update to py3-cryptography-38.0.4; update patches to the version committed

upstream where possible, with a slight change for src/_cffi_src/openssl/evp.py

aarch64 tests + ok tb@

security/py-cryptography/Makefile

@@ -1,10 +1,9 @@
 COMMENT=	cryptographic recipes and primitives for Python
 
-MODPY_EGG_VERSION=	38.0.3
+MODPY_EGG_VERSION=	38.0.4
 DISTNAME=	cryptography-${MODPY_EGG_VERSION}
 DISTFILES=	cryptography-${MODPY_EGG_VERSION}${EXTRACT_SUFX}
 PKGNAME=	${MODPY_PY_PREFIX}${DISTNAME}
-REVISION=	2
 
 .include "crates.inc"
 

security/py-cryptography/distinfo

@@ -52,7 +52,7 @@ SHA256 (cargo/wasm-bindgen-shared-0.2.82.tar.gz) = ZZjdC9PH1RCV/2UxpbI+AqzcgYBOM
 SHA256 (cargo/winapi-0.3.9.tar.gz) = XIOaZ0/NepiVLlkyQupACr6TmSdGdh44ZBQF0osA9Bk=
 SHA256 (cargo/winapi-i686-pc-windows-gnu-0.4.0.tar.gz) = rDuHxjYgQm3ZuZHlzgMp7/VFvMu7NPO+Cf9vtqtRt7Y=
 SHA256 (cargo/winapi-x86_64-pc-windows-gnu-0.4.0.tar.gz) = cS4ieEHQV8HuHNL7Ivp+WlRhro5I+iynnsQs/BkxGD8=
-SHA256 (cryptography-38.0.3.tar.gz) = v75u4ZYVsHqYsdIofWpgc/c0c1tJ7kWxEyTYXvxNXL0=
+SHA256 (cryptography-38.0.4.tar.gz) = F1wagYuHyayAu3N39VILfzGz7yoABOJCAxm+re22cpA=
 SIZE (cargo/Inflector-0.11.4.tar.gz) = 17438
 SIZE (cargo/aliasable-0.1.3.tar.gz) = 6169
 SIZE (cargo/android_system_properties-0.1.5.tar.gz) = 5243
@@ -107,4 +107,4 @@ SIZE (cargo/wasm-bindgen-shared-0.2.82.tar.gz) = 7197
 SIZE (cargo/winapi-0.3.9.tar.gz) = 1200382
 SIZE (cargo/winapi-i686-pc-windows-gnu-0.4.0.tar.gz) = 2918815
 SIZE (cargo/winapi-x86_64-pc-windows-gnu-0.4.0.tar.gz) = 2947998
-SIZE (cryptography-38.0.3.tar.gz) = 599876
+SIZE (cryptography-38.0.4.tar.gz) = 599786

security/py-cryptography/patches/patch-src__cffi_src_openssl_crypto_py

@@ -1,14 +0,0 @@
-LibreSSL 3.6 and later has OPENSSL_cleanup()
-
-Index: src/_cffi_src/openssl/crypto.py
---- src/_cffi_src/openssl/crypto.py.orig
-+++ src/_cffi_src/openssl/crypto.py
-@@ -75,7 +75,7 @@ CUSTOMIZATIONS = """
- # define OPENSSL_DIR             SSLEAY_DIR
- #endif
- 
--#if CRYPTOGRAPHY_IS_LIBRESSL
-+#if 0
- static const long Cryptography_HAS_OPENSSL_CLEANUP = 0;
- void (*OPENSSL_cleanup)(void) = NULL;
- #else

security/py-cryptography/patches/patch-src__cffi_src_openssl_cryptography_py

@@ -1,29 +1,44 @@
-https://github.com/pyca/cryptography/pull/7803
+From 95a2b50841648c06bacca7b3d37a3b99d4f71d1e Mon Sep 17 00:00:00 2001
+From: Theo Buehler <botovq@users.noreply.github.com>
+Date: Tue, 22 Nov 2022 16:33:32 +0100
+Subject: [PATCH] LibreSSL 3.7 adds support for Ed25519 (#7803)
 
 Index: src/_cffi_src/openssl/cryptography.py
 --- src/_cffi_src/openssl/cryptography.py.orig
 +++ src/_cffi_src/openssl/cryptography.py
-@@ -47,12 +47,15 @@ INCLUDES = """
-     (LIBRESSL_VERSION_NUMBER < 0x3040000f)
- #define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_350 \
+@@ -49,6 +49,8 @@ INCLUDES = """
      (LIBRESSL_VERSION_NUMBER < 0x3050000f)
+ #define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_360 \
+     (LIBRESSL_VERSION_NUMBER < 0x3060000f)
 +#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_370 \
 +    (LIBRESSL_VERSION_NUMBER < 0x3070000f)
  
  #else
  #define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_322 (0)
- #define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 (0)
+@@ -56,6 +58,7 @@ INCLUDES = """
  #define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 (0)
  #define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_350 (0)
+ #define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_360 (0)
 +#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_370 (0)
  #endif
  
