[packages/python-cryptography] - basic openssl 3.0.0 support, testsuite does not pass (mostly unimplemented calls)

baggins baggins at pld-linux.org
Sun Oct 10 11:53:52 CEST 2021 

commit ff0d2aa038ac855ce717eeb1d70edbc0ffe52f04
Author: Jan Rękorajski <baggins at pld-linux.org>
Date:   Mon Oct 4 10:13:25 2021 +0200

    - basic openssl 3.0.0 support, testsuite does not pass (mostly unimplemented calls)

 openssl3.patch           | 70 ++++++++++++++++++++++++++++++++++++++++++++++++
 python-cryptography.spec |  2 ++
 2 files changed, 72 insertions(+)
---
diff --git a/python-cryptography.spec b/python-cryptography.spec
index 6066d5e..be3b4a9 100644
--- a/python-cryptography.spec
+++ b/python-cryptography.spec
@@ -18,6 +18,7 @@ Source0:	https://files.pythonhosted.org/packages/source/c/cryptography/cryptogra
 #Source1Download: https://pypi.org/simple/cryptography_vectors/
 Source1:	https://files.pythonhosted.org/packages/source/c/cryptography-vectors/cryptography_vectors-%{version}.tar.gz
 # Source1-md5:	2a23fd073fc1f95a697ee96fc991e419
+Patch0:		openssl3.patch
 URL:		https://cryptography.io/
 BuildRequires:	openssl-devel >= 1.1.0
 BuildRequires:	rpm-pythonprov >= 5.4.15-48
@@ -130,6 +131,7 @@ Dokumentacja API modułu cryptography.
 
 %prep
 %setup -q -n cryptography-%{version} %{?with_tests:-a1}
+%patch0 -p1
 
 %if %{with tests}
 %{__mv} cryptography_vectors-%{version}/cryptography_vectors .
diff --git a/openssl3.patch b/openssl3.patch
new file mode 100644
index 0000000..0d17107
--- /dev/null
+++ b/openssl3.patch
@@ -0,0 +1,70 @@
+diff -ur cryptography-3.3.1/src/_cffi_src/openssl/err.py cryptography-3.3.1.openssl3/src/_cffi_src/openssl/err.py
+--- cryptography-3.3.1/src/_cffi_src/openssl/err.py	2020-12-10 03:16:42.000000000 +0100
++++ cryptography-3.3.1.openssl3/src/_cffi_src/openssl/err.py	2021-10-04 09:49:21.937085467 +0200
+@@ -40,7 +40,6 @@
+ void ERR_put_error(int, int, int, const char *, int);
+ 
+ int ERR_GET_LIB(unsigned long);
+-int ERR_GET_FUNC(unsigned long);
+ int ERR_GET_REASON(unsigned long);
+ 
+ """
+diff -ur cryptography-3.3.1/src/_cffi_src/openssl/evp.py cryptography-3.3.1.openssl3/src/_cffi_src/openssl/evp.py
+--- cryptography-3.3.1/src/_cffi_src/openssl/evp.py	2020-12-10 03:16:42.000000000 +0100
++++ cryptography-3.3.1.openssl3/src/_cffi_src/openssl/evp.py	2021-10-04 09:45:25.132351968 +0200
+@@ -9,6 +9,7 @@
+ """
+ 
+ TYPES = """
++typedef ... OSSL_LIB_CTX;
+ typedef ... EVP_CIPHER;
+ typedef ... EVP_CIPHER_CTX;
+ typedef ... EVP_MD;
+@@ -165,6 +166,10 @@
+                                       size_t);
+ int EVP_PKEY_get_raw_private_key(const EVP_PKEY *, unsigned char *, size_t *);
+ int EVP_PKEY_get_raw_public_key(const EVP_PKEY *, unsigned char *, size_t *);
++
++int EVP_set_default_properties(OSSL_LIB_CTX *, const char *);
++int EVP_default_properties_enable_fips(OSSL_LIB_CTX *, int);
++int EVP_default_properties_is_fips_enabled(OSSL_LIB_CTX *);
+ """
+ 
+ CUSTOMIZATIONS = """
+diff -ur cryptography-3.3.1/src/_cffi_src/openssl/fips.py cryptography-3.3.1.openssl3/src/_cffi_src/openssl/fips.py
+--- cryptography-3.3.1/src/_cffi_src/openssl/fips.py	2020-12-10 03:16:42.000000000 +0100
++++ cryptography-3.3.1.openssl3/src/_cffi_src/openssl/fips.py	2021-10-04 09:43:35.211752322 +0200
+@@ -6,6 +6,7 @@
+ 
+ INCLUDES = """
+ #include <openssl/crypto.h>
++#include <openssl/evp.h>
+ """
+ 
+ TYPES = """
+@@ -24,5 +25,13 @@
+ int (*FIPS_mode)(void) = NULL;
+ #else
+ static const long Cryptography_HAS_FIPS = 1;
++int FIPS_mode_set(int enable) {
++  if (enable)
++    return EVP_set_default_properties(NULL, "fips=yes");
++  return EVP_set_default_properties(NULL, "fips=no");
++}
++int FIPS_mode(void) {
++  return EVP_default_properties_is_fips_enabled(NULL);
++}
+ #endif
+ """
+diff -ur cryptography-3.3.1/src/cryptography/hazmat/bindings/openssl/binding.py cryptography-3.3.1.openssl3/src/cryptography/hazmat/bindings/openssl/binding.py
+--- cryptography-3.3.1/src/cryptography/hazmat/bindings/openssl/binding.py	2020-12-10 03:16:42.000000000 +0100
++++ cryptography-3.3.1.openssl3/src/cryptography/hazmat/bindings/openssl/binding.py	2021-10-04 09:48:10.767408920 +0200
+@@ -43,7 +43,7 @@
+             break
+ 
+         err_lib = lib.ERR_GET_LIB(code)
+-        err_func = lib.ERR_GET_FUNC(code)
++        err_func = 0
+         err_reason = lib.ERR_GET_REASON(code)
+ 
+         errors.append(_OpenSSLError(code, err_lib, err_func, err_reason))
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/python-cryptography.git/commitdiff/c9ed3111abfccea87bd8f840a33db657f300ef5a

More information about the pld-cvs-commit mailing list