@ -From 50c1e937342c8b13c8a80c3bb55ce245aecdcdfe Mon Sep 17 00:00:00 2001 +From 008e299aaf32af0b93eede649c6942af93b1c11e Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Sat, 15 Jun 2019 17:49:25 -0700 -Subject: [PATCH] Replace EVP_CIPHER_CTX_cleanup with EVP_CIPHER_CTX_reset +Subject: [PATCH 4/7] Replace EVP_CIPHER_CTX_cleanup with EVP_CIPHER_CTX_reset Deprecated in OpenSSL 1.1 --- - src/_cffi_src/openssl/evp.py | 10 ++++++++++ - src/cryptography/hazmat/backends/openssl/ciphers.py | 2 +- - 2 files changed, 11 insertions(+), 1 deletion(-) + src/_cffi_src/openssl/evp.py | 6 ++++++ + src/cryptography/hazmat/backends/openssl/ciphers.py | 2 +- + 2 files changed, 7 insertions(+), 1 deletion(-) --- a/src/_cffi_src/openssl/evp.py +++ b/src/_cffi_src/openssl/evp.py @@ -19,15 +19,11 @@ Deprecated in OpenSSL 1.1 EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *); int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *, int); -@@ -273,4 +274,13 @@ static const long Cryptography_HAS_EVP_D +@@ -269,4 +270,9 @@ static const long Cryptography_HAS_EVP_D #ifndef EVP_PKEY_POLY1305 #define EVP_PKEY_POLY1305 NID_poly1305 #endif + -+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER -+#define EVP_CIPHER_CTX_reset EVP_CIPHER_CTX_cleanup -+#endif -+ +#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL +#define EVP_CIPHER_CTX_cleanup EVP_CIPHER_CTX_reset +#define OpenSSL_add_all_algorithms() do {} while(0) diff --git a/lang/python/python-cryptography/patches/050-Switch-get_-Update-APIs-to-get0.patch b/lang/python/python-cryptography/patches/0005-Switch-get_-Update-APIs-to-get0.patch similarity index 83% rename from lang/python/python-cryptography/patches/050-Switch-get_-Update-APIs-to-get0.patch rename to lang/python/python-cryptography/patches/0005-Switch-get_-Update-APIs-to-get0.patch index b73e3b653c..dd461959fb 100644 --- a/lang/python/python-cryptography/patches/050-Switch-get_-Update-APIs-to-get0.patch +++ b/lang/python/python-cryptography/patches/0005-Switch-get_-Update-APIs-to-get0.patch @@ -1,14 +1,14 @@ -From 645c30f76bce250772ce4e0b878e7228bd104277 Mon Sep 17 00:00:00 2001 +From 339e0ab364ca931435c0ad134dc6047eb6974540 Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Sat, 15 Jun 2019 18:47:46 -0700 -Subject: [PATCH] Switch get_*Update APIs to get0 +Subject: [PATCH 5/7] Switch get_*Update APIs to get0 Deprecated in 1.1 --- - src/_cffi_src/openssl/x509.py | 34 ++++++++++++++++--- + src/_cffi_src/openssl/x509.py | 27 ++++++++++++++++--- .../hazmat/backends/openssl/backend.py | 4 +-- - .../hazmat/backends/openssl/x509.py | 8 ++--- - 3 files changed, 36 insertions(+), 10 deletions(-) + .../hazmat/backends/openssl/x509.py | 8 +++--- + 3 files changed, 29 insertions(+), 10 deletions(-) --- a/src/_cffi_src/openssl/x509.py +++ b/src/_cffi_src/openssl/x509.py @@ -48,25 +48,16 @@ Deprecated in 1.1 EC_KEY *d2i_EC_PUBKEY_bio(BIO *, EC_KEY **); int i2d_EC_PUBKEY_bio(BIO *, EC_KEY *); -@@ -339,6 +346,25 @@ const ASN1_INTEGER *X509_REVOKED_get0_se - #define X509_set1_notAfter X509_set_notAfter - #define X509_getm_notAfter X509_get_notAfter - #define X509_getm_notBefore X509_get_notBefore -+#define X509_get0_notAfter X509_get_notAfter -+#define X509_get0_notBefore X509_get_notBefore -+ -+#define X509_CRL_set1_lastUpdate X509_CRL_set_lastUpdate -+#define X509_CRL_set1_nextUpdate X509_CRL_set_nextUpdate -+#define X509_CRL_get0_lastUpdate X509_CRL_get_lastUpdate -+#define X509_CRL_get0_nextUpdate X509_CRL_get_nextUpdate - #endif +@@ -299,4 +306,16 @@ int i2d_re_X509_CRL_tbs(X509_CRL *crl, u + return i2d_X509_CRL_INFO(crl->crl, pp); + } #endif + +#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL ++#define X509_get_notBefore X509_get0_notBefore ++#define X509_get_notAfter X509_get0_notAfter +#define X509_set_notBefore X509_set1_notBefore +#define X509_set_notAfter X509_set1_notAfter -+#define X509_get_notAfter X509_get0_notAfter -+#define X509_get_notBefore X509_get0_notBefore + +#define X509_CRL_get_lastUpdate X509_CRL_get0_lastUpdate +#define X509_CRL_get_nextUpdate X509_CRL_get0_nextUpdate @@ -76,7 +67,7 @@ Deprecated in 1.1 """ --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py -@@ -1127,12 +1127,12 @@ class Backend(object): +@@ -1128,12 +1128,12 @@ class Backend(object): # Set the last update time. last_update = self._create_asn1_time(builder._last_update) diff --git a/lang/python/python-cryptography/patches/060-Add-X509_STORE_CTX_trusted_stack-compatibility-macro.patch b/lang/python/python-cryptography/patches/0006-Add-X509_STORE_CTX_trusted_stack-compatibility-macro.patch