update to py-cryptography-2.3
This commit is contained in:
sthen
parent
e3ce2d80b2
commit
6d6113fc88
@ -1,9 +1,8 @@
|
||||
# $OpenBSD: Makefile,v 1.28 2018/07/31 11:08:17 jasper Exp $
|
||||
# $OpenBSD: Makefile,v 1.29 2018/08/10 20:13:41 sthen Exp $
|
||||
|
||||
COMMENT= cryptographic recipes and primitives for Python
|
||||
|
||||
MODPY_EGG_VERSION= 2.2.2
|
||||
REVISION= 1
|
||||
MODPY_EGG_VERSION= 2.3
|
||||
DISTNAME= cryptography-${MODPY_EGG_VERSION}
|
||||
PKGNAME= ${MODPY_PY_PREFIX}${DISTNAME}
|
||||
CATEGORIES= security devel
|
||||
|
||||
@ -1,2 +1,2 @@
|
||||
SHA256 (cryptography-2.2.2.tar.gz) = n8KVv2kTCjQuehmjnXu+sVwLyqvHOC7DPvOyt9GNL2M=
|
||||
SIZE (cryptography-2.2.2.tar.gz) = 443822
|
||||
SHA256 (cryptography-2.3.tar.gz) = wTK6tF1L0P/x0/4pTZKwpuuEBOkzN7MSe97J8h3hF+Y=
|
||||
SIZE (cryptography-2.3.tar.gz) = 449464
|
||||
|
||||
@ -1,16 +0,0 @@
|
||||
$OpenBSD: patch-docs_hazmat_primitives_symmetric-encryption_rst,v 1.1 2018/07/31 11:08:18 jasper Exp $
|
||||
|
||||
Security fix for CVE-2018-10903
|
||||
https://github.com/pyca/cryptography/pull/4342
|
||||
|
||||
Index: docs/hazmat/primitives/symmetric-encryption.rst
|
||||
--- docs/hazmat/primitives/symmetric-encryption.rst.orig
|
||||
+++ docs/hazmat/primitives/symmetric-encryption.rst
|
||||
@@ -670,6 +670,7 @@ Interfaces
|
||||
:raises ValueError: This is raised when the data provided isn't
|
||||
a multiple of the algorithm's block size, if ``min_tag_length`` is
|
||||
less than 4, or if ``len(tag) < min_tag_length``.
|
||||
+ ``min_tag_length`` is an argument to the ``GCM`` constructor.
|
||||
:raises NotImplementedError: This is raised if the version of the
|
||||
OpenSSL backend used is 1.0.1 or earlier.
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
$OpenBSD: patch-src__cffi_src_build_openssl_py,v 1.3 2017/11/24 12:42:31 jca Exp $
|
||||
$OpenBSD: patch-src__cffi_src_build_openssl_py,v 1.4 2018/08/10 20:13:41 sthen Exp $
|
||||
|
||||
cc1: error: -Werror=sign-conversion: No option -Wsign-conversion
|
||||
|
||||
@ -8,7 +8,7 @@ Index: src/_cffi_src/build_openssl.py
|
||||
@@ -47,7 +47,7 @@ def _extra_compile_args(platform):
|
||||
revisit this.
