lang/python310: add LibreSSL support

LibreSSL 3.6 and later are fully compatible with PEP-644 for the
ssl and hmac modules, but not hashlib due to missing SHA-3/SHAKE,
BLAKE2 and scrypt. Partially reverts
https://github.com/python/cpython/commit/39258d3595300bc7b952854c915f63ae2d4b9c3e
for _hashopenssl.c only to allow LibreSSL to work.

(Python 3.11 and later need a different implementation due to
configure-time checking)

3 files changed, 69 insertions, 7 deletions

diff --git a/lang/python310/Makefile b/lang/python310/Makefile
index 14f3cc6bce3f..27b76b4463aa 100644
--- a/lang/python310/Makefile
+++ b/lang/python310/Makefile
@@ -109,12 +109,8 @@ DISABLED_EXTENSIONS+=	nis
 PLIST_SUB+=	NO_NIS=""
 .endif
 
-# Python 3.10 requires OpenSSL >= 1.1.1 (PEP 644), so with
-# libressl, some modules are not built
 .if ${SSL_DEFAULT:Mlibressl*}
-PLIST_SUB+=	SUPPORTED_OPENSSL="@comment "
-.else
-PLIST_SUB+=	SUPPORTED_OPENSSL=""
+EXTRA_PATCHES+=	${PATCHDIR}/libressl
 .endif
 
