From a509f320471a8ef03ac939cc0ee2a42eff7e0067 Mon Sep 17 00:00:00 2001 From: Alexandru Ardelean Date: Thu, 9 Apr 2026 08:32:14 +0300 Subject: [PATCH] python3-cryptodomex: update to 3.23.0 Update package to 3.23.0. pycryptodomex is the same codebase as pycryptodome under the Cryptodome namespace. All changes are identical to python3-cryptodome 3.23.0: 3.19.0: Added ECDH support via Cryptodome.Protocol.DH; TupleHash128/256 update() can now hash multiple items at once. 3.19.1 (security): Patched side-channel leakage in OAEP decryption that could enable a Manger attack. 3.20.0: Added TurboSHAKE128 and TurboSHAKE256; Cryptodome.Hash.new() factory; AES-GCM support for PBES2/PKCS#8 containers. 3.21.0: Added Curve25519/X25519 and Curve448/X448 support; dropped Python 3.5 support. 3.22.0: Added HPKE (RFC 9180) support; dropped Python 3.6 support. 3.23.0: Added Key Wrap (KW/KWP, RFC 3394/5649) cipher modes; Windows ARM wheels; fixed HashEdDSA/Ed448 sign/verify mutating XOF state. Signed-off-by: Alexandru Ardelean --- lang/python/python-cryptodomex/Makefile | 4 ++-- .../patches/001-fix-libgmp-loading.patch | 2 +- .../patches/002-omit-tests.patch | 2 +- lang/python/python-cryptodomex/test.sh | 23 +++++++++++++++++++ 4 files changed, 27 insertions(+), 4 deletions(-) create mode 100755 lang/python/python-cryptodomex/test.sh diff --git a/lang/python/python-cryptodomex/Makefile b/lang/python/python-cryptodomex/Makefile index 4fb5fe0fd2..89febb8d3a 100644 --- a/lang/python/python-cryptodomex/Makefile +++ b/lang/python/python-cryptodomex/Makefile @@ -5,11 +5,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-cryptodomex -PKG_VERSION:=3.18.0 +PKG_VERSION:=3.23.0 PKG_RELEASE:=1 PYPI_NAME:=pycryptodomex -PKG_HASH:=3e3ecb5fe979e7c1bb0027e518340acf7ee60415d79295e5251d13c68dde576e +PKG_HASH:=71909758f010c82bc99b0abf4ea12012c98962fbf0583c2164f8b84533c2e4da PKG_LICENSE:=Public-Domain BSD-2-Clause PKG_LICENSE_FILES:=LICENSE.rst diff --git a/lang/python/python-cryptodomex/patches/001-fix-libgmp-loading.patch b/lang/python/python-cryptodomex/patches/001-fix-libgmp-loading.patch index 305ef69645..3293d3419d 100644 --- a/lang/python/python-cryptodomex/patches/001-fix-libgmp-loading.patch +++ b/lang/python/python-cryptodomex/patches/001-fix-libgmp-loading.patch @@ -1,6 +1,6 @@ --- a/lib/Cryptodome/Math/_IntegerGMP.py +++ b/lib/Cryptodome/Math/_IntegerGMP.py -@@ -97,7 +97,7 @@ gmp_defs = """typedef unsigned long UNIX +@@ -99,7 +99,7 @@ gmp_defs = """typedef unsigned long UNIX if sys.platform == "win32": raise ImportError("Not using GMP on Windows") diff --git a/lang/python/python-cryptodomex/patches/002-omit-tests.patch b/lang/python/python-cryptodomex/patches/002-omit-tests.patch index 43e2cc3d88..856e066ee0 100644 --- a/lang/python/python-cryptodomex/patches/002-omit-tests.patch +++ b/lang/python/python-cryptodomex/patches/002-omit-tests.patch @@ -1,6 +1,6 @@ --- a/setup.py +++ b/setup.py -@@ -276,6 +276,9 @@ package_data = { +@@ -280,6 +280,9 @@ package_data = { "Crypto.Util" : [ "*.pyi" ], } diff --git a/lang/python/python-cryptodomex/test.sh b/lang/python/python-cryptodomex/test.sh new file mode 100755 index 0000000000..8b189ff862 --- /dev/null +++ b/lang/python/python-cryptodomex/test.sh @@ -0,0 +1,23 @@ +#!/bin/sh + +[ "$1" = python3-pycryptodomex ] || exit 0 + +python3 - << 'EOF' +from Cryptodome.Cipher import AES +from Cryptodome.Random import get_random_bytes +from Cryptodome.Hash import SHA256 + +# AES-GCM encrypt/decrypt +key = get_random_bytes(16) +cipher = AES.new(key, AES.MODE_GCM) +ciphertext, tag = cipher.encrypt_and_digest(b"hello, world!") + +cipher2 = AES.new(key, AES.MODE_GCM, nonce=cipher.nonce) +plaintext = cipher2.decrypt_and_verify(ciphertext, tag) +assert plaintext == b"hello, world!" + +# SHA256 +h = SHA256.new(b"test data") +digest = h.hexdigest() +assert len(digest) == 64 +EOF