|
||||
"""
|
||||
if platform != "win32":
|
||||
if platform not in ["win32", "hp-ux11"]:
|
||||
- return ["-Wconversion", "-Wno-error=sign-conversion"]
|
||||
+ return []
|
||||
else:
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
$OpenBSD: patch-src__cffi_src_openssl_x509_py,v 1.2 2018/04/23 13:06:47 sthen Exp $
|
||||
$OpenBSD: patch-src__cffi_src_openssl_x509_py,v 1.3 2018/08/10 20:13:41 sthen Exp $
|
||||
|
||||
Index: src/_cffi_src/openssl/x509.py
|
||||
--- src/_cffi_src/openssl/x509.py.orig
|
||||
+++ src/_cffi_src/openssl/x509.py
|
||||
@@ -256,8 +256,7 @@ int X509_get_signature_nid(const X509 *);
|
||||
@@ -258,8 +258,7 @@ int X509_get_signature_nid(const X509 *);
|
||||
|
||||
const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *);
|
||||
|
||||
@ -13,25 +13,3 @@ Index: src/_cffi_src/openssl/x509.py
|
||||
|
||||
long X509_get_version(X509 *);
|
||||
|
||||
@@ -340,7 +339,8 @@ void X509_REQ_get0_signature(const X509_REQ *, const A
|
||||
CUSTOMIZATIONS = """
|
||||
/* Added in 1.0.2 beta but we need it in all versions now due to the great
|
||||
opaquing. */
|
||||
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102
|
||||
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 && \
|
||||
+ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
|
||||
/* from x509/x_x509.c version 1.0.2 */
|
||||
void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
|
||||
const X509 *x)
|
||||
@@ -388,9 +388,11 @@ X509_REVOKED *Cryptography_X509_REVOKED_dup(X509_REVOK
|
||||
opaquing. */
|
||||
#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
|
||||
|
||||
+#if (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
|
||||
int X509_up_ref(X509 *x) {
|
||||
return CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
|
||||
}
|
||||
+#endif
|
||||
|
||||
const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x)
|
||||
{
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
$OpenBSD: patch-src__cffi_src_openssl_x509_vfy_py,v 1.7 2018/02/22 18:49:16 sthen Exp $
|
||||
$OpenBSD: patch-src__cffi_src_openssl_x509_vfy_py,v 1.8 2018/08/10 20:13:41 sthen Exp $
|
||||
|
||||
Index: src/_cffi_src/openssl/x509_vfy.py
|
||||
--- src/_cffi_src/openssl/x509_vfy.py.orig
|
||||
@ -40,11 +40,11 @@ Index: src/_cffi_src/openssl/x509_vfy.py
|
||||
-static const long X509_V_FLAG_SUITEB_192_LOS = 0;
|
||||
-static const long X509_V_FLAG_SUITEB_128_LOS = 0;
|
||||
-
|
||||
#if !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER
|
||||
int (*X509_VERIFY_PARAM_set1_host)(X509_VERIFY_PARAM *, const char *,
|
||||
size_t) = NULL;
|
||||
int (*X509_VERIFY_PARAM_set1_email)(X509_VERIFY_PARAM *, const char *,
|
||||
@@ -257,6 +248,19 @@ void (*X509_VERIFY_PARAM_set_hostflags)(X509_VERIFY_PA
|
||||
unsigned int) = NULL;
|
||||
@@ -259,6 +250,19 @@ void (*X509_VERIFY_PARAM_set_hostflags)(X509_VERIFY_PA
|
||||
#endif
|
||||
#endif
|
||||
|
||||
+static const long X509_V_ERR_SUITE_B_INVALID_VERSION = 0;
|
||||
|
||||
@ -1,20 +0,0 @@
|
||||
$OpenBSD: patch-src_cryptography_hazmat_backends_openssl_ciphers_py,v 1.1 2018/07/31 11:08:18 jasper Exp $
|
||||
|
||||
Security fix for CVE-2018-10903
|
||||
https://github.com/pyca/cryptography/pull/4342
|
||||
|
||||
Index: src/cryptography/hazmat/backends/openssl/ciphers.py
|
||||
--- src/cryptography/hazmat/backends/openssl/ciphers.py.orig
|
||||
+++ src/cryptography/hazmat/backends/openssl/ciphers.py
|
||||
@@ -202,6 +202,11 @@ class _CipherContext(object):
|
||||
"finalize_with_tag requires OpenSSL >= 1.0.2. To use this "
|
||||
"method please update OpenSSL"
|
||||
)
|
||||
+ if len(tag) < self._mode._min_tag_length:
