python3: Fix hashlib module not compiled for host Python

026-openssl-feature-flags.patch and
028-host-python-support-ssl-with-libressl.patch were removed in
4ecd9d67e90651a8e93760bf0b5771f7057c74a8 to fix the ssl module after
libressl was upgraded to 3.7.0[1].

However, the cause of the ssl module build failure was only
028-host-python-support-ssl-with-libressl.patch.

Removing 026-openssl-feature-flags.patch caused a build failure for the
hashlib module.

This restores 026-openssl-feature-flags.patch with an updated version of
the patch from OpenBSD[2].

[1]: https://github.com/openwrt/packages/issues/20107
[2]: https://github.com/openbsd/ports/blob/26a04435bf2a09dcbe22b718bfee08997617a906/lang/python/3.10/patches/patch-Modules__hashopenssl_c

Fixes: 4ecd9d67e906 ("python3: fix ssl support by removing libressl patches")
Signed-off-by: Jeffery To <jeffery.to@gmail.com>

diff --git a/lang/python/python3/Makefile b/lang/python/python3/Makefile
index 24e9a4a3a922c1c12a89c101f89cb842d23f9c76..b1e292cbb3fdcb4712208c6c9c58ec08623a9706 100644 (file)
--- a/lang/python/python3/Makefile
+++ b/lang/python/python3/Makefile
@@ -11,7 +11,7 @@ include $(TOPDIR)/rules.mk
 include ../python3-version.mk
 
 PKG_NAME:=python3
-PKG_RELEASE:=9
+PKG_RELEASE:=10
 PKG_VERSION:=$(PYTHON3_VERSION).$(PYTHON3_VERSION_MICRO)
 
 PKG_SOURCE:=Python-$(PKG_VERSION).tar.xz

diff --git a/lang/python/python3/patches/026-openssl-feature-flags.patch b/lang/python/python3/patches/026-openssl-feature-flags.patch
new file mode 100644 (file)
index 0000000..2546048
--- /dev/null
+++ b/lang/python/python3/patches/026-openssl-feature-flags.patch
@@ -0,0 +1,65 @@
+--- a/Modules/_hashopenssl.c
++++ b/Modules/_hashopenssl.c
+@@ -45,10 +45,18 @@
+ 
+ #define MUNCH_SIZE INT_MAX
+ 
++#ifdef NID_id_scrypt
+ #define PY_OPENSSL_HAS_SCRYPT 1
++#endif
++#ifdef NID_sha3_256
+ #define PY_OPENSSL_HAS_SHA3 1
++#endif
++#ifdef NID_shake256
+ #define PY_OPENSSL_HAS_SHAKE 1
++#endif
++#ifdef NID_blake2s256
+ #define PY_OPENSSL_HAS_BLAKE2 1
++#endif
+ 
+ #if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ #define PY_EVP_MD EVP_MD
+@@ -120,19 +128,27 @@ static const py_hashentry_t py_hashes[]
+     PY_HASH_ENTRY(Py_hash_sha384, "SHA384", SN_sha384, NID_sha384),
+     PY_HASH_ENTRY(Py_hash_sha512, "SHA512", SN_sha512, NID_sha512),
+     /* truncated sha2 */
++#ifdef NID_sha512_256
+     PY_HASH_ENTRY(Py_hash_sha512_224, "SHA512_224", SN_sha512_224, NID_sha512_224),
+     PY_HASH_ENTRY(Py_hash_sha512_256, "SHA512_256", SN_sha512_256, NID_sha512_256),
++#endif
+     /* sha3 */
++#ifdef PY_OPENSSL_HAS_SHA3
+     PY_HASH_ENTRY(Py_hash_sha3_224, NULL, SN_sha3_224, NID_sha3_224),
+     PY_HASH_ENTRY(Py_hash_sha3_256, NULL, SN_sha3_256, NID_sha3_256),
+     PY_HASH_ENTRY(Py_hash_sha3_384, NULL, SN_sha3_384, NID_sha3_384),
+     PY_HASH_ENTRY(Py_hash_sha3_512, NULL, SN_sha3_512, NID_sha3_512),
++#endif
+     /* sha3 shake */
++#ifdef PY_OPENSSL_HAS_SHAKE
+     PY_HASH_ENTRY(Py_hash_shake_128, NULL, SN_shake128, NID_shake128),
+     PY_HASH_ENTRY(Py_hash_shake_256, NULL, SN_shake256, NID_shake256),
++#endif
+     /* blake2 digest */
++#ifdef PY_OPENSSL_HAS_BLAKE2
+     PY_HASH_ENTRY(Py_hash_blake2s, "blake2s256", SN_blake2s256, NID_blake2s256),
+     PY_HASH_ENTRY(Py_hash_blake2b, "blake2b512", SN_blake2b512, NID_blake2b512),
++#endif
+     PY_HASH_ENTRY(NULL, NULL, NULL, 0),
+ };
+ 
+@@ -873,11 +889,15 @@ py_evp_fromname(PyObject *module, const
+         goto exit;
+     }
+ 
++#ifndef EVP_MD_FLAG_XOF
++    type = get_hashlib_state(module)->EVPtype;
++#else
+     if ((EVP_MD_flags(digest) & EVP_MD_FLAG_XOF) == EVP_MD_FLAG_XOF) {
+         type = get_hashlib_state(module)->EVPXOFtype;
+     } else {
+         type = get_hashlib_state(module)->EVPtype;
+     }
++#endif
+ 
+     self = newEVPobject(type);
+     if (self == NULL) {