python3-cryptodome: update to 3.23.0

Update package to 3.23.0.

Changes since 3.18.0:

3.19.0: Added ECDH support via Crypto.Protocol.DH; TupleHash128/256
update() can now hash multiple items at once; fixed cffi bug on Windows
with Python 3.12+.

3.19.1 (security): Patched side-channel leakage in OAEP decryption that
could enable a Manger attack.

3.20.0: Added TurboSHAKE128 and TurboSHAKE256; added Crypto.Hash.new()
factory; AES-GCM support for PBES2/PKCS#8 containers; SHA-2/SHA-3 support
in PBKDF2 for key containers.

3.21.0: Added Curve25519/X25519 and Curve448/X448 support; added
PYCRYPTODOME_DISABLE_GMP env var; RSA keys for PSS can now be imported;
fixed Ed25519 point negation; dropped Python 3.5 support.

3.22.0: Added HPKE (RFC 9180) support; CCM cipher now enforces
nonce-length data limits; fixed RC4 infinite loop for data >4GB; fixed
invalid PEM file handling; dropped Python 3.6 support.

3.23.0: Added Key Wrap (KW/KWP, RFC 3394/5649/NIST SP 800-38F) cipher
modes; Windows ARM wheels; fixed HashEdDSA/Ed448 sign/verify mutating
XOF state.

Refresh 001-fix-libgmp-loading.patch and 002-omit-tests.patch for the
updated source (hunk offsets shifted by 2-4 lines due to new functions).

Signed-off-by: Alexandru Ardelean <redacted>

diff --git a/lang/python/python-cryptodome/Makefile b/lang/python/python-cryptodome/Makefile
index 3ce76c2eb6d50e439149f89ce4162f359ad5150f..fc674cd326f6c4c4e471aa7c0cab73d37c983080 100644 (file)
--- a/lang/python/python-cryptodome/Makefile
+++ b/lang/python/python-cryptodome/Makefile
@@ -5,11 +5,11 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=python-cryptodome
-PKG_VERSION:=3.18.0
+PKG_VERSION:=3.23.0
 PKG_RELEASE:=1
 
 PYPI_NAME:=pycryptodome
-PKG_HASH:=c9adee653fc882d98956e33ca2c1fb582e23a8af7ac82fee75bd6113c55a0413
+PKG_HASH:=447700a657182d60338bab09fdb27518f8856aecd80ae4c6bdddb67ff5da44ef
 
 PKG_LICENSE:=Public-Domain BSD-2-Clause
 PKG_LICENSE_FILES:=LICENSE.rst

diff --git a/lang/python/python-cryptodome/patches/001-fix-libgmp-loading.patch b/lang/python/python-cryptodome/patches/001-fix-libgmp-loading.patch
index a0d9674b3b04660606f46669857271389d6f8227..cfeeac920634fb581b4d590ebcae59087da98ac8 100644 (file)
--- a/lang/python/python-cryptodome/patches/001-fix-libgmp-loading.patch
+++ b/lang/python/python-cryptodome/patches/001-fix-libgmp-loading.patch
@@ -1,6 +1,6 @@
 --- a/lib/Crypto/Math/_IntegerGMP.py
 +++ b/lib/Crypto/Math/_IntegerGMP.py
-@@ -97,7 +97,7 @@ gmp_defs = """typedef unsigned long UNIX
+@@ -99,7 +99,7 @@ gmp_defs = """typedef unsigned long UNIX
  if sys.platform == "win32":
      raise ImportError("Not using GMP on Windows")
  

diff --git a/lang/python/python-cryptodome/patches/002-omit-tests.patch b/lang/python/python-cryptodome/patches/002-omit-tests.patch
index 43e2cc3d883dc18405e3c8c1b8834e368361ace7..856e066ee08bd203df1961eb0b87a7855daa9f44 100644 (file)
--- a/lang/python/python-cryptodome/patches/002-omit-tests.patch
+++ b/lang/python/python-cryptodome/patches/002-omit-tests.patch
@@ -1,6 +1,6 @@
 --- a/setup.py
 +++ b/setup.py
-@@ -276,6 +276,9 @@ package_data = {
+@@ -280,6 +280,9 @@ package_data = {
      "Crypto.Util" : [ "*.pyi" ],
  }
  

diff --git a/lang/python/python-cryptodome/test.sh b/lang/python/python-cryptodome/test.sh
new file mode 100755 (executable)
index 0000000..bfa5cb6
--- /dev/null
+++ b/lang/python/python-cryptodome/test.sh
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+[ "$1" = python3-pycryptodome ] || exit 0
+
+python3 - << 'EOF'
+from Crypto.Cipher import AES
+from Crypto.Random import get_random_bytes
+from Crypto.Hash import SHA256
+
+# AES-GCM encrypt/decrypt
+key = get_random_bytes(16)
+cipher = AES.new(key, AES.MODE_GCM)
+ciphertext, tag = cipher.encrypt_and_digest(b"hello, world!")
+
+cipher2 = AES.new(key, AES.MODE_GCM, nonce=cipher.nonce)
+plaintext = cipher2.decrypt_and_verify(ciphertext, tag)
+assert plaintext == b"hello, world!"
+
+# SHA256
+h = SHA256.new(b"test data")
+digest = h.hexdigest()
+assert len(digest) == 64
+EOF