|
||||
+ raise ValueError(
|
||||
+ "Authentication tag must be {0} bytes or longer.".format(
|
||||
+ self._mode._min_tag_length)
|
||||
+ )
|
||||
res = self._backend._lib.EVP_CIPHER_CTX_ctrl(
|
||||
self._ctx, self._backend._lib.EVP_CTRL_AEAD_SET_TAG,
|
||||
len(tag), tag
|
||||
@ -1,16 +0,0 @@
|
||||
$OpenBSD: patch-src_cryptography_hazmat_primitives_ciphers_modes_py,v 1.1 2018/07/31 11:08:18 jasper Exp $
|
||||
|
||||
Security fix for CVE-2018-10903
|
||||
https://github.com/pyca/cryptography/pull/4342
|
||||
|
||||
Index: src/cryptography/hazmat/primitives/ciphers/modes.py
|
||||
--- src/cryptography/hazmat/primitives/ciphers/modes.py.orig
|
||||
+++ src/cryptography/hazmat/primitives/ciphers/modes.py
|
||||
@@ -220,6 +220,7 @@ class GCM(object):
|
||||
min_tag_length)
|
||||
)
|
||||
self._tag = tag
|
||||
+ self._min_tag_length = min_tag_length
|
||||
|
||||
tag = utils.read_only_property("_tag")
|
||||
initialization_vector = utils.read_only_property("_initialization_vector")
|
||||
@ -1,28 +0,0 @@
|
||||
$OpenBSD: patch-tests_hazmat_primitives_test_aes_py,v 1.1 2018/07/31 11:08:18 jasper Exp $
|
||||
|
||||
Security fix for CVE-2018-10903
|
||||
https://github.com/pyca/cryptography/pull/4342
|
||||
|
||||
Index: tests/hazmat/primitives/test_aes.py
|
||||
--- tests/hazmat/primitives/test_aes.py.orig
|
||||
+++ tests/hazmat/primitives/test_aes.py
|
||||
@@ -439,3 +439,19 @@ class TestAESModeGCM(object):
|
||||
decryptor.finalize()
|
||||
else:
|
||||
decryptor.finalize_with_tag(tag)
|
||||
+
|
||||
+ @pytest.mark.supported(
|
||||
+ only_if=lambda backend: (
|
||||
+ not backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 or
|
||||
+ backend._lib.CRYPTOGRAPHY_IS_LIBRESSL
|
||||
+ ),
|
||||
+ skip_message="Not supported on OpenSSL 1.0.1",
|
||||
+ )
|
||||
+ def test_gcm_tag_decrypt_finalize_tag_length(self, backend):
|
||||
+ decryptor = base.Cipher(
|
||||
+ algorithms.AES(b"0" * 16),
|
||||
+ modes.GCM(b"0" * 12),
|
||||
+ backend=backend
|
||||
+ ).decryptor()
|
||||
+ with pytest.raises(ValueError):
|
||||
+ decryptor.finalize_with_tag(b"tagtooshort")
|
||||
@ -1,8 +1,8 @@
|
||||
# $OpenBSD: Makefile,v 1.18 2018/04/23 13:06:47 sthen Exp $
|
||||
# $OpenBSD: Makefile,v 1.19 2018/08/10 20:13:41 sthen Exp $
|
||||
|
||||
COMMENT= test vectors for py-cryptography
|
||||
|
||||
MODPY_EGG_VERSION= 2.2.2
|
||||
MODPY_EGG_VERSION= 2.3
|
||||
DISTNAME= cryptography_vectors-${MODPY_EGG_VERSION}
|
||||
PKGNAME= ${MODPY_PY_PREFIX}${DISTNAME}
|
||||
CATEGORIES= security
|
||||
|
||||
@ -1,2 +1,2 @@
|
||||
SHA256 (cryptography_vectors-2.2.2.tar.gz) = KLUshLrjpWTOUb+wdTy+NgIYvWSMZO+igIyIbBhQVog=
|
||||
SIZE (cryptography_vectors-2.2.2.tar.gz) = 27270814
|
||||
SHA256 (cryptography_vectors-2.3.tar.gz) = NWot7YSuN55VZRXuybaN10lXZRo4Rl0QYFu5+64oDxU=
|
||||
SIZE (cryptography_vectors-2.3.tar.gz) = 35303908
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
@comment $OpenBSD: PLIST,v 1.9 2018/04/23 13:06:47 sthen Exp $
|
||||
@comment $OpenBSD: PLIST,v 1.10 2018/08/10 20:13:41 sthen Exp $
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors-${MODPY_EGG_VERSION}-py${MODPY_VERSION}.egg-info/
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors-${MODPY_EGG_VERSION}-py${MODPY_VERSION}.egg-info/PKG-INFO
|
||||
@ -516,6 +516,36 @@ lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/hashes/SHA2/SHA512
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/hashes/SHA2/SHA512Monte.rsp
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/hashes/SHA2/SHA512Monte.txt
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/hashes/SHA2/SHA512ShortMsg.rsp
