[oe] [PATCH] python3-cryptography: backport patches to make this work against OpenSSL 3

[Ross Burton]

Backport just enough changes that python3-cryptography doesn't crash on
startup when linked against OpenSSL 3.

This is very much not complete, and the upgrade to the latest version of
python3-crytography has to happen soon.

Signed-off-by: Ross Burton <ross.bur...@arm.com>
---
 .../python3-cryptography/openssl3.patch       | 62 +++++++++++++++++++
 .../python/python3-cryptography_3.3.2.bb      |  1 +
 2 files changed, 63 insertions(+)
 create mode 100644 
meta-python/recipes-devtools/python/python3-cryptography/openssl3.patch

diff --git 
a/meta-python/recipes-devtools/python/python3-cryptography/openssl3.patch 
b/meta-python/recipes-devtools/python/python3-cryptography/openssl3.patch
new file mode 100644
index 0000000000..25baa42cc9
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-cryptography/openssl3.patch
@@ -0,0 +1,62 @@
+Encourage our old python3-cryptography to at least start to work with OpenSSL 
3.
+
+- Backport one patch to err.py to remove a symbol which has been removed in
+  OpenSSL 3, and isn't used in python3-cryptography.
+  (50ec692749b7e2e62685b443f5e629627b03987e)
+
+- Backport the detection of OpenSSL 3 and don't link to FIPS_mode/FIPS_mode_set
+  (parts of f08a7de651f9e6475c8c0a67d2a61ed8b669ddf6)
+
+This is *not* a complete backport of the 3.0 support, but is enough that 
packages
+such as imgtool can import python3-cryptography and operate until the upgrade 
is
+ready.
+
+Upstream-Status: Inappropriate
+Signed-off-by: Ross Burton <ross.bur...@arm.com>
+
+diff --git a/src/_cffi_src/openssl/cryptography.py 
b/src/_cffi_src/openssl/cryptography.py
+index f24bee5a..920a86de 100644
+--- a/src/_cffi_src/openssl/cryptography.py
++++ b/src/_cffi_src/openssl/cryptography.py
+@@ -35,6 +35,8 @@ INCLUDES = """
+ 
+ #define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER \
+     (OPENSSL_VERSION_NUMBER >= 0x1010006f && !CRYPTOGRAPHY_IS_LIBRESSL)
++#define CRYPTOGRAPHY_OPENSSL_300_OR_GREATER \
++    (OPENSSL_VERSION_NUMBER >= 0x30000000 && !CRYPTOGRAPHY_IS_LIBRESSL)
+ 
+ #define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110J \
+     (OPENSSL_VERSION_NUMBER < 0x101000af || CRYPTOGRAPHY_IS_LIBRESSL)
+@@ -54,6 +56,7 @@ INCLUDES = """
+ 
+ TYPES = """
+ static const int CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER;
++static const int CRYPTOGRAPHY_OPENSSL_300_OR_GREATER;
+ 
+ static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_111;
+ static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_111B;
+diff --git a/src/_cffi_src/openssl/err.py b/src/_cffi_src/openssl/err.py
+index 0dd74146..42bab4d9 100644
+--- a/src/_cffi_src/openssl/err.py
++++ b/src/_cffi_src/openssl/err.py
+@@ -40,7 +40,6 @@ void ERR_clear_error(void);
+ void ERR_put_error(int, int, int, const char *, int);
+ 
+ int ERR_GET_LIB(unsigned long);
+-int ERR_GET_FUNC(unsigned long);
+ int ERR_GET_REASON(unsigned long);
+ 
+ """
+diff --git a/src/_cffi_src/openssl/fips.py b/src/_cffi_src/openssl/fips.py
+index c92bca49..38bfa231 100644
+--- a/src/_cffi_src/openssl/fips.py
++++ b/src/_cffi_src/openssl/fips.py
+@@ -18,7 +18,7 @@ int FIPS_mode(void);
+ """
+ 
+ CUSTOMIZATIONS = """
+-#if CRYPTOGRAPHY_IS_LIBRESSL
++#if CRYPTOGRAPHY_IS_LIBRESSL || CRYPTOGRAPHY_OPENSSL_300_OR_GREATER
+ static const long Cryptography_HAS_FIPS = 0;
+ int (*FIPS_mode_set)(int) = NULL;
+ int (*FIPS_mode)(void) = NULL;
diff --git a/meta-python/recipes-devtools/python/python3-cryptography_3.3.2.bb 
b/meta-python/recipes-devtools/python/python3-cryptography_3.3.2.bb
index baec105a3e..8808b81625 100644
--- a/meta-python/recipes-devtools/python/python3-cryptography_3.3.2.bb
+++ b/meta-python/recipes-devtools/python/python3-cryptography_3.3.2.bb
@@ -11,6 +11,7 @@ SRC_URI[sha256sum] = 
"5a60d3780149e13b7a6ff7ad6526b38846354d11a15e21068e57073e29
 SRC_URI += " \
     file://run-ptest \
     file://h-test.patch \
+    file://openssl3.patch \
 "
 
 inherit pypi setuptools3
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#93879): 
https://lists.openembedded.org/g/openembedded-devel/message/93879
Mute This Topic: https://lists.openembedded.org/mt/86910608/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-