security/py-cryptography: Update to 38.0.1

Changes:	https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst
		https://cryptography.io/en/latest/changelog/

5 files changed, 36 insertions, 194 deletions

diff --git a/security/py-cryptography/Makefile b/security/py-cryptography/Makefile
index a7fb0e3e71ae..e916d5950eb6 100644
--- a/security/py-cryptography/Makefile
+++ b/security/py-cryptography/Makefile
@@ -1,5 +1,5 @@
 PORTNAME=	cryptography
-PORTVERSION=	3.4.8
+PORTVERSION=	38.0.1
 CATEGORIES=	security python
 MASTER_SITES=	CHEESESHOP
 PKGNAMEPREFIX=	${PYTHON_PKGNAMEPREFIX}
@@ -19,6 +19,7 @@ TEST_DEPENDS=	${PYTHON_PKGNAMEPREFIX}cryptography-vectors>=${PORTVERSION}:securi
 		${PYTHON_PKGNAMEPREFIX}hypothesis>=1.11.4:devel/py-hypothesis@${PY_FLAVOR} \
 		${PYTHON_PKGNAMEPREFIX}iso8601>=0:devel/py-iso8601@${PY_FLAVOR} \
 		${PYTHON_PKGNAMEPREFIX}pretend>=0:devel/py-pretend@${PY_FLAVOR} \
+		${PYTHON_PKGNAMEPREFIX}pytest-benchmark>=0:devel/py-pytest-benchmark@${PY_FLAVOR} \
 		${PYTHON_PKGNAMEPREFIX}pytest-cov>=0:devel/py-pytest-cov@${PY_FLAVOR} \
 		${PYTHON_PKGNAMEPREFIX}pytest-subtests>=0:devel/py-pytest-subtests@${PY_FLAVOR} \
 		${PYTHON_PKGNAMEPREFIX}pytest-xdist>=0,1:devel/py-pytest-xdist@${PY_FLAVOR} \
@@ -30,15 +31,15 @@ USE_PYTHON=	autoplist concurrent distutils pytest
 
 CFLAGS+=	-I${OPENSSLINC}
 LDFLAGS+=	-L${OPENSSLLIB}
-MAKE_ENV=	CRYPTOGRAPHY_DONT_BUILD_RUST=1
 TEST_ENV=	PYTHONPATH=${STAGEDIR}${PYTHON_SITELIBDIR}
 
 CPE_VENDOR=	cryptography_project
 
 .include <bsd.port.pre.mk>
 
-.if ${CHOSEN_COMPILER_TYPE} == gcc && ${COMPILER_VERSION} <= 42
 post-patch:
+	@${RM} -r ${WRKSRC}/src/rust/
+.if ${CHOSEN_COMPILER_TYPE} == gcc && ${COMPILER_VERSION} <= 42
 	@${REINPLACE_CMD} -e 's|"-Wno-error=sign-conversion"||' ${WRKSRC}/src/_cffi_src/build_openssl.py
 .endif
 