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/hashes/SHA2/SHA512_224LongMsg.rsp
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/hashes/SHA2/SHA512_224Monte.rsp
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/hashes/SHA2/SHA512_224Monte.txt
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/hashes/SHA2/SHA512_224ShortMsg.rsp
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/hashes/SHA2/SHA512_256LongMsg.rsp
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/hashes/SHA2/SHA512_256Monte.rsp
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/hashes/SHA2/SHA512_256Monte.txt
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/hashes/SHA2/SHA512_256ShortMsg.rsp
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/hashes/SHA3/
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/hashes/SHA3/SHA3_224LongMsg.rsp
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/hashes/SHA3/SHA3_224Monte.rsp
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/hashes/SHA3/SHA3_224ShortMsg.rsp
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/hashes/SHA3/SHA3_256LongMsg.rsp
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/hashes/SHA3/SHA3_256Monte.rsp
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/hashes/SHA3/SHA3_256ShortMsg.rsp
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/hashes/SHA3/SHA3_384LongMsg.rsp
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/hashes/SHA3/SHA3_384Monte.rsp
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/hashes/SHA3/SHA3_384ShortMsg.rsp
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/hashes/SHA3/SHA3_512LongMsg.rsp
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/hashes/SHA3/SHA3_512Monte.rsp
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/hashes/SHA3/SHA3_512ShortMsg.rsp
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/hashes/SHAKE/
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/hashes/SHAKE/SHAKE128LongMsg.rsp
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/hashes/SHAKE/SHAKE128Monte.rsp
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/hashes/SHAKE/SHAKE128ShortMsg.rsp
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/hashes/SHAKE/SHAKE128VariableOut.rsp
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/hashes/SHAKE/SHAKE256LongMsg.rsp
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/hashes/SHAKE/SHAKE256Monte.rsp
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/hashes/SHAKE/SHAKE256ShortMsg.rsp
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/hashes/SHAKE/SHAKE256VariableOut.rsp
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/hashes/blake2/
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/hashes/blake2/blake2b.txt
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/hashes/blake2/blake2s.txt
|
||||
@ -2122,6 +2152,7 @@ lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/x509/PKITS_data/sm
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/x509/PKITS_data/smime/SignedValidpre2000UTCnotBeforeDateTest3.eml
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/x509/PKITS_data/smime/SignedinhibitAnyPolicyTest3.eml
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/x509/alternate-rsa-sha1-oid.pem
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/x509/badasn1time.pem
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/x509/badssl-sct.pem
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/x509/bigoid.pem
|
||||
lib/python${MODPY_VERSION}/site-packages/cryptography_vectors/x509/cryptography.io.pem
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user