  #if OPENSSL_VERSION_NUMBER < 0x10100000
-@@ -91,6 +94,7 @@ static const int CRYPTOGRAPHY_NEEDS_OSRANDOM_ENGINE;
+@@ -81,6 +84,10 @@ INCLUDES = """
+ #else
+ #define CRYPTOGRAPHY_NEEDS_OSRANDOM_ENGINE 0
+ #endif
++/* Ed25519 support is available from OpenSSL 1.1.1b and LibreSSL 3.7.0. */
++#define CRYPTOGRAPHY_HAS_WORKING_ED25519 \
++    (!CRYPTOGRAPHY_OPENSSL_LESS_THAN_111B || \
++    (CRYPTOGRAPHY_IS_LIBRESSL && !CRYPTOGRAPHY_LIBRESSL_LESS_THAN_370))
+ """
+ 
+ TYPES = """
+@@ -91,6 +98,7 @@ static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_111;
+ static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_111B;
+ static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_111E;
+ static const int CRYPTOGRAPHY_NEEDS_OSRANDOM_ENGINE;
++static const int CRYPTOGRAPHY_HAS_WORKING_ED25519;
  
  static const int CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340;
  static const int CRYPTOGRAPHY_LIBRESSL_LESS_THAN_350;
-+static const int CRYPTOGRAPHY_LIBRESSL_LESS_THAN_370;
- 
- static const int CRYPTOGRAPHY_IS_LIBRESSL;
- static const int CRYPTOGRAPHY_IS_BORINGSSL;

security/py-cryptography/patches/patch-src__cffi_src_openssl_evp_py

@@ -1,4 +1,10 @@
-https://github.com/pyca/cryptography/pull/7803
+From 95a2b50841648c06bacca7b3d37a3b99d4f71d1e Mon Sep 17 00:00:00 2001
+From: Theo Buehler <botovq@users.noreply.github.com>
+Date: Tue, 22 Nov 2022 16:33:32 +0100
+Subject: [PATCH] LibreSSL 3.7 adds support for Ed25519 (#7803)
+
+(tweaked slightly; py-cryptography dropped OpenSSL 1.1 support on main
+but not the 38.0.x branch)
 
 Index: src/_cffi_src/openssl/evp.py
 --- src/_cffi_src/openssl/evp.py.orig
@@ -10,18 +16,18 @@ Index: src/_cffi_src/openssl/evp.py
 -static const long Cryptography_HAS_RAW_KEY = 0;
  static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 0;
  int (*EVP_DigestFinalXOF)(EVP_MD_CTX *, unsigned char *, size_t) = NULL;
-+#if CRYPTOGRAPHY_LIBRESSL_LESS_THAN_370
++#if CRYPTOGRAPHY_LIBRESSL_LESS_THAN_370 || !CRYPTOGRAPHY_IS_LIBRESSL
 +static const long Cryptography_HAS_RAW_KEY = 0;
  EVP_PKEY *(*EVP_PKEY_new_raw_private_key)(int, ENGINE *, const unsigned char *,
                                         size_t) = NULL;
  EVP_PKEY *(*EVP_PKEY_new_raw_public_key)(int, ENGINE *, const unsigned char *,
-@@ -226,6 +227,9 @@ int (*EVP_PKEY_get_raw_private_key)(const EVP_PKEY *, 
-                                     size_t *) = NULL;
+@@ -227,6 +228,9 @@ int (*EVP_PKEY_get_raw_private_key)(const EVP_PKEY *, 
  int (*EVP_PKEY_get_raw_public_key)(const EVP_PKEY *, unsigned char *,
                                     size_t *) = NULL;
-+#else
+ #else
 +static const long Cryptography_HAS_RAW_KEY = 1;
 +#endif
- #else
++#else
  static const long Cryptography_HAS_RAW_KEY = 1;
  static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 1;
+ #endif

security/py-cryptography/patches/patch-src_cryptography_hazmat_backends_openssl_backend_py

@@ -1,18 +1,17 @@
-Enable Ed25519 tests. Seven X25519 tests need EVP_PKEY_get1_tls_encodedpoint()
-which LibreSSL does not plan to support.
+From 95a2b50841648c06bacca7b3d37a3b99d4f71d1e Mon Sep 17 00:00:00 2001
+From: Theo Buehler <botovq@users.noreply.github.com>
+Date: Tue, 22 Nov 2022 16:33:32 +0100
+Subject: [PATCH] LibreSSL 3.7 adds support for Ed25519 (#7803)
 
 Index: src/cryptography/hazmat/backends/openssl/backend.py
 --- src/cryptography/hazmat/backends/openssl/backend.py.orig
 +++ src/cryptography/hazmat/backends/openssl/backend.py
-@@ -1987,7 +1987,10 @@ class Backend:
+@@ -1987,7 +1987,7 @@ class Backend:
      def ed25519_supported(self) -> bool:
          if self._fips_enabled:
              return False
 -        return not self._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_111B
-+        return (
-+            not self._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_111B
-+            or not self._lib.CRYPTOGRAPHY_LIBRESSL_LESS_THAN_370
-+        )
++        return self._lib.CRYPTOGRAPHY_HAS_WORKING_ED25519
  
      def ed25519_load_public_bytes(
          self, data: bytes

security/py-cryptography_vectors/Makefile

@@ -1,10 +1,9 @@
 COMMENT=	test vectors for py-cryptography
 
-MODPY_EGG_VERSION=	38.0.3
+MODPY_EGG_VERSION=	38.0.4
 DISTNAME=	cryptography_vectors-${MODPY_EGG_VERSION}
 PKGNAME=	${MODPY_PY_PREFIX}${DISTNAME}
 CATEGORIES=	security
-REVISION=	0
 
 HOMEPAGE=	https://cryptography.io/
 

security/py-cryptography_vectors/distinfo

@@ -1,2 +1,2 @@
-SHA256 (cryptography_vectors-38.0.3.tar.gz) = HNr9QvU0jXfk5+R5Gu/R9isWvVUqAnSvyTRlM/4y6SU=
-SIZE (cryptography_vectors-38.0.3.tar.gz) = 35273999
+SHA256 (cryptography_vectors-38.0.4.tar.gz) = bsYmlb7F34ECiN3OrpmK5pHNuKFigI1svJYNPeuafbE=
+SIZE (cryptography_vectors-38.0.4.tar.gz) = 35273825