From cd430556f8663f8c9e9fb085f8d96bb36df7df2b Mon Sep 17 00:00:00 2001 From: Ross Burton Date: Mon, 8 Nov 2021 16:59:30 +0000 Subject: python3-cryptography: backport patches to make this work against OpenSSL 3 Backport just enough changes that python3-cryptography doesn't crash on startup when linked against OpenSSL 3. This is very much not complete, and the upgrade to the latest version of python3-crytography has to happen soon. Signed-off-by: Ross Burton Signed-off-by: Khem Raj Signed-off-by: Trevor Gamblin --- .../python/python3-cryptography/openssl3.patch | 62 ++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 meta-python/recipes-devtools/python/python3-cryptography/openssl3.patch (limited to 'meta-python/recipes-devtools/python/python3-cryptography/openssl3.patch') diff --git a/meta-python/recipes-devtools/python/python3-cryptography/openssl3.patch b/meta-python/recipes-devtools/python/python3-cryptography/openssl3.patch new file mode 100644 index 0000000000..25baa42cc9 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-cryptography/openssl3.patch @@ -0,0 +1,62 @@ +Encourage our old python3-cryptography to at least start to work with OpenSSL 3. + +- Backport one patch to err.py to remove a symbol which has been removed in + OpenSSL 3, and isn't used in python3-cryptography. + (50ec692749b7e2e62685b443f5e629627b03987e) + +- Backport the detection of OpenSSL 3 and don't link to FIPS_mode/FIPS_mode_set + (parts of f08a7de651f9e6475c8c0a67d2a61ed8b669ddf6) + +This is *not* a complete backport of the 3.0 support, but is enough that packages +such as imgtool can import python3-cryptography and operate until the upgrade is +ready. + +Upstream-Status: Inappropriate +Signed-off-by: Ross Burton + +diff --git a/src/_cffi_src/openssl/cryptography.py b/src/_cffi_src/openssl/cryptography.py +index f24bee5a..920a86de 100644 +--- a/src/_cffi_src/openssl/cryptography.py ++++ b/src/_cffi_src/openssl/cryptography.py +@@ -35,6 +35,8 @@ INCLUDES = """ + + #define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER \ + (OPENSSL_VERSION_NUMBER >= 0x1010006f && !CRYPTOGRAPHY_IS_LIBRESSL) ++#define CRYPTOGRAPHY_OPENSSL_300_OR_GREATER \ ++ (OPENSSL_VERSION_NUMBER >= 0x30000000 && !CRYPTOGRAPHY_IS_LIBRESSL) + + #define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110J \ + (OPENSSL_VERSION_NUMBER < 0x101000af || CRYPTOGRAPHY_IS_LIBRESSL) +@@ -54,6 +56,7 @@ INCLUDES = """ + + TYPES = """ + static const int CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER; ++static const int CRYPTOGRAPHY_OPENSSL_300_OR_GREATER; + + static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_111; + static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_111B; +diff --git a/src/_cffi_src/openssl/err.py b/src/_cffi_src/openssl/err.py +index 0dd74146..42bab4d9 100644 +--- a/src/_cffi_src/openssl/err.py ++++ b/src/_cffi_src/openssl/err.py +@@ -40,7 +40,6 @@ void ERR_clear_error(void); + void ERR_put_error(int, int, int, const char *, int); + + int ERR_GET_LIB(unsigned long); +-int ERR_GET_FUNC(unsigned long); + int ERR_GET_REASON(unsigned long); + + """ +diff --git a/src/_cffi_src/openssl/fips.py b/src/_cffi_src/openssl/fips.py +index c92bca49..38bfa231 100644 +--- a/src/_cffi_src/openssl/fips.py ++++ b/src/_cffi_src/openssl/fips.py +@@ -18,7 +18,7 @@ int FIPS_mode(void); + """ + + CUSTOMIZATIONS = """ +-#if CRYPTOGRAPHY_IS_LIBRESSL ++#if CRYPTOGRAPHY_IS_LIBRESSL || CRYPTOGRAPHY_OPENSSL_300_OR_GREATER + static const long Cryptography_HAS_FIPS = 0; + int (*FIPS_mode_set)(int) = NULL; + int (*FIPS_mode)(void) = NULL; -- cgit v1.2.3-54-g00ecf