diff options
Diffstat (limited to 'dev-lang/python/files')
| -rw-r--r-- | dev-lang/python/files/hashopenssl-3.5.0.patch | 12 | ||||
| -rw-r--r-- | dev-lang/python/files/hashopenssl.patch | 15 | ||||
| -rw-r--r-- | dev-lang/python/files/ssl.patch | 27 |
3 files changed, 54 insertions, 0 deletions
diff --git a/dev-lang/python/files/hashopenssl-3.5.0.patch b/dev-lang/python/files/hashopenssl-3.5.0.patch new file mode 100644 index 000000000000..a59644375945 --- /dev/null +++ b/dev-lang/python/files/hashopenssl-3.5.0.patch @@ -0,0 +1,12 @@ +diff -urN Python-2.7.18.orig/Modules/_hashopenssl.c Python-2.7.18/Modules/_hashopenssl.c +--- Python-2.7.18.orig/Modules/_hashopenssl.c 2022-04-10 11:43:51.038101901 +0200 ++++ Python-2.7.18/Modules/_hashopenssl.c 2022-04-10 12:07:53.422071515 +0200 +@@ -60,7 +60,7 @@ + /* OpenSSL < 1.1.0 */ + #define EVP_MD_CTX_new EVP_MD_CTX_create + #define EVP_MD_CTX_free EVP_MD_CTX_destroy +-#define HAS_FAST_PKCS5_PBKDF2_HMAC 0 ++#define HAS_FAST_PKCS5_PBKDF2_HMAC 1 + #include <openssl/hmac.h> + #else + /* OpenSSL >= 1.1.0 */ diff --git a/dev-lang/python/files/hashopenssl.patch b/dev-lang/python/files/hashopenssl.patch new file mode 100644 index 000000000000..2ca469a2bf00 --- /dev/null +++ b/dev-lang/python/files/hashopenssl.patch @@ -0,0 +1,15 @@ +Index: Modules/_hashopenssl.c +--- Modules/_hashopenssl.c.orig ++++ Modules/_hashopenssl.c +@@ -45,11 +45,6 @@ + + #define MUNCH_SIZE INT_MAX + +-#define PY_OPENSSL_HAS_SCRYPT 1 +-#define PY_OPENSSL_HAS_SHA3 1 +-#define PY_OPENSSL_HAS_SHAKE 1 +-#define PY_OPENSSL_HAS_BLAKE2 1 +- + #if OPENSSL_VERSION_NUMBER >= 0x30000000L + #define PY_EVP_MD EVP_MD + #define PY_EVP_MD_fetch(algorithm, properties) EVP_MD_fetch(NULL, algorithm, properties) diff --git a/dev-lang/python/files/ssl.patch b/dev-lang/python/files/ssl.patch new file mode 100644 index 000000000000..485cd6f74dd2 --- /dev/null +++ b/dev-lang/python/files/ssl.patch @@ -0,0 +1,27 @@ +Neuter security level things until LibreSSL supports them. + +Index: Modules/_ssl.c +--- Modules/_ssl.c.orig ++++ Modules/_ssl.c +@@ -169,7 +169,7 @@ extern const SSL_METHOD *TLSv1_2_method(void); + * Based on Hynek's excellent blog post (update 2021-02-11) + * https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ + */ +- #define PY_SSL_DEFAULT_CIPHER_STRING "@SECLEVEL=2:ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM" ++ #define PY_SSL_DEFAULT_CIPHER_STRING "ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM" + #ifndef PY_SSL_MIN_PROTOCOL + #define PY_SSL_MIN_PROTOCOL TLS1_2_VERSION + #endif +@@ -3567,6 +3567,12 @@ set_num_tickets(PySSLContext *self, PyObject *arg, voi + PyDoc_STRVAR(PySSLContext_num_tickets_doc, + "Control the number of TLSv1.3 session tickets"); + #endif /* TLS1_3_VERSION */ ++ ++int ++SSL_CTX_get_security_level(const SSL_CTX *ctx) ++{ ++ return 1; ++} + + static PyObject * + get_security_level(PySSLContext *self, void *c) |