From 066225fb1ee048b70cb2e06e1f925ff663ff2d2b Mon Sep 17 00:00:00 2001 From: Alexandru Ardelean Date: Thu, 9 Apr 2026 08:31:24 +0300 Subject: [PATCH] python3-cryptodome: update to 3.23.0 Update package to 3.23.0. Changes since 3.18.0: 3.19.0: Added ECDH support via Crypto.Protocol.DH; TupleHash128/256 update() can now hash multiple items at once; fixed cffi bug on Windows with Python 3.12+. 3.19.1 (security): Patched side-channel leakage in OAEP decryption that could enable a Manger attack. 3.20.0: Added TurboSHAKE128 and TurboSHAKE256; added Crypto.Hash.new() factory; AES-GCM support for PBES2/PKCS#8 containers; SHA-2/SHA-3 support in PBKDF2 for key containers. 3.21.0: Added Curve25519/X25519 and Curve448/X448 support; added PYCRYPTODOME_DISABLE_GMP env var; RSA keys for PSS can now be imported; fixed Ed25519 point negation; dropped Python 3.5 support. 3.22.0: Added HPKE (RFC 9180) support; CCM cipher now enforces nonce-length data limits; fixed RC4 infinite loop for data >4GB; fixed invalid PEM file handling; dropped Python 3.6 support. 3.23.0: Added Key Wrap (KW/KWP, RFC 3394/5649/NIST SP 800-38F) cipher modes; Windows ARM wheels; fixed HashEdDSA/Ed448 sign/verify mutating XOF state. Refresh 001-fix-libgmp-loading.patch and 002-omit-tests.patch for the updated source (hunk offsets shifted by 2-4 lines due to new functions). Signed-off-by: Alexandru Ardelean --- lang/python/python-cryptodome/Makefile | 4 ++-- .../patches/001-fix-libgmp-loading.patch | 2 +- .../patches/002-omit-tests.patch | 2 +- lang/python/python-cryptodome/test.sh | 23 +++++++++++++++++++ 4 files changed, 27 insertions(+), 4 deletions(-) create mode 100755 lang/python/python-cryptodome/test.sh diff --git a/lang/python/python-cryptodome/Makefile b/lang/python/python-cryptodome/Makefile index 3ce76c2eb6..fc674cd326 100644 --- a/lang/python/python-cryptodome/Makefile +++ b/lang/python/python-cryptodome/Makefile @@ -5,11 +5,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-cryptodome -PKG_VERSION:=3.18.0 +PKG_VERSION:=3.23.0 PKG_RELEASE:=1 PYPI_NAME:=pycryptodome -PKG_HASH:=c9adee653fc882d98956e33ca2c1fb582e23a8af7ac82fee75bd6113c55a0413 +PKG_HASH:=447700a657182d60338bab09fdb27518f8856aecd80ae4c6bdddb67ff5da44ef PKG_LICENSE:=Public-Domain BSD-2-Clause PKG_LICENSE_FILES:=LICENSE.rst diff --git a/lang/python/python-cryptodome/patches/001-fix-libgmp-loading.patch b/lang/python/python-cryptodome/patches/001-fix-libgmp-loading.patch index a0d9674b3b..cfeeac9206 100644 --- a/lang/python/python-cryptodome/patches/001-fix-libgmp-loading.patch +++ b/lang/python/python-cryptodome/patches/001-fix-libgmp-loading.patch @@ -1,6 +1,6 @@ --- a/lib/Crypto/Math/_IntegerGMP.py +++ b/lib/Crypto/Math/_IntegerGMP.py -@@ -97,7 +97,7 @@ gmp_defs = """typedef unsigned long UNIX +@@ -99,7 +99,7 @@ gmp_defs = """typedef unsigned long UNIX if sys.platform == "win32": raise ImportError("Not using GMP on Windows") diff --git a/lang/python/python-cryptodome/patches/002-omit-tests.patch b/lang/python/python-cryptodome/patches/002-omit-tests.patch index 43e2cc3d88..856e066ee0 100644 --- a/lang/python/python-cryptodome/patches/002-omit-tests.patch +++ b/lang/python/python-cryptodome/patches/002-omit-tests.patch @@ -1,6 +1,6 @@ --- a/setup.py +++ b/setup.py -@@ -276,6 +276,9 @@ package_data = { +@@ -280,6 +280,9 @@ package_data = { "Crypto.Util" : [ "*.pyi" ], } diff --git a/lang/python/python-cryptodome/test.sh b/lang/python/python-cryptodome/test.sh new file mode 100755 index 0000000000..bfa5cb684e --- /dev/null +++ b/lang/python/python-cryptodome/test.sh @@ -0,0 +1,23 @@ +#!/bin/sh + +[ "$1" = python3-pycryptodome ] || exit 0 + +python3 - << 'EOF' +from Crypto.Cipher import AES +from Crypto.Random import get_random_bytes +from Crypto.Hash import SHA256 + +# AES-GCM encrypt/decrypt +key = get_random_bytes(16) +cipher = AES.new(key, AES.MODE_GCM) +ciphertext, tag = cipher.encrypt_and_digest(b"hello, world!") + +cipher2 = AES.new(key, AES.MODE_GCM, nonce=cipher.nonce) +plaintext = cipher2.decrypt_and_verify(ciphertext, tag) +assert plaintext == b"hello, world!" + +# SHA256 +h = SHA256.new(b"test data") +digest = h.hexdigest() +assert len(digest) == 64 +EOF