diff --git a/security/py-cryptography/distinfo b/security/py-cryptography/distinfo
index cb800cc11b12..060da2afdcf9 100644
--- a/security/py-cryptography/distinfo
+++ b/security/py-cryptography/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1652122693
-SHA256 (cryptography-3.4.8.tar.gz) = 94cc5ed4ceaefcbe5bf38c8fba6a21fc1d365bb8fb826ea1688e3370b2e24a1c
-SIZE (cryptography-3.4.8.tar.gz) = 546907
+TIMESTAMP = 1665073152
+SHA256 (cryptography-38.0.1.tar.gz) = 1db3d807a14931fa317f96435695d9ec386be7b84b618cc61cfa5d08b0ae33d7
+SIZE (cryptography-38.0.1.tar.gz) = 599412
diff --git a/security/py-cryptography/files/patch-Fix-build-with-LibreSSL-3.3.2-5988 b/security/py-cryptography/files/patch-Fix-build-with-LibreSSL-3.3.2-5988
deleted file mode 100644
index deb9c6408832..000000000000
--- a/security/py-cryptography/files/patch-Fix-build-with-LibreSSL-3.3.2-5988
+++ /dev/null
@@ -1,62 +0,0 @@
-From 94590a9aecc9e5ef6fc8eda52bae43643a4c44bd Mon Sep 17 00:00:00 2001
-From: Charlie Li <vishwin@users.noreply.github.com>
-Date: Mon, 19 Apr 2021 18:38:38 -0400
-Subject: [PATCH] Fix build with LibreSSL 3.3.2 (#5988)
-
-* LibreSSL 3.3.2 supports SSL_OP_NO_DTLS*
-
-While here, bump CI
-
-* Fix preprocessor guards for LibreSSL's SSL_OP_NO_DTLS*
-
-DTLS_set_link_mtu and DTLS_get_link_min_mtu are not part of 3.3.2
-
-* Switch to LESS_THAN context for LibreSSL 3.3.2
-
-While here, fix indents
-
-* Remove extra C variable declaration
-
-The variable is not actually used from Python
----
- .github/workflows/ci.yml              | 2 +-
- src/_cffi_src/openssl/cryptography.py | 7 +++++++
- src/_cffi_src/openssl/ssl.py          | 2 ++
- 3 files changed, 10 insertions(+), 1 deletion(-)
-
-diff --git src/_cffi_src/openssl/cryptography.py src/_cffi_src/openssl/cryptography.py
-index e2b5a132..b9c7a793 100644
---- src/_cffi_src/openssl/cryptography.py
-+++ src/_cffi_src/openssl/cryptography.py
-@@ -32,6 +32,13 @@ INCLUDES = """
- #include <Winsock2.h>
- #endif
- 
-+#if CRYPTOGRAPHY_IS_LIBRESSL
-+#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 \
-+    (LIBRESSL_VERSION_NUMBER < 0x3030200f)
-+#else
-+#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 (0)
-+#endif
-+
- #define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER \
-     (OPENSSL_VERSION_NUMBER >= 0x1010006f && !CRYPTOGRAPHY_IS_LIBRESSL)
- 
-diff --git src/_cffi_src/openssl/ssl.py src/_cffi_src/openssl/ssl.py
-index 11a7d63a..081ef041 100644
---- src/_cffi_src/openssl/ssl.py
-+++ src/_cffi_src/openssl/ssl.py
-@@ -586,8 +586,10 @@ static const long TLS_ST_OK = 0;
- #endif
- 
- #if CRYPTOGRAPHY_IS_LIBRESSL
-+#if CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332
- static const long SSL_OP_NO_DTLSv1 = 0;
- static const long SSL_OP_NO_DTLSv1_2 = 0;
-+#endif
- long (*DTLS_set_link_mtu)(SSL *, long) = NULL;
- long (*DTLS_get_link_min_mtu)(SSL *) = NULL;
- #endif
--- 
-2.31.1
-
diff --git a/security/py-cryptography/files/patch-Support-LibreSSL-3.4.0-6360 b/security/py-cryptography/files/patch-Support-LibreSSL-3.4.0-6360
deleted file mode 100644
index a8bb6dc6da43..000000000000
--- a/security/py-cryptography/files/patch-Support-LibreSSL-3.4.0-6360
+++ /dev/null
@@ -1,98 +0,0 @@
-From 7a341a5d3cb9380e77b0241b5198373ab6fc355e Mon Sep 17 00:00:00 2001
-From: Charlie Li <vishwin@users.noreply.github.com>
-Date: Sun, 3 Oct 2021 00:20:31 -0400
-Subject: [PATCH] Support LibreSSL 3.4.0 (#6360)
-
-* Add LibreSSL 3.4.0 to CI
-
-* Add a LibreSSL 3.4.0 guard
-
-Since LibreSSL 3.4.0 makes most of the TLSv1.3 API available, redefine CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 to LibreSSL versions below 3.4.0.
-
-* DTLS_get_data_mtu does not exist in LibreSSL
