diff --git a/crypto-39.patch b/crypto-39.patch new file mode 100644 index 0000000..f80159b --- /dev/null +++ b/crypto-39.patch @@ -0,0 +1,79 @@ +From 3a50c8484e355e03bea1399f1e72b1c1ef716680 Mon Sep 17 00:00:00 2001 +From: Daniel Garcia Moreno +Date: Thu, 26 Jan 2023 13:07:54 +0100 +Subject: [PATCH] Add cryptography >= 39.0.0 support + +The cryptography release 39.0.0 added a new parameter to the serializer +that's required. + +https://cryptography.io/en/latest/changelog/#v39-0-0 + +This patch fixes the tests test_encrypt_decrypt_asymmetric +--- + kmip/services/server/crypto/engine.py | 20 ++++++++++++++++---- + 1 file changed, 16 insertions(+), 4 deletions(-) + +diff --git a/kmip/services/server/crypto/engine.py b/kmip/services/server/crypto/engine.py +index 838e1b92..e9e8593e 100644 +--- a/kmip/services/server/crypto/engine.py ++++ b/kmip/services/server/crypto/engine.py +@@ -16,6 +16,7 @@ + import logging + import os + ++import cryptography + from cryptography import exceptions as errors + from cryptography.hazmat.backends import default_backend + from cryptography.hazmat.primitives import serialization, hashes, hmac, cmac +@@ -930,17 +931,22 @@ def _decrypt_asymmetric( + ) + + backend = default_backend() ++ params = {} ++ if cryptography.__version__ >= "39.0.0": ++ params["unsafe_skip_rsa_key_validation"] = False + + try: + private_key = backend.load_der_private_key( + decryption_key, +- None ++ None, ++ **params, + ) + except Exception: + try: + private_key = backend.load_pem_private_key( + decryption_key, +- None ++ None, ++ **params, + ) + except Exception: + raise exceptions.CryptographicFailure( +@@ -1279,18 +1285,24 @@ def _create_RSA_private_key(self, + RSA private key created from key bytes. + """ + ++ params = {} ++ if cryptography.__version__ >= "39.0.0": ++ params["unsafe_skip_rsa_key_validation"] = False ++ + try: + private_key = serialization.load_pem_private_key( + bytes, + password=None, +- backend=default_backend() ++ backend=default_backend(), ++ **params, + ) + return private_key + except Exception: + private_key = serialization.load_der_private_key( + bytes, + password=None, +- backend=default_backend() ++ backend=default_backend(), ++ **params, + ) + return private_key + diff --git a/python-PyKMIP.changes b/python-PyKMIP.changes index 11d129b..b5abdb4 100644 --- a/python-PyKMIP.changes +++ b/python-PyKMIP.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Jan 26 12:36:34 UTC 2023 - Daniel Garcia + +- Add crypto-39.patch to make it work with python-cryptography >= 39.0.0 + gh#OpenKMIP/PyKMIP#689 + ------------------------------------------------------------------- Wed May 4 09:55:17 UTC 2022 - pgajdos@suse.com diff --git a/python-PyKMIP.spec b/python-PyKMIP.spec index fb00a1b..0101c27 100644 --- a/python-PyKMIP.spec +++ b/python-PyKMIP.spec @@ -1,7 +1,7 @@ # # spec file for package python-PyKMIP # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,7 +16,6 @@ # -%{?!python_module:%define python_module() python-%{**} python3-%{**}} %bcond_without python2 Name: python-PyKMIP Version: 0.10.0 @@ -31,6 +30,8 @@ Source: https://files.pythonhosted.org/packages/source/P/PyKMIP/PyKMIP-% Patch0: fix-tests-SQLAlchemy-140.patch # https://github.com/OpenKMIP/PyKMIP/issues/668 Patch1: python-PyKMIP-no-mock.patch +# PATCH-FIX-OPENSUSE crypto-39.patch gh#OpenKMIP/PyKMIP#689 +Patch2: crypto-39.patch BuildRequires: %{python_module SQLAlchemy} BuildRequires: %{python_module cryptography} BuildRequires: %{python_module devel} @@ -87,7 +88,8 @@ Standards`_ (OASIS). PyKMIP supports a subset of features in versions %files %{python_files} %license LICENSE.txt %doc README.rst -%{python_sitelib}/* +%{python_sitelib}/kmip +%{python_sitelib}/PyKMIP-%{version}*-info %python_alternative %{_bindir}/pykmip-server %changelog