Date: Sun, 26 Mar 2023 14:39:22 GMT From: Charlie Li <vishwin@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: ef942f79b3c0 - main - lang/python310: add LibreSSL support Message-ID: <202303261439.32QEdMdT003966@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by vishwin: URL: https://cgit.FreeBSD.org/ports/commit/?id=ef942f79b3c0e802f8c552c0d1756e89d1bbed03 commit ef942f79b3c0e802f8c552c0d1756e89d1bbed03 Author: Charlie Li <vishwin@FreeBSD.org> AuthorDate: 2023-03-26 14:29:36 +0000 Commit: Charlie Li <vishwin@FreeBSD.org> CommitDate: 2023-03-26 14:29:36 +0000 lang/python310: add LibreSSL support LibreSSL 3.6 and later are fully compatible with PEP-644 for the ssl and hmac modules, but not hashlib due to missing SHA-3/SHAKE, BLAKE2 and scrypt. Partially reverts https://github.com/python/cpython/commit/39258d3595300bc7b952854c915f63ae2d4b9c3e for _hashopenssl.c only to allow LibreSSL to work. (Python 3.11 and later need a different implementation due to configure-time checking) --- lang/python310/Makefile | 6 +- .../files/libressl/patch-Modules___hashopenssl.c | 66 ++++++++++++++++++++++ lang/python310/pkg-plist | 4 +- 3 files changed, 69 insertions(+), 7 deletions(-) diff --git a/lang/python310/Makefile b/lang/python310/Makefile index 14f3cc6bce3f..27b76b4463aa 100644 --- a/lang/python310/Makefile +++ b/lang/python310/Makefile @@ -109,12 +109,8 @@ DISABLED_EXTENSIONS+= nis PLIST_SUB+= NO_NIS="" .endif -# Python 3.10 requires OpenSSL >= 1.1.1 (PEP 644), so with -# libressl, some modules are not built .if ${SSL_DEFAULT:Mlibressl*} -PLIST_SUB+= SUPPORTED_OPENSSL="@comment " -.else -PLIST_SUB+= SUPPORTED_OPENSSL="" +EXTRA_PATCHES+= ${PATCHDIR}/libressl .endif post-patch: diff --git a/lang/python310/files/libressl/patch-Modules___hashopenssl.c b/lang/python310/files/libressl/patch-Modules___hashopenssl.c new file mode 100644 index 000000000000..7e8872eb6034 --- /dev/null +++ b/lang/python310/files/libressl/patch-Modules___hashopenssl.c @@ -0,0 +1,66 @@ +--- Modules/_hashopenssl.c.orig 2022-10-11 11:21:44 UTC ++++ Modules/_hashopenssl.c +@@ -45,10 +45,21 @@ + + #define MUNCH_SIZE INT_MAX + ++#ifndef LIBRESSL_VERSION_NUMBER + #define PY_OPENSSL_HAS_SCRYPT 1 ++#endif ++ ++#ifdef NID_sha3_224 + #define PY_OPENSSL_HAS_SHA3 1 ++#endif ++ ++#if defined(EVP_MD_FLAG_XOF) && defined(NID_shake128) + #define PY_OPENSSL_HAS_SHAKE 1 ++#endif ++ ++#if defined(NID_blake2b512) && !defined(OPENSSL_NO_BLAKE2) + #define PY_OPENSSL_HAS_BLAKE2 1 ++#endif + + #if OPENSSL_VERSION_NUMBER >= 0x30000000L + #define PY_EVP_MD EVP_MD +@@ -120,19 +131,27 @@ static const py_hashentry_t py_hashes[] = { + PY_HASH_ENTRY(Py_hash_sha384, "SHA384", SN_sha384, NID_sha384), + PY_HASH_ENTRY(Py_hash_sha512, "SHA512", SN_sha512, NID_sha512), + /* truncated sha2 */ ++#ifdef NID_sha512_224 + PY_HASH_ENTRY(Py_hash_sha512_224, "SHA512_224", SN_sha512_224, NID_sha512_224), + PY_HASH_ENTRY(Py_hash_sha512_256, "SHA512_256", SN_sha512_256, NID_sha512_256), ++#endif + /* sha3 */ ++#ifdef PY_OPENSSL_HAS_SHA3 + PY_HASH_ENTRY(Py_hash_sha3_224, NULL, SN_sha3_224, NID_sha3_224), + PY_HASH_ENTRY(Py_hash_sha3_256, NULL, SN_sha3_256, NID_sha3_256), + PY_HASH_ENTRY(Py_hash_sha3_384, NULL, SN_sha3_384, NID_sha3_384), + PY_HASH_ENTRY(Py_hash_sha3_512, NULL, SN_sha3_512, NID_sha3_512), ++#endif + /* sha3 shake */ ++#ifdef PY_OPENSSL_HAS_SHAKE + PY_HASH_ENTRY(Py_hash_shake_128, NULL, SN_shake128, NID_shake128), + PY_HASH_ENTRY(Py_hash_shake_256, NULL, SN_shake256, NID_shake256), ++#endif + /* blake2 digest */ ++#ifdef PY_OPENSSL_HAS_BLAKE2 + PY_HASH_ENTRY(Py_hash_blake2s, "blake2s256", SN_blake2s256, NID_blake2s256), + PY_HASH_ENTRY(Py_hash_blake2b, "blake2b512", SN_blake2b512, NID_blake2b512), ++#endif + PY_HASH_ENTRY(NULL, NULL, NULL, 0), + }; + +@@ -873,9 +892,12 @@ py_evp_fromname(PyObject *module, const char *digestna + goto exit; + } + ++#ifdef PY_OPENSSL_HAS_SHAKE + if ((EVP_MD_flags(digest) & EVP_MD_FLAG_XOF) == EVP_MD_FLAG_XOF) { + type = get_hashlib_state(module)->EVPXOFtype; +- } else { ++ } else ++#endif ++ { + type = get_hashlib_state(module)->EVPtype; + } + diff --git a/lang/python310/pkg-plist b/lang/python310/pkg-plist index e53c51927717..45367539d895 100644 --- a/lang/python310/pkg-plist +++ b/lang/python310/pkg-plist @@ -2884,7 +2884,7 @@ lib/python%%XYDOT%%/lib-dynload/_datetime.cpython-%%XY%%%%ABI%%.so lib/python%%XYDOT%%/lib-dynload/_dbm.cpython-%%XY%%%%ABI%%.so lib/python%%XYDOT%%/lib-dynload/_decimal.cpython-%%XY%%%%ABI%%.so lib/python%%XYDOT%%/lib-dynload/_elementtree.cpython-%%XY%%%%ABI%%.so -%%SUPPORTED_OPENSSL%%lib/python%%XYDOT%%/lib-dynload/_hashlib.cpython-%%XY%%%%ABI%%.so +lib/python%%XYDOT%%/lib-dynload/_hashlib.cpython-%%XY%%%%ABI%%.so lib/python%%XYDOT%%/lib-dynload/_heapq.cpython-%%XY%%%%ABI%%.so lib/python%%XYDOT%%/lib-dynload/_json.cpython-%%XY%%%%ABI%%.so lib/python%%XYDOT%%/lib-dynload/_lsprof.cpython-%%XY%%%%ABI%%.so @@ -2903,7 +2903,7 @@ lib/python%%XYDOT%%/lib-dynload/_sha256.cpython-%%XY%%%%ABI%%.so lib/python%%XYDOT%%/lib-dynload/_sha3.cpython-%%XY%%%%ABI%%.so lib/python%%XYDOT%%/lib-dynload/_sha512.cpython-%%XY%%%%ABI%%.so lib/python%%XYDOT%%/lib-dynload/_socket.cpython-%%XY%%%%ABI%%.so -%%SUPPORTED_OPENSSL%%lib/python%%XYDOT%%/lib-dynload/_ssl.cpython-%%XY%%%%ABI%%.so +lib/python%%XYDOT%%/lib-dynload/_ssl.cpython-%%XY%%%%ABI%%.so lib/python%%XYDOT%%/lib-dynload/_statistics.cpython-%%XY%%%%ABI%%.so lib/python%%XYDOT%%/lib-dynload/_struct.cpython-%%XY%%%%ABI%%.so lib/python%%XYDOT%%/lib-dynload/_testbuffer.cpython-%%XY%%%%ABI%%.so
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202303261439.32QEdMdT003966>