-
-* Only EVP_Digest{Sign,Verify} exist in LibreSSL 3.4.0+
-
-* SSL_CTX_{set,get}_keylog_callback does not exist in LibreSSL
-
-* Do not pollute CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 with LibreSSL
-
-While LibreSSL 3.4.0 supports more of TLSv1.3 API, the guard redefinition caused the X448 tests to run when not intended.
----
- .github/workflows/ci.yml              |  6 ++++--
- src/_cffi_src/openssl/cryptography.py |  3 +++
- src/_cffi_src/openssl/evp.py          | 15 ++++++++++-----
- src/_cffi_src/openssl/ssl.py          |  3 ++-
- 4 files changed, 19 insertions(+), 8 deletions(-)
-
-diff --git src/_cffi_src/openssl/cryptography.py src/_cffi_src/openssl/cryptography.py
-index 878d22d8..821ddc9f 100644
---- src/_cffi_src/openssl/cryptography.py
-+++ src/_cffi_src/openssl/cryptography.py
-@@ -36,8 +36,11 @@ INCLUDES = """
- #if CRYPTOGRAPHY_IS_LIBRESSL
- #define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 \
-     (LIBRESSL_VERSION_NUMBER < 0x3030200f)
-+#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 \
-+    (LIBRESSL_VERSION_NUMBER < 0x3040000f)
- #else
- #define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 (0)
-+#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 (0)
- #endif
- 
- #define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER \
-diff --git src/_cffi_src/openssl/evp.py src/_cffi_src/openssl/evp.py
-index ab7cfeb3..cad3339a 100644
---- src/_cffi_src/openssl/evp.py
-+++ src/_cffi_src/openssl/evp.py
-@@ -203,15 +203,21 @@ int (*EVP_PKEY_set1_tls_encodedpoint)(EVP_PKEY *, const unsigned char *,
-                                       size_t) = NULL;
- #endif
- 
--#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111
-+#if CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 || \
-+    (CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 && !CRYPTOGRAPHY_IS_LIBRESSL)
- static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 0;
--static const long Cryptography_HAS_RAW_KEY = 0;
--static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 0;
--int (*EVP_DigestFinalXOF)(EVP_MD_CTX *, unsigned char *, size_t) = NULL;
- int (*EVP_DigestSign)(EVP_MD_CTX *, unsigned char *, size_t *,
-                       const unsigned char *tbs, size_t) = NULL;
- int (*EVP_DigestVerify)(EVP_MD_CTX *, const unsigned char *, size_t,
-                         const unsigned char *, size_t) = NULL;
-+#else
-+static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 1;
-+#endif
-+
-+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111
-+static const long Cryptography_HAS_RAW_KEY = 0;
-+static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 0;
-+int (*EVP_DigestFinalXOF)(EVP_MD_CTX *, unsigned char *, size_t) = NULL;
- EVP_PKEY *(*EVP_PKEY_new_raw_private_key)(int, ENGINE *, const unsigned char *,
-                                        size_t) = NULL;
- EVP_PKEY *(*EVP_PKEY_new_raw_public_key)(int, ENGINE *, const unsigned char *,
-@@ -221,7 +227,6 @@ int (*EVP_PKEY_get_raw_private_key)(const EVP_PKEY *, unsigned char *,
- int (*EVP_PKEY_get_raw_public_key)(const EVP_PKEY *, unsigned char *,
-                                    size_t *) = NULL;
- #else
--static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 1;
- static const long Cryptography_HAS_RAW_KEY = 1;
- static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 1;
- #endif
-diff --git src/_cffi_src/openssl/ssl.py src/_cffi_src/openssl/ssl.py
-index ca275e91..0830a463 100644
---- src/_cffi_src/openssl/ssl.py
-+++ src/_cffi_src/openssl/ssl.py
-@@ -678,7 +678,8 @@ int (*SSL_set_tlsext_use_srtp)(SSL *, const char *) = NULL;
- SRTP_PROTECTION_PROFILