Encourage our old python3-cryptography to at least start to work with OpenSSL 3. - Backport one patch to err.py to remove a symbol which has been removed in OpenSSL 3, and isn't used in python3-cryptography. (50ec692749b7e2e62685b443f5e629627b03987e) - Backport the detection of OpenSSL 3 and don't link to FIPS_mode/FIPS_mode_set (parts of f08a7de651f9e6475c8c0a67d2a61ed8b669ddf6) This is *not* a complete backport of the 3.0 support, but is enough that packages such as imgtool can import python3-cryptography and operate until the upgrade is ready. Upstream-Status: Inappropriate Signed-off-by: Ross Burton diff --git a/src/_cffi_src/openssl/cryptography.py b/src/_cffi_src/openssl/cryptography.py index f24bee5a..920a86de 100644 --- a/src/_cffi_src/openssl/cryptography.py +++ b/src/_cffi_src/openssl/cryptography.py @@ -35,6 +35,8 @@ INCLUDES = """ #define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER \ (OPENSSL_VERSION_NUMBER >= 0x1010006f && !CRYPTOGRAPHY_IS_LIBRESSL) +#define CRYPTOGRAPHY_OPENSSL_300_OR_GREATER \ + (OPENSSL_VERSION_NUMBER >= 0x30000000 && !CRYPTOGRAPHY_IS_LIBRESSL) #define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110J \ (OPENSSL_VERSION_NUMBER < 0x101000af || CRYPTOGRAPHY_IS_LIBRESSL) @@ -54,6 +56,7 @@ INCLUDES = """ TYPES = """ static const int CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER; +static const int CRYPTOGRAPHY_OPENSSL_300_OR_GREATER; static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_111; static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_111B; diff --git a/src/_cffi_src/openssl/err.py b/src/_cffi_src/openssl/err.py index 0dd74146..42bab4d9 100644 --- a/src/_cffi_src/openssl/err.py +++ b/src/_cffi_src/openssl/err.py @@ -40,7 +40,6 @@ void ERR_clear_error(void); void ERR_put_error(int, int, int, const char *, int); int ERR_GET_LIB(unsigned long); -int ERR_GET_FUNC(unsigned long); int ERR_GET_REASON(unsigned long); """ diff --git a/src/_cffi_src/openssl/fips.py b/src/_cffi_src/openssl/fips.py index c92bca49..38bfa231 100644 --- a/src/_cffi_src/openssl/fips.py +++ b/src/_cffi_src/openssl/fips.py @@ -18,7 +18,7 @@ int FIPS_mode(void); """ CUSTOMIZATIONS = """ -#if CRYPTOGRAPHY_IS_LIBRESSL +#if CRYPTOGRAPHY_IS_LIBRESSL || CRYPTOGRAPHY_OPENSSL_300_OR_GREATER static const long Cryptography_HAS_FIPS = 0; int (*FIPS_mode_set)(int) = NULL; int (*FIPS_mode)(void) = NULL;