diff options
| author |   Ross Burton <ross@burtonini.com> | 2021-11-08 16:59:30 +0000 |
|---|---|---|
| committer |   Khem Raj <raj.khem@gmail.com> | 2021-11-09 06:52:28 -0800 |
| commit | cd430556f8663f8c9e9fb085f8d96bb36df7df2b (patch) | |
| tree | ee79849cbbaa9c8f91c6fe75f371bc05174800f0 /meta-python/recipes-devtools/python/python3-cryptography/openssl3.patch | |
| parent | e710ce117d09c733a1d89d1e2792096859de9c6b (diff) | |
| download | meta-openembedded-contrib-cd430556f8663f8c9e9fb085f8d96bb36df7df2b.tar.gz | |
python3-cryptography: backport patches to make this work against OpenSSL 3
Backport just enough changes that python3-cryptography doesn't crash on
startup when linked against OpenSSL 3.
This is very much not complete, and the upgrade to the latest version of
python3-crytography has to happen soon.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Diffstat (limited to 'meta-python/recipes-devtools/python/python3-cryptography/openssl3.patch')
| -rw-r--r-- | meta-python/recipes-devtools/python/python3-cryptography/openssl3.patch | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/python3-cryptography/openssl3.patch b/meta-python/recipes-devtools/python/python3-cryptography/openssl3.patch new file mode 100644 index 0000000000..25baa42cc9 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-cryptography/openssl3.patch @@ -0,0 +1,62 @@ +Encourage our old python3-cryptography to at least start to work with OpenSSL 3. + +- Backport one patch to err.py to remove a symbol which has been removed in + OpenSSL 3, and isn't used in python3-cryptography. + (50ec692749b7e2e62685b443f5e629627b03987e) + +- Backport the detection of OpenSSL 3 and don't link to FIPS_mode/FIPS_mode_set + (parts of f08a7de651f9e6475c8c0a67d2a61ed8b669ddf6) + +This is *not* a complete backport of the 3.0 support, but is enough that packages +such as imgtool can import python3-cryptography and operate until the upgrade is +ready. + +Upstream-Status: Inappropriate +Signed-off-by: Ross Burton <ross.burton@arm.com> + +diff --git a/src/_cffi_src/openssl/cryptography.py b/src/_cffi_src/openssl/cryptography.py +index f24bee5a..920a86de 100644 +--- a/src/_cffi_src/openssl/cryptography.py ++++ b/src/_cffi_src/openssl/cryptography.py +@@ -35,6 +35,8 @@ INCLUDES = """ + + #define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER \ + (OPENSSL_VERSION_NUMBER >= 0x1010006f && !CRYPTOGRAPHY_IS_LIBRESSL) ++#define CRYPTOGRAPHY_OPENSSL_300_OR_GREATER \ ++ (OPENSSL_VERSION_NUMBER >= 0x30000000 && !CRYPTOGRAPHY_IS_LIBRESSL) + + #define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110J \ + (OPENSSL_VERSION_NUMBER < 0x101000af || CRYPTOGRAPHY_IS_LIBRESSL) +@@ -54,6 +56,7 @@ INCLUDES = """ + + TYPES = """ + static const int CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER; ++static const int CRYPTOGRAPHY_OPENSSL_300_OR_GREATER; + + static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_111; + static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_111B; +diff --git a/src/_cffi_src/openssl/err.py b/src/_cffi_src/openssl/err.py +index 0dd74146..42bab4d9 100644 +--- a/src/_cffi_src/openssl/err.py ++++ b/src/_cffi_src/openssl/err.py +@@ -40,7 +40,6 @@ void ERR_clear_error(void); + void ERR_put_error(int, int, int, const char *, int); + + int ERR_GET_LIB(unsigned long); +-int ERR_GET_FUNC(unsigned long); + int ERR_GET_REASON(unsigned long); + + """ +diff --git a/src/_cffi_src/openssl/fips.py b/src/_cffi_src/openssl/fips.py +index c92bca49..38bfa231 100644 +--- a/src/_cffi_src/openssl/fips.py ++++ b/src/_cffi_src/openssl/fips.py +@@ -18,7 +18,7 @@ int FIPS_mode(void); + """ + + CUSTOMIZATIONS = """ +-#if CRYPTOGRAPHY_IS_LIBRESSL ++#if CRYPTOGRAPHY_IS_LIBRESSL || CRYPTOGRAPHY_OPENSSL_300_OR_GREATER + static const long Cryptography_HAS_FIPS = 0; + int (*FIPS_mode_set)(int) = NULL; + int (*FIPS_mode)(void) = NULL; |