similarity index 74% rename from lang/python/python-cryptography/patches/060-Add-X509_STORE_CTX_trusted_stack-compatibility-macro.patch rename to lang/python/python-cryptography/patches/0006-Add-X509_STORE_CTX_trusted_stack-compatibility-macro.patch index 048d474494..2513fe6b7d 100644 --- a/lang/python/python-cryptography/patches/060-Add-X509_STORE_CTX_trusted_stack-compatibility-macro.patch +++ b/lang/python/python-cryptography/patches/0006-Add-X509_STORE_CTX_trusted_stack-compatibility-macro.patch @@ -1,14 +1,14 @@ -From 07fb50eecc3a3a50ac543f53f98c285eb1ceeb1e Mon Sep 17 00:00:00 2001 +From 98bf3eda9c950158cf6a0a6a698dd365712201b1 Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Mon, 25 Nov 2019 12:06:16 -0800 -Subject: [PATCH] Add X509_STORE_CTX_trusted_stack compatibility macro +Subject: [PATCH 6/7] Add X509_STORE_CTX_trusted_stack compatibility macro Deprecated in 1.1 Signed-off-by: Rosen Penev --- - src/_cffi_src/openssl/x509_vfy.py | 17 ++++++++++++++++- - 1 file changed, 16 insertions(+), 1 deletion(-) + src/_cffi_src/openssl/x509_vfy.py | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) --- a/src/_cffi_src/openssl/x509_vfy.py +++ b/src/_cffi_src/openssl/x509_vfy.py @@ -26,16 +26,11 @@ Signed-off-by: Rosen Penev X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *); void X509_STORE_CTX_set0_param(X509_STORE_CTX *, X509_VERIFY_PARAM *); int X509_STORE_CTX_set_default(X509_STORE_CTX *, const char *); -@@ -282,4 +286,15 @@ static const long Cryptography_HAS_X509_ +@@ -260,4 +264,10 @@ static const long Cryptography_HAS_X509_ #else static const long Cryptography_HAS_X509_CB_ISSUER_CHECK = 1; #endif + -+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_IS_LIBRESSL -+#define X509_STORE_CTX_set0_trusted_stack X509_STORE_CTX_trusted_stack -+#define X509_STORE_CTX_set0_untrusted X509_STORE_CTX_set_chain -+#endif -+ +#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL +#define X509_STORE_CTX_trusted_stack X509_STORE_CTX_set0_trusted_stack +#define X509_STORE_CTX_set_chain X509_STORE_CTX_set0_untrusted diff --git a/lang/python/python-cryptography/patches/070-Add-defines-for-totally-deprecated-functions.patch b/lang/python/python-cryptography/patches/0007-Add-defines-for-totally-deprecated-functions.patch similarity index 60% rename from lang/python/python-cryptography/patches/070-Add-defines-for-totally-deprecated-functions.patch rename to lang/python/python-cryptography/patches/0007-Add-defines-for-totally-deprecated-functions.patch index 29bea068c1..b2d4cb9697 100644 --- a/lang/python/python-cryptography/patches/070-Add-defines-for-totally-deprecated-functions.patch +++ b/lang/python/python-cryptography/patches/0007-Add-defines-for-totally-deprecated-functions.patch @@ -1,13 +1,14 @@ -From 93317e7835acf40a9b8b0f7af417240b57ab690a Mon Sep 17 00:00:00 2001 +From e96af1cee523c5551c7fc5f36eba8e271fa51b20 Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Thu, 5 Dec 2019 12:52:13 -0800 -Subject: [PATCH] Add defines for totally deprecated functions +Subject: [PATCH 7/7] Add defines for totally deprecated functions --- src/_cffi_src/openssl/conf.py | 4 ++++ src/_cffi_src/openssl/crypto.py | 4 ++++ + src/_cffi_src/openssl/ecdh.py | 3 +++ src/_cffi_src/openssl/ssl.py | 5 +++++ - 3 files changed, 13 insertions(+) + 4 files changed, 16 insertions(+) --- a/src/_cffi_src/openssl/conf.py +++ b/src/_cffi_src/openssl/conf.py @@ -22,20 +23,30 @@ Subject: [PATCH] Add defines for totally deprecated functions """ --- a/src/_cffi_src/openssl/crypto.py +++ b/src/_cffi_src/openssl/crypto.py -@@ -124,4 +124,8 @@ void *Cryptography_realloc_wrapper(void +@@ -114,4 +114,8 @@ void *Cryptography_realloc_wrapper(void void Cryptography_free_wrapper(void *ptr, const char *path, int line) { free(ptr); } + +#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL +#define CRYPTO_get_locking_callback() 0 ++#endif + """ +--- a/src/_cffi_src/openssl/ecdh.py ++++ b/src/_cffi_src/openssl/ecdh.py +@@ -18,4 +18,7 @@ long SSL_CTX_set_ecdh_auto(SSL_CTX *, in + """ + + CUSTOMIZATIONS = """ ++#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL ++#define SSL_CTX_set_ecdh_auto(a, b) ((b) != 0) +#endif """ --- a/src/_cffi_src/openssl/ssl.py +++ b/src/_cffi_src/openssl/ssl.py -@@ -792,4 +792,9 @@ int (*SSL_CTX_set_max_early_data)(SSL_CT +@@ -739,4 +739,9 @@ long (*SSL_get_max_proto_version)(SSL *) #else - static const long Cryptography_HAS_TLSv1_3 = 1; + static const long Cryptography_HAS_GET_PROTO_VERSION = 1; #endif + +#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL