@@ -, +, @@ --- security/py-cryptography/Makefile | 83 +++++++++++-- security/py-cryptography/distinfo | 114 +++++++++++++++++- .../patch-Fix-build-with-LibreSSL-3.3.2-5988 | 62 ---------- .../files/patch-Support-LibreSSL-3.4.0-6360 | 98 --------------- security/py-cryptography/files/patch-setup.py | 55 --------- 5 files changed, 187 insertions(+), 225 deletions(-) delete mode 100644 security/py-cryptography/files/patch-Fix-build-with-LibreSSL-3.3.2-5988 delete mode 100644 security/py-cryptography/files/patch-Support-LibreSSL-3.4.0-6360 delete mode 100644 security/py-cryptography/files/patch-setup.py --- b/security/py-cryptography/Makefile +++ b/security/py-cryptography/Makefile @@ -1,7 +1,6 @@ PORTNAME= cryptography -PORTVERSION= 3.4.8 +PORTVERSION= 38.0.1 CATEGORIES= security python -MASTER_SITES= CHEESESHOP PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} MAINTAINER= sunpoet@FreeBSD.org @@ -13,7 +12,8 @@ LICENSE_COMB= dual LICENSE_FILE_APACHE20= ${WRKSRC}/LICENSE.APACHE LICENSE_FILE_BSD3CLAUSE=${WRKSRC}/LICENSE.BSD -BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}cffi>=1.12:devel/py-cffi@${PY_FLAVOR} +BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}cffi>=1.12:devel/py-cffi@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}setuptools-rust>=1.4.0:devel/py-setuptools-rust@${PY_FLAVOR} RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}cffi>=1.12:devel/py-cffi@${PY_FLAVOR} TEST_DEPENDS= ${PYTHON_PKGNAMEPREFIX}cryptography-vectors>=${PORTVERSION}:security/py-cryptography-vectors@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}hypothesis>=1.11.4:devel/py-hypothesis@${PY_FLAVOR} \ @@ -25,16 +25,80 @@ TEST_DEPENDS= ${PYTHON_PKGNAMEPREFIX}cryptography-vectors>=${PORTVERSION}:securi ${PYTHON_PKGNAMEPREFIX}pytz>=0,1:devel/py-pytz@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}sqlite3>=0:databases/py-sqlite3@${PY_FLAVOR} -USES= compiler:env cpe python:3.6+ ssl +USES= cargo compiler:env python:3.6+ ssl USE_PYTHON= autoplist concurrent distutils pytest +USE_GITHUB= yes +GH_ACCOUNT= pyca + +CARGO_CRATES= Inflector-0.11.4 \ + aliasable-0.1.3 \ + android_system_properties-0.1.5 \ + asn1-0.12.2 \ + asn1_derive-0.12.2 \ + autocfg-1.1.0 \ + base64-0.13.0 \ + bitflags-1.3.2 \ + bumpalo-3.10.0 \ + cfg-if-1.0.0 \ + chrono-0.4.22 \ + core-foundation-sys-0.8.3 \ + iana-time-zone-0.1.47 \ + indoc-0.3.6 \ + indoc-impl-0.3.6 \ + instant-0.1.12 \ + js-sys-0.3.59 \ + libc-0.2.132 \ + lock_api-0.4.8 \ + log-0.4.17 \ + num-integer-0.1.45 \ + num-traits-0.2.15 \ + once_cell-1.14.0 \ + ouroboros-0.15.4 \ + ouroboros_macro-0.15.4 \ + parking_lot-0.11.2 \ + parking_lot_core-0.8.5 \ + paste-0.1.18 \ + paste-impl-0.1.18 \ + pem-1.1.0 \ + proc-macro-error-1.0.4 \ + proc-macro-error-attr-1.0.4 \ + proc-macro-hack-0.5.19 \ + proc-macro2-1.0.43 \ + pyo3-0.15.2 \ + pyo3-build-config-0.15.2 \ + pyo3-macros-0.15.2 \ + pyo3-macros-backend-0.15.2 \ + quote-1.0.21 \ + redox_syscall-0.2.16 \ + scopeguard-1.1.0 \ + smallvec-1.9.0 \ + syn-1.0.99 \ + unicode-ident-1.0.3 \ + unindent-0.1.10 \ + version_check-0.9.4 \ + wasm-bindgen-0.2.82 \ + wasm-bindgen-backend-0.2.82 \ + wasm-bindgen-macro-0.2.82 \ + wasm-bindgen-macro-support-0.2.82 \ + wasm-bindgen-shared-0.2.82 \ + winapi-0.3.9 \ + winapi-i686-pc-windows-gnu-0.4.0 \ + winapi-x86_64-pc-windows-gnu-0.4.0 + +CARGO_CARGOTOML= ${WRKSRC}/src/rust/Cargo.toml +CARGO_CARGOLOCK= ${WRKSRC}/src/rust/Cargo.lock +CARGO_BUILD= no +CARGO_INSTALL= no +CARGO_TEST= no +CARGO_TARGET_DIR=${WRKSRC}/target +MAKE_ENV= ${CARGO_ENV} +BINARY_ALIAS= python3=${PYTHON_CMD} + CFLAGS+= -I${OPENSSLINC} LDFLAGS+= -L${OPENSSLLIB} -MAKE_ENV= CRYPTOGRAPHY_DONT_BUILD_RUST=1 TEST_ENV= PYTHONPATH=${STAGEDIR}${PYTHON_SITELIBDIR} -CPE_VENDOR= cryptography_project - .include .if ${CHOSEN_COMPILER_TYPE} == gcc && ${COMPILER_VERSION} <= 42 @@ -44,5 +108,10 @@ post-patch: post-install: ${FIND} ${STAGEDIR}${PYTHON_SITELIBDIR} -name '*.so' -exec ${STRIP_CMD} {} + + # Regenerate .PLIST.pymodtemp to get all installed files from + # ${STAGEDIR}. + @${FIND} ${STAGEDIR} -type f -o -type l | \ + ${SORT} | ${SED} -e 's|${STAGEDIR}||' \ + > ${WRKDIR}/.PLIST.pymodtmp .include --- b/security/py-cryptography/distinfo +++ b/security/py-cryptography/distinfo @@ -1,3 +1,111 @@ -TIMESTAMP = 1652122693 -SHA256 (cryptography-3.4.8.tar.gz) = 94cc5ed4ceaefcbe5bf38c8fba6a21fc1d365bb8fb826ea1688e3370b2e24a1c -SIZE (cryptography-3.4.8.tar.gz) = 546907 +TIMESTAMP = 1664347139 +SHA256 (rust/crates/Inflector-0.11.4.crate) = fe438c63458706e03479442743baae6c88256498e6431708f6dfc520a26515d3 +SIZE (rust/crates/Inflector-0.11.4.crate) = 17438 +SHA256 (rust/crates/aliasable-0.1.3.crate) = 250f629c0161ad8107cf89319e990051fae62832fd343083bea452d93e2205fd +SIZE (rust/crates/aliasable-0.1.3.crate) = 6169 +SHA256 (rust/crates/android_system_properties-0.1.5.crate) = 819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311 +SIZE (rust/crates/android_system_properties-0.1.5.crate) = 5243 +SHA256 (rust/crates/asn1-0.12.2.crate) = 22c27c85cd71c1bf4373c7c1aa752b73d2df799277c0930af16fffbf3444f210 +SIZE (rust/crates/asn1-0.12.2.crate) = 33145 +SHA256 (rust/crates/asn1_derive-0.12.2.crate) = d48d1854a01241e8d22f8f5ae4e2dc332f66c5946e1772f5576886d83e18e1b7 +SIZE (rust/crates/asn1_derive-0.12.2.crate) = 4914 +SHA256 (rust/crates/autocfg-1.1.0.crate) = d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa +SIZE (rust/crates/autocfg-1.1.0.crate) = 13272 +SHA256 (rust/crates/base64-0.13.0.crate) = 904dfeac50f3cdaba28fc6f57fdcddb75f49ed61346676a78c4ffe55877802fd +SIZE (rust/crates/base64-0.13.0.crate) = 62070 +SHA256 (rust/crates/bitflags-1.3.2.crate) = bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a +SIZE (rust/crates/bitflags-1.3.2.crate) = 23021 +SHA256 (rust/crates/bumpalo-3.10.0.crate) = 37ccbd214614c6783386c1af30caf03192f17891059cecc394b4fb119e363de3 +SIZE (rust/crates/bumpalo-3.10.0.crate) = 78915 +SHA256 (rust/crates/cfg-if-1.0.0.crate) = baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd +SIZE (rust/crates/cfg-if-1.0.0.crate) = 7934 +SHA256 (rust/crates/chrono-0.4.22.crate) = bfd4d1b31faaa3a89d7934dbded3111da0d2ef28e3ebccdb4f0179f5929d1ef1 +SIZE (rust/crates/chrono-0.4.22.crate) = 185570 +SHA256 (rust/crates/core-foundation-sys-0.8.3.crate) = 5827cebf4670468b8772dd191856768aedcb1b0278a04f989f7766351917b9dc +SIZE (rust/crates/core-foundation-sys-0.8.3.crate) = 17519 +SHA256 (rust/crates/iana-time-zone-0.1.47.crate) = 4c495f162af0bf17656d0014a0eded5f3cd2f365fdd204548c2869db89359dc7 +SIZE (rust/crates/iana-time-zone-0.1.47.crate) = 16974 +SHA256 (rust/crates/indoc-0.3.6.crate) = 47741a8bc60fb26eb8d6e0238bbb26d8575ff623fdc97b1a2c00c050b9684ed8 +SIZE (rust/crates/indoc-0.3.6.crate) = 9663 +SHA256 (rust/crates/indoc-impl-0.3.6.crate) = ce046d161f000fffde5f432a0d034d0341dc152643b2598ed5bfce44c4f3a8f0 +SIZE (rust/crates/indoc-impl-0.3.6.crate) = 7933 +SHA256 (rust/crates/instant-0.1.12.crate) = 7a5bbe824c507c5da5956355e86a746d82e0e1464f65d862cc5e71da70e94b2c +SIZE (rust/crates/instant-0.1.12.crate) = 6128 +SHA256 (rust/crates/js-sys-0.3.59.crate) = 258451ab10b34f8af53416d1fdab72c22e805f0c92a1136d59470ec0b11138b2 +SIZE (rust/crates/js-sys-0.3.59.crate) = 78849 +SHA256 (rust/crates/libc-0.2.132.crate) = 8371e4e5341c3a96db127eb2465ac681ced4c433e01dd0e938adbef26ba93ba5 +SIZE (rust/crates/libc-0.2.132.crate) = 595317 +SHA256 (rust/crates/lock_api-0.4.8.crate) = 9f80bf5aacaf25cbfc8210d1cfb718f2bf3b11c4c54e5afe36c236853a8ec390 +SIZE (rust/crates/lock_api-0.4.8.crate) = 25677 +SHA256 (rust/crates/log-0.4.17.crate) = abb12e687cfb44aa40f41fc3978ef76448f9b6038cad6aef4259d3c095a2382e +SIZE (rust/crates/log-0.4.17.crate) = 38028 +SHA256 (rust/crates/num-integer-0.1.45.crate) = 225d3389fb3509a24c93f5c29eb6bde2586b98d9f016636dff58d7c6f7569cd9 +SIZE (rust/crates/num-integer-0.1.45.crate) = 22529 +SHA256 (rust/crates/num-traits-0.2.15.crate) = 578ede34cf02f8924ab9447f50c28075b4d3e5b269972345e7e0372b38c6cdcd +SIZE (rust/crates/num-traits-0.2.15.crate) = 49262 +SHA256 (rust/crates/once_cell-1.14.0.crate) = 2f7254b99e31cad77da24b08ebf628882739a608578bb1bcdfc1f9c21260d7c0 +SIZE (rust/crates/once_cell-1.14.0.crate) = 31614 +SHA256 (rust/crates/ouroboros-0.15.4.crate) = 7f56a2b0aa5fc88687aaf63e85a7974422790ce3419a2e1a15870f8a55227822 +SIZE (rust/crates/ouroboros-0.15.4.crate) = 11179 +SHA256 (rust/crates/ouroboros_macro-0.15.4.crate) = 6c40641e27d0eb38cae3dee081d920104d2db47a8e853c1a592ef68d33f5ebf4 +SIZE (rust/crates/ouroboros_macro-0.15.4.crate) = 20732 +SHA256 (rust/crates/parking_lot-0.11.2.crate) = 7d17b78036a60663b797adeaee46f5c9dfebb86948d1255007a1d6be0271ff99 +SIZE (rust/crates/parking_lot-0.11.2.crate) = 39869 +SHA256 (rust/crates/parking_lot_core-0.8.5.crate) = d76e8e1493bcac0d2766c42737f34458f1c8c50c0d23bcb24ea953affb273216 +SIZE (rust/crates/parking_lot_core-0.8.5.crate) = 32466 +SHA256 (rust/crates/paste-0.1.18.crate) = 45ca20c77d80be666aef2b45486da86238fabe33e38306bd3118fe4af33fa880 +SIZE (rust/crates/paste-0.1.18.crate) = 12259 +SHA256 (rust/crates/paste-impl-0.1.18.crate) = d95a7db200b97ef370c8e6de0088252f7e0dfff7d047a28528e47456c0fc98b6 +SIZE (rust/crates/paste-impl-0.1.18.crate) = 9451 +SHA256 (rust/crates/pem-1.1.0.crate) = 03c64931a1a212348ec4f3b4362585eca7159d0d09cbdf4a7f74f02173596fd4 +SIZE (rust/crates/pem-1.1.0.crate) = 10805 +SHA256 (rust/crates/proc-macro-error-1.0.4.crate) = da25490ff9892aab3fcf7c36f08cfb902dd3e71ca0f9f9517bea02a73a5ce38c +SIZE (rust/crates/proc-macro-error-1.0.4.crate) = 25293 +SHA256 (rust/crates/proc-macro-error-attr-1.0.4.crate) = a1be40180e52ecc98ad80b184934baf3d0d29f979574e439af5a55274b35f869 +SIZE (rust/crates/proc-macro-error-attr-1.0.4.crate) = 7971 +SHA256 (rust/crates/proc-macro-hack-0.5.19.crate) = dbf0c48bc1d91375ae5c3cd81e3722dff1abcf81a30960240640d223f59fe0e5 +SIZE (rust/crates/proc-macro-hack-0.5.19.crate) = 15556 +SHA256 (rust/crates/proc-macro2-1.0.43.crate) = 0a2ca2c61bc9f3d74d2886294ab7b9853abd9c1ad903a3ac7815c58989bb7bab +SIZE (rust/crates/proc-macro2-1.0.43.crate) = 41512 +SHA256 (rust/crates/pyo3-0.15.2.crate) = d41d50a7271e08c7c8a54cd24af5d62f73ee3a6f6a314215281ebdec421d5752 +SIZE (rust/crates/pyo3-0.15.2.crate) = 371382 +SHA256 (rust/crates/pyo3-build-config-0.15.2.crate) = 779239fc40b8e18bc8416d3a37d280ca9b9fb04bda54b98037bb6748595c2410 +SIZE (rust/crates/pyo3-build-config-0.15.2.crate) = 22235 +SHA256 (rust/crates/pyo3-macros-0.15.2.crate) = 00b247e8c664be87998d8628e86f282c25066165f1f8dda66100c48202fdb93a +SIZE (rust/crates/pyo3-macros-0.15.2.crate) = 7596 +SHA256 (rust/crates/pyo3-macros-backend-0.15.2.crate) = 5a8c2812c412e00e641d99eeb79dd478317d981d938aa60325dfa7157b607095 +SIZE (rust/crates/pyo3-macros-backend-0.15.2.crate) = 46112 +SHA256 (rust/crates/quote-1.0.21.crate) = bbe448f377a7d6961e30f5955f9b8d106c3f5e449d493ee1b125c1d43c2b5179 +SIZE (rust/crates/quote-1.0.21.crate) = 28030 +SHA256 (rust/crates/redox_syscall-0.2.16.crate) = fb5a58c1855b4b6819d59012155603f0b22ad30cad752600aadfcb695265519a +SIZE (rust/crates/redox_syscall-0.2.16.crate) = 24012 +SHA256 (rust/crates/scopeguard-1.1.0.crate) = d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd +SIZE (rust/crates/scopeguard-1.1.0.crate) = 11470 +SHA256 (rust/crates/smallvec-1.9.0.crate) = 2fd0db749597d91ff862fd1d55ea87f7855a744a8425a64695b6fca237d1dad1 +SIZE (rust/crates/smallvec-1.9.0.crate) = 28396 +SHA256 (rust/crates/syn-1.0.99.crate) = 58dbef6ec655055e20b86b15a8cc6d439cca19b667537ac6a1369572d151ab13 +SIZE (rust/crates/syn-1.0.99.crate) = 236084 +SHA256 (rust/crates/unicode-ident-1.0.3.crate) = c4f5b37a154999a8f3f98cc23a628d850e154479cd94decf3414696e12e31aaf +SIZE (rust/crates/unicode-ident-1.0.3.crate) = 35031 +SHA256 (rust/crates/unindent-0.1.10.crate) = 58ee9362deb4a96cef4d437d1ad49cffc9b9e92d202b6995674e928ce684f112 +SIZE (rust/crates/unindent-0.1.10.crate) = 7703 +SHA256 (rust/crates/version_check-0.9.4.crate) = 49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f +SIZE (rust/crates/version_check-0.9.4.crate) = 14895 +SHA256 (rust/crates/wasm-bindgen-0.2.82.crate) = fc7652e3f6c4706c8d9cd54832c4a4ccb9b5336e2c3bd154d5cccfbf1c1f5f7d +SIZE (rust/crates/wasm-bindgen-0.2.82.crate) = 166376 +SHA256 (rust/crates/wasm-bindgen-backend-0.2.82.crate) = 662cd44805586bd52971b9586b1df85cdbbd9112e4ef4d8f41559c334dc6ac3f +SIZE (rust/crates/wasm-bindgen-backend-0.2.82.crate) = 25764 +SHA256 (rust/crates/wasm-bindgen-macro-0.2.82.crate) = b260f13d3012071dfb1512849c033b1925038373aea48ced3012c09df952c602 +SIZE (rust/crates/wasm-bindgen-macro-0.2.82.crate) = 11808 +SHA256 (rust/crates/wasm-bindgen-macro-support-0.2.82.crate) = 5be8e654bdd9b79216c2929ab90721aa82faf65c48cdf08bdc4e7f51357b80da +SIZE (rust/crates/wasm-bindgen-macro-support-0.2.82.crate) = 18529 +SHA256 (rust/crates/wasm-bindgen-shared-0.2.82.crate) = 6598dd0bd3c7d51095ff6531a5b23e02acdc81804e30d8f07afb77b7215a140a +SIZE (rust/crates/wasm-bindgen-shared-0.2.82.crate) = 7197 +SHA256 (rust/crates/winapi-0.3.9.crate) = 5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419 +SIZE (rust/crates/winapi-0.3.9.crate) = 1200382 +SHA256 (rust/crates/winapi-i686-pc-windows-gnu-0.4.0.crate) = ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6 +SIZE (rust/crates/winapi-i686-pc-windows-gnu-0.4.0.crate) = 2918815 +SHA256 (rust/crates/winapi-x86_64-pc-windows-gnu-0.4.0.crate) = 712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f +SIZE (rust/crates/winapi-x86_64-pc-windows-gnu-0.4.0.crate) = 2947998 +SHA256 (pyca-cryptography-38.0.1_GH0.tar.gz) = 4d2e2b3192cd3767bdb68c22dd40c07a1deb209a05daee21df74fbf2df8bfbed +SIZE (pyca-cryptography-38.0.1_GH0.tar.gz) = 35900362 --- a/security/py-cryptography/files/patch-Fix-build-with-LibreSSL-3.3.2-5988 +++ /dev/null @@ -1,62 +0,0 @@ -From 94590a9aecc9e5ef6fc8eda52bae43643a4c44bd Mon Sep 17 00:00:00 2001 -From: Charlie Li -Date: Mon, 19 Apr 2021 18:38:38 -0400 -Subject: [PATCH] Fix build with LibreSSL 3.3.2 (#5988) - -* LibreSSL 3.3.2 supports SSL_OP_NO_DTLS* - -While here, bump CI - -* Fix preprocessor guards for LibreSSL's SSL_OP_NO_DTLS* - -DTLS_set_link_mtu and DTLS_get_link_min_mtu are not part of 3.3.2 - -* Switch to LESS_THAN context for LibreSSL 3.3.2 - -While here, fix indents - -* Remove extra C variable declaration - -The variable is not actually used from Python ---- - .github/workflows/ci.yml | 2 +- - src/_cffi_src/openssl/cryptography.py | 7 +++++++ - src/_cffi_src/openssl/ssl.py | 2 ++ - 3 files changed, 10 insertions(+), 1 deletion(-) - -diff --git src/_cffi_src/openssl/cryptography.py src/_cffi_src/openssl/cryptography.py -index e2b5a132..b9c7a793 100644 ---- src/_cffi_src/openssl/cryptography.py -+++ src/_cffi_src/openssl/cryptography.py -@@ -32,6 +32,13 @@ INCLUDES = """ - #include - #endif - -+#if CRYPTOGRAPHY_IS_LIBRESSL -+#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 \ -+ (LIBRESSL_VERSION_NUMBER < 0x3030200f) -+#else -+#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 (0) -+#endif -+ - #define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER \ - (OPENSSL_VERSION_NUMBER >= 0x1010006f && !CRYPTOGRAPHY_IS_LIBRESSL) - -diff --git src/_cffi_src/openssl/ssl.py src/_cffi_src/openssl/ssl.py -index 11a7d63a..081ef041 100644 ---- src/_cffi_src/openssl/ssl.py -+++ src/_cffi_src/openssl/ssl.py -@@ -586,8 +586,10 @@ static const long TLS_ST_OK = 0; - #endif - - #if CRYPTOGRAPHY_IS_LIBRESSL -+#if CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 - static const long SSL_OP_NO_DTLSv1 = 0; - static const long SSL_OP_NO_DTLSv1_2 = 0; -+#endif - long (*DTLS_set_link_mtu)(SSL *, long) = NULL; - long (*DTLS_get_link_min_mtu)(SSL *) = NULL; - #endif --- -2.31.1 - --- a/security/py-cryptography/files/patch-Support-LibreSSL-3.4.0-6360 +++ /dev/null @@ -1,98 +0,0 @@ -From 7a341a5d3cb9380e77b0241b5198373ab6fc355e Mon Sep 17 00:00:00 2001 -From: Charlie Li -Date: Sun, 3 Oct 2021 00:20:31 -0400 -Subject: [PATCH] Support LibreSSL 3.4.0 (#6360) - -* Add LibreSSL 3.4.0 to CI - -* Add a LibreSSL 3.4.0 guard - -Since LibreSSL 3.4.0 makes most of the TLSv1.3 API available, redefine CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 to LibreSSL versions below 3.4.0. - -* DTLS_get_data_mtu does not exist in LibreSSL - -* Only EVP_Digest{Sign,Verify} exist in LibreSSL 3.4.0+ - -* SSL_CTX_{set,get}_keylog_callback does not exist in LibreSSL - -* Do not pollute CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 with LibreSSL - -While LibreSSL 3.4.0 supports more of TLSv1.3 API, the guard redefinition caused the X448 tests to run when not intended. ---- - .github/workflows/ci.yml | 6 ++++-- - src/_cffi_src/openssl/cryptography.py | 3 +++ - src/_cffi_src/openssl/evp.py | 15 ++++++++++----- - src/_cffi_src/openssl/ssl.py | 3 ++- - 4 files changed, 19 insertions(+), 8 deletions(-) - -diff --git src/_cffi_src/openssl/cryptography.py src/_cffi_src/openssl/cryptography.py -index 878d22d8..821ddc9f 100644 ---- src/_cffi_src/openssl/cryptography.py -+++ src/_cffi_src/openssl/cryptography.py -@@ -36,8 +36,11 @@ INCLUDES = """ - #if CRYPTOGRAPHY_IS_LIBRESSL - #define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 \ - (LIBRESSL_VERSION_NUMBER < 0x3030200f) -+#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 \ -+ (LIBRESSL_VERSION_NUMBER < 0x3040000f) - #else - #define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 (0) -+#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 (0) - #endif - - #define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER \ -diff --git src/_cffi_src/openssl/evp.py src/_cffi_src/openssl/evp.py -index ab7cfeb3..cad3339a 100644 ---- src/_cffi_src/openssl/evp.py -+++ src/_cffi_src/openssl/evp.py -@@ -203,15 +203,21 @@ int (*EVP_PKEY_set1_tls_encodedpoint)(EVP_PKEY *, const unsigned char *, - size_t) = NULL; - #endif - --#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 -+#if CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 || \ -+ (CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 && !CRYPTOGRAPHY_IS_LIBRESSL) - static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 0; --static const long Cryptography_HAS_RAW_KEY = 0; --static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 0; --int (*EVP_DigestFinalXOF)(EVP_MD_CTX *, unsigned char *, size_t) = NULL; - int (*EVP_DigestSign)(EVP_MD_CTX *, unsigned char *, size_t *, - const unsigned char *tbs, size_t) = NULL; - int (*EVP_DigestVerify)(EVP_MD_CTX *, const unsigned char *, size_t, - const unsigned char *, size_t) = NULL; -+#else -+static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 1; -+#endif -+ -+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 -+static const long Cryptography_HAS_RAW_KEY = 