From aababb350678da8e2496c44e1363990ca48be2e5 Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Tue, 27 Jun 2017 21:13:32 +0200 Subject: [PATCH] Update to 1.9 --- .gitignore | 1 + add_memory_limit.patch | 105 --------------------------------------- python-cryptography.spec | 39 +++++++-------- sources | 2 +- 4 files changed, 21 insertions(+), 126 deletions(-) delete mode 100644 add_memory_limit.patch diff --git a/.gitignore b/.gitignore index 9f30e1c..1eecced 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ /cryptography-1.5.3.tar.gz /cryptography-1.7.1.tar.gz /cryptography-1.7.2.tar.gz +/cryptography-1.9.tar.gz diff --git a/add_memory_limit.patch b/add_memory_limit.patch deleted file mode 100644 index 4948ff4..0000000 --- a/add_memory_limit.patch +++ /dev/null @@ -1,105 +0,0 @@ ---- a/src/cryptography/hazmat/backends/openssl/backend.py -+++ b/src/cryptography/hazmat/backends/openssl/backend.py -@@ -9,7 +9,6 @@ import calendar - import collections - import contextlib - import itertools --import sys - from contextlib import contextmanager - - import six -@@ -61,6 +60,7 @@ from cryptography.hazmat.primitives.ciph - from cryptography.hazmat.primitives.ciphers.modes import ( - CBC, CFB, CFB8, CTR, ECB, GCM, OFB - ) -+from cryptography.hazmat.primitives.kdf import scrypt - - - _MemoryBIO = collections.namedtuple("_MemoryBIO", ["bio", "char_ptr"]) -@@ -1894,9 +1894,10 @@ class Backend(object): - - def derive_scrypt(self, key_material, salt, length, n, r, p): - buf = self._ffi.new("unsigned char[]", length) -- res = self._lib.EVP_PBE_scrypt(key_material, len(key_material), salt, -- len(salt), n, r, p, sys.maxsize // 2, -- buf, length) -+ res = self._lib.EVP_PBE_scrypt( -+ key_material, len(key_material), salt, len(salt), n, r, p, -+ scrypt._MEM_LIMIT, buf, length -+ ) - self.openssl_assert(res == 1) - return self._ffi.buffer(buf)[:] - ---- a/src/cryptography/hazmat/primitives/kdf/scrypt.py -+++ b/src/cryptography/hazmat/primitives/kdf/scrypt.py -@@ -4,6 +4,8 @@ - - from __future__ import absolute_import, division, print_function - -+import sys -+ - from cryptography import utils - from cryptography.exceptions import ( - AlreadyFinalized, InvalidKey, UnsupportedAlgorithm, _Reasons -@@ -13,6 +15,11 @@ from cryptography.hazmat.primitives impo - from cryptography.hazmat.primitives.kdf import KeyDerivationFunction - - -+# This is used by the scrypt tests to skip tests that require more memory -+# than the MEM_LIMIT -+_MEM_LIMIT = sys.maxsize // 2 -+ -+ - @utils.register_interface(KeyDerivationFunction) - class Scrypt(object): - def __init__(self, salt, length, n, r, p, backend): ---- a/tests/hazmat/primitives/test_scrypt.py -+++ b/tests/hazmat/primitives/test_scrypt.py -@@ -14,7 +14,7 @@ from cryptography.exceptions import ( - AlreadyFinalized, InvalidKey, UnsupportedAlgorithm - ) - from cryptography.hazmat.backends.interfaces import ScryptBackend --from cryptography.hazmat.primitives.kdf.scrypt import Scrypt -+from cryptography.hazmat.primitives.kdf.scrypt import Scrypt, _MEM_LIMIT - - from tests.utils import load_nist_vectors, load_vectors_from_file - -@@ -22,10 +22,30 @@ vectors = load_vectors_from_file( - os.path.join("KDF", "scrypt.txt"), load_nist_vectors) - - -+def _skip_if_memory_limited(memory_limit, params): -+ # Memory calc adapted from OpenSSL (URL split over 2 lines, thanks PEP8) -+ # https://github.com/openssl/openssl/blob/6286757141a8c6e14d647ec733634a -+ # e0c83d9887/crypto/evp/scrypt.c#L189-L221 -+ blen = int(params["p"]) * 128 * int(params["r"]) -+ vlen = 32 * int(params["r"]) * (int(params["n"]) + 2) * 4 -+ memory_required = blen + vlen -+ if memory_limit < memory_required: -+ pytest.skip("Test exceeds Scrypt memory limit. " -+ "This is likely a 32-bit platform.") -+ -+ -+def test_memory_limit_skip(): -+ with pytest.raises(pytest.skip.Exception): -+ _skip_if_memory_limited(1000, {"p": 16, "r": 64, "n": 1024}) -+ -+ _skip_if_memory_limited(2 ** 31, {"p": 16, "r": 64, "n": 1024}) -+ -+ - @pytest.mark.requires_backend_interface(interface=ScryptBackend) - class TestScrypt(object): - @pytest.mark.parametrize("params", vectors) - def test_derive(self, backend, params): -+ _skip_if_memory_limited(_MEM_LIMIT, params) - password = params["password"] - work_factor = int(params["n"]) - block_size = int(params["r"]) -@@ -77,6 +97,7 @@ class TestScrypt(object): - - @pytest.mark.parametrize("params", vectors) - def test_verify(self, backend, params): -+ _skip_if_memory_limited(_MEM_LIMIT, params) - password = params["password"] - work_factor = int(params["n"]) - block_size = int(params["r"]) diff --git a/python-cryptography.spec b/python-cryptography.spec index 56ffb06..2837e42 100644 --- a/python-cryptography.spec +++ b/python-cryptography.spec @@ -6,7 +6,7 @@ %endif Name: python-cryptography -Version: 1.7.2 +Version: 1.9 Release: 1%{?dist} Summary: PyCA's cryptography library @@ -14,8 +14,6 @@ Group: Development/Libraries License: ASL 2.0 or BSD URL: https://cryptography.io/en/latest/ Source0: https://pypi.io/packages/source/c/cryptography/cryptography-%{version}.tar.gz -# Patch from https://github.com/pyca/cryptography/pull/3328 -Patch0: add_memory_limit.patch BuildRequires: openssl-devel @@ -25,32 +23,30 @@ BuildRequires: python-setuptools BuildRequires: python-pretend BuildRequires: python-iso8601 BuildRequires: python-cryptography-vectors = %{version} -BuildRequires: python-pyasn1-modules >= 0.1.8 -BuildRequires: python-hypothesis +BuildRequires: python2-asn1crypto >= 0.21 +BuildRequires: python-hypothesis >= 1.11.4 BuildRequires: pytz -BuildRequires: python-idna >= 2.0 -BuildRequires: python-pyasn1 >= 0.1.8 +BuildRequires: python-idna >= 2.1 BuildRequires: python-six >= 1.4.1 -BuildRequires: python-cffi >= 1.4.1 +BuildRequires: python-cffi >= 1.7 BuildRequires: python-enum34 BuildRequires: python-ipaddress %if 0%{?with_python3} BuildRequires: python3-devel -BuildRequires: python3-pytest +BuildRequires: python3-pytest >= 2.9 BuildRequires: python3-setuptools BuildRequires: python3-pretend BuildRequires: python3-iso8601 BuildRequires: python3-cryptography-vectors = %{version} -BuildRequires: python3-pyasn1-modules >= 0.1.8 -BuildRequires: python3-hypothesis +BuildRequires: python3-asn1crypto >= 0.21 +BuildRequires: python3-hypothesis >= 1.11.4 BuildRequires: python3-pytz -BuildRequires: python3-idna >= 2.0 -BuildRequires: python3-pyasn1 >= 0.1.8 +BuildRequires: python3-idna >= 2.1 BuildRequires: python3-six >= 1.4.1 -BuildRequires: python3-cffi >= 1.4.1 +BuildRequires: python3-cffi >= 1.7 %endif %description @@ -69,10 +65,10 @@ Provides: python-cryptography %endif Requires: openssl -Requires: python-idna >= 2.0 -Requires: python-pyasn1 >= 0.1.8 +Requires: python-idna >= 2.1 +Requires: python2-asn1crypto >= 0.21 Requires: python-six >= 1.4.1 -Requires: python-cffi >= 1.4.1 +Requires: python-cffi >= 1.7 Requires: python-enum34 Requires: python-ipaddress @@ -87,10 +83,10 @@ Summary: PyCA's cryptography library %{?python_provide:%python_provide python3-cryptography} Requires: openssl -Requires: python3-idna >= 2.0 -Requires: python3-pyasn1 >= 0.1.8 +Requires: python3-idna >= 2.1 +Requires: python3-asn1crypto >= 0.21 Requires: python3-six >= 1.4.1 -Requires: python3-cffi >= 1.4.1 +Requires: python3-cffi >= 1.7 %description -n python3-cryptography cryptography is a package designed to expose cryptographic primitives and @@ -153,6 +149,9 @@ popd %changelog +* Tue Jun 27 2017 Christian Heimes - 1.9-1 +- Upstream release 1.9 + * Wed Feb 15 2017 Christian Heimes - 1.7.2-1 - Update to latest upstream diff --git a/sources b/sources index d58dd2a..e660aac 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (cryptography-1.7.2.tar.gz) = 8ddd119385064e1f8288ff318ec16f500b5c125a3811ccb306aeb2664fac495fcdd3cb5a7cbacd10156505c9526b9cdbd66860b35bbcd2f9a6bb285dd6cba8c5 +SHA512 (cryptography-1.9.tar.gz) = 815e9c09366935f8603a3e6e74c28ce79175596d00dbcd19d3792505237bd1cf953a4f401c2b97e4beaa7f2bbdcf9d7f95c4753d001a07fa816830af97cdd24e