python3-cryptodomex: update to 3.23.0

Update package to 3.23.0.

pycryptodomex is the same codebase as pycryptodome under the Cryptodome
namespace. All changes are identical to python3-cryptodome 3.23.0:

3.19.0: Added ECDH support via Cryptodome.Protocol.DH; TupleHash128/256
update() can now hash multiple items at once.

3.19.1 (security): Patched side-channel leakage in OAEP decryption that
could enable a Manger attack.

3.20.0: Added TurboSHAKE128 and TurboSHAKE256; Cryptodome.Hash.new()
factory; AES-GCM support for PBES2/PKCS#8 containers.

3.21.0: Added Curve25519/X25519 and Curve448/X448 support; dropped
Python 3.5 support.

3.22.0: Added HPKE (RFC 9180) support; dropped Python 3.6 support.

3.23.0: Added Key Wrap (KW/KWP, RFC 3394/5649) cipher modes; Windows
ARM wheels; fixed HashEdDSA/Ed448 sign/verify mutating XOF state.

Signed-off-by: Alexandru Ardelean <redacted>

diff --git a/lang/python/python-cryptodomex/Makefile b/lang/python/python-cryptodomex/Makefile
index 4fb5fe0fd268d26785fd1853bc14a12ae5415c88..89febb8d3a79086e99a86a8c3c7a524270809752 100644 (file)
--- a/lang/python/python-cryptodomex/Makefile
+++ b/lang/python/python-cryptodomex/Makefile
@@ -5,11 +5,11 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=python-cryptodomex
-PKG_VERSION:=3.18.0
+PKG_VERSION:=3.23.0
 PKG_RELEASE:=1
 
 PYPI_NAME:=pycryptodomex
-PKG_HASH:=3e3ecb5fe979e7c1bb0027e518340acf7ee60415d79295e5251d13c68dde576e
+PKG_HASH:=71909758f010c82bc99b0abf4ea12012c98962fbf0583c2164f8b84533c2e4da
 
 PKG_LICENSE:=Public-Domain BSD-2-Clause
 PKG_LICENSE_FILES:=LICENSE.rst

diff --git a/lang/python/python-cryptodomex/patches/001-fix-libgmp-loading.patch b/lang/python/python-cryptodomex/patches/001-fix-libgmp-loading.patch
index 305ef69645935d03ca5022fc08025903bb35bf52..3293d3419dc1c22c807556296fac926f5d4a1ce0 100644 (file)
--- a/lang/python/python-cryptodomex/patches/001-fix-libgmp-loading.patch
+++ b/lang/python/python-cryptodomex/patches/001-fix-libgmp-loading.patch
@@ -1,6 +1,6 @@
 --- a/lib/Cryptodome/Math/_IntegerGMP.py
 +++ b/lib/Cryptodome/Math/_IntegerGMP.py
-@@ -97,7 +97,7 @@ gmp_defs = """typedef unsigned long UNIX
+@@ -99,7 +99,7 @@ gmp_defs = """typedef unsigned long UNIX
  if sys.platform == "win32":
      raise ImportError("Not using GMP on Windows")
  

diff --git a/lang/python/python-cryptodomex/patches/002-omit-tests.patch b/lang/python/python-cryptodomex/patches/002-omit-tests.patch
index 43e2cc3d883dc18405e3c8c1b8834e368361ace7..856e066ee08bd203df1961eb0b87a7855daa9f44 100644 (file)
--- a/lang/python/python-cryptodomex/patches/002-omit-tests.patch
+++ b/lang/python/python-cryptodomex/patches/002-omit-tests.patch
@@ -1,6 +1,6 @@
 --- a/setup.py
 +++ b/setup.py
-@@ -276,6 +276,9 @@ package_data = {
+@@ -280,6 +280,9 @@ package_data = {
      "Crypto.Util" : [ "*.pyi" ],
  }
  

diff --git a/lang/python/python-cryptodomex/test.sh b/lang/python/python-cryptodomex/test.sh
new file mode 100755 (executable)
index 0000000..8b189ff
--- /dev/null
+++ b/lang/python/python-cryptodomex/test.sh
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+[ "$1" = python3-pycryptodomex ] || exit 0
+
+python3 - << 'EOF'
+from Cryptodome.Cipher import AES
+from Cryptodome.Random import get_random_bytes
+from Cryptodome.Hash import SHA256
+
+# AES-GCM encrypt/decrypt
+key = get_random_bytes(16)
+cipher = AES.new(key, AES.MODE_GCM)
+ciphertext, tag = cipher.encrypt_and_digest(b"hello, world!")
+
+cipher2 = AES.new(key, AES.MODE_GCM, nonce=cipher.nonce)
+plaintext = cipher2.decrypt_and_verify(ciphertext, tag)
+assert plaintext == b"hello, world!"
+
+# SHA256
+h = SHA256.new(b"test data")
+digest = h.hexdigest()
+assert len(digest) == 64
+EOF