0; -+static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 0; -+int (*EVP_DigestFinalXOF)(EVP_MD_CTX *, unsigned char *, size_t) = NULL; - EVP_PKEY *(*EVP_PKEY_new_raw_private_key)(int, ENGINE *, const unsigned char *, - size_t) = NULL; - EVP_PKEY *(*EVP_PKEY_new_raw_public_key)(int, ENGINE *, const unsigned char *, -@@ -221,7 +227,6 @@ int (*EVP_PKEY_get_raw_private_key)(const EVP_PKEY *, unsigned char *, - int (*EVP_PKEY_get_raw_public_key)(const EVP_PKEY *, unsigned char *, - size_t *) = NULL; - #else --static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 1; - static const long Cryptography_HAS_RAW_KEY = 1; - static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 1; - #endif -diff --git src/_cffi_src/openssl/ssl.py src/_cffi_src/openssl/ssl.py -index ca275e91..0830a463 100644 ---- src/_cffi_src/openssl/ssl.py -+++ src/_cffi_src/openssl/ssl.py -@@ -678,7 +678,8 @@ int (*SSL_set_tlsext_use_srtp)(SSL *, const char *) = NULL; - SRTP_PROTECTION_PROFILE * (*SSL_get_selected_srtp_profile)(SSL *) = NULL; - #endif - --#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 -+#if CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 || \ -+ (CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 && !CRYPTOGRAPHY_IS_LIBRESSL) - static const long Cryptography_HAS_TLSv1_3 = 0; - static const long SSL_OP_NO_TLSv1_3 = 0; - static const long SSL_VERIFY_POST_HANDSHAKE = 0; --- -2.32.0 - --- a/security/py-cryptography/files/patch-setup.py +++ /dev/null @@ -1,55 +0,0 @@ ---- setup.py.orig 2021-03-25 17:19:57 UTC -+++ setup.py -@@ -10,23 +10,7 @@ import sys - - from setuptools import find_packages, setup - --try: -- from setuptools_rust import RustExtension --except ImportError: -- print( -- """ -- =============================DEBUG ASSISTANCE========================== -- If you are seeing an error here please try the following to -- successfully install cryptography: - -- Upgrade to the latest pip and try again. This will fix errors for most -- users. See: https://pip.pypa.io/en/stable/installing/#upgrading-pip -- =============================DEBUG ASSISTANCE========================== -- """ -- ) -- raise -- -- - base_dir = os.path.dirname(__file__) - src_dir = os.path.join(base_dir, "src") - -@@ -41,9 +25,8 @@ with open(os.path.join(src_dir, "cryptography", "__abo - - # `install_requirements` and `setup_requirements` must be kept in sync with - # `pyproject.toml` --setuptools_rust = "setuptools-rust>=0.11.4" - install_requirements = ["cffi>=1.12"] --setup_requirements = install_requirements + [setuptools_rust] -+setup_requirements = install_requirements - - if os.environ.get("CRYPTOGRAPHY_DONT_BUILD_RUST"): - rust_extensions = [] -@@ -129,9 +112,6 @@ try: - "twine >= 1.12.0", - "sphinxcontrib-spelling >= 4.0.1", - ], -- "sdist": [ -- setuptools_rust, -- ], - "pep8test": [ - "black", - "flake8", -@@ -149,7 +129,6 @@ try: - "src/_cffi_src/build_openssl.py:ffi", - "src/_cffi_src/build_padding.py:ffi", - ], -- rust_extensions=rust_extensions, - ) - except: # noqa: E722 - # Note: This is a bare exception that re-raises so that we don't interfere