 post-patch:
diff --git a/lang/python310/files/libressl/patch-Modules___hashopenssl.c b/lang/python310/files/libressl/patch-Modules___hashopenssl.c
new file mode 100644
index 000000000000..7e8872eb6034
--- /dev/null
+++ b/lang/python310/files/libressl/patch-Modules___hashopenssl.c
@@ -0,0 +1,66 @@
+--- Modules/_hashopenssl.c.orig	2022-10-11 11:21:44 UTC
++++ Modules/_hashopenssl.c
+@@ -45,10 +45,21 @@
+ 
+ #define MUNCH_SIZE INT_MAX
+ 
++#ifndef LIBRESSL_VERSION_NUMBER
+ #define PY_OPENSSL_HAS_SCRYPT 1
++#endif
++
++#ifdef NID_sha3_224
+ #define PY_OPENSSL_HAS_SHA3 1
++#endif
++
++#if defined(EVP_MD_FLAG_XOF) && defined(NID_shake128)
+ #define PY_OPENSSL_HAS_SHAKE 1
++#endif
++
++#if defined(NID_blake2b512) && !defined(OPENSSL_NO_BLAKE2)
+ #define PY_OPENSSL_HAS_BLAKE2 1
++#endif
+ 
+ #if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ #define PY_EVP_MD EVP_MD
+@@ -120,19 +131,27 @@ static const py_hashentry_t py_hashes[] = {
+     PY_HASH_ENTRY(Py_hash_sha384, "SHA384", SN_sha384, NID_sha384),
+     PY_HASH_ENTRY(Py_hash_sha512, "SHA512", SN_sha512, NID_sha512),
+     /* truncated sha2 */
++#ifdef NID_sha512_224
+     PY_HASH_ENTRY(Py_hash_sha512_224, "SHA512_224", SN_sha512_224, NID_sha512_224),
+     PY_HASH_ENTRY(Py_hash_sha512_256, "SHA512_256", SN_sha512_256, NID_sha512_256),
++#endif
+     /* sha3 */
++#ifdef PY_OPENSSL_HAS_SHA3
+     PY_HASH_ENTRY(Py_hash_sha3_224, NULL, SN_sha3_224, NID_sha3_224),
+     PY_HASH_ENTRY(Py_hash_sha3_256, NULL, SN_sha3_256, NID_sha3_256),
+     PY_HASH_ENTRY(Py_hash_sha3_384, NULL, SN_sha3_384, NID_sha3_384),
+     PY_HASH_ENTRY(Py_hash_sha3_512, NULL, SN_sha3_512, NID_sha3_512),
++#endif
+     /* sha3 shake */
++#ifdef PY_OPENSSL_HAS_SHAKE
+     PY_HASH_ENTRY(Py_hash_shake_128, NULL, SN_shake128, NID_shake128),
+     PY_HASH_ENTRY(Py_hash_shake_256, NULL, SN_shake256, NID_shake256),
++#endif
+     /* blake2 digest */
++#ifdef PY_OPENSSL_HAS_BLAKE2
+     PY_HASH_ENTRY(Py_hash_blake2s, "blake2s256", SN_blake2s256, NID_blake2s256),
+     PY_HASH_ENTRY(Py_hash_blake2b, "blake2b512", SN_blake2b512, NID_blake2b512),
++#endif
+     PY_HASH_ENTRY(NULL, NULL, NULL, 0),
+ };
+ 
+@@ -873,9 +892,12 @@ py_evp_fromname(PyObject *module, const char *digestna
+         goto exit;
+     }
+ 
++#ifdef PY_OPENSSL_HAS_SHAKE
+     if ((EVP_MD_flags(digest) & EVP_MD_FLAG_XOF) == EVP_MD_FLAG_XOF) {
+         type = get_hashlib_state(module)->EVPXOFtype;
+-    } else {
++    } else
++#endif
++    {
+         type = get_hashlib_state(module)->EVPtype;
+     }
+ 
diff --git a/lang/python310/pkg-plist b/lang/python310/pkg-plist
index e53c51927717..45367539d895 100644
--- a/lang/python310/pkg-plist
+++ b/lang/python310/pkg-plist
@@ -2884,7 +2884,7 @@ lib/python%%XYDOT%%/lib-dynload/_datetime.cpython-%%XY%%%%ABI%%.so
 lib/python%%XYDOT%%/lib-dynload/_dbm.cpython-%%XY%%%%ABI%%.so
 lib/python%%XYDOT%%/lib-dynload/_decimal.cpython-%%XY%%%%ABI%%.so
 lib/python%%XYDOT%%/lib-dynload/_elementtree.cpython-%%XY%%%%ABI%%.so
-%%SUPPORTED_OPENSSL%%lib/python%%XYDOT%%/lib-dynload/_hashlib.cpython-%%XY%%%%ABI%%.so
+lib/python%%XYDOT%%/lib-dynload/_hashlib.cpython-%%XY%%%%ABI%%.so
 lib/python%%XYDOT%%/lib-dynload/_heapq.cpython-%%XY%%%%ABI%%.so
 lib/python%%XYDOT%%/lib-dynload/_json.cpython-%%XY%%%%ABI%%.so
 lib/python%%XYDOT%%/lib-dynload/_lsprof.cpython-%%XY%%%%ABI%%.so
@@ -2903,7 +2903,7 @@ lib/python%%XYDOT%%/lib-dynload/_sha256.cpython-%%XY%%%%ABI%%.so
 lib/python%%XYDOT%%/lib-dynload/_sha3.cpython-%%XY%%%%ABI%%.so
 lib/python%%XYDOT%%/lib-dynload/_sha512.cpython-%%XY%%%%ABI%%.so
 lib/python%%XYDOT%%/lib-dynload/_socket.cpython-%%XY%%%%ABI%%.so
-%%SUPPORTED_OPENSSL%%lib/python%%XYDOT%%/lib-dynload/_ssl.cpython-%%XY%%%%ABI%%.so
+lib/python%%XYDOT%%/lib-dynload/_ssl.cpython-%%XY%%%%ABI%%.so
 lib/python%%XYDOT%%/lib-dynload/_statistics.cpython-%%XY%%%%ABI%%.so
 lib/python%%XYDOT%%/lib-dynload/_struct.cpython-%%XY%%%%ABI%%.so
 lib/python%%XYDOT%%/lib-dynload/_testbuffer.cpython-%%XY%%%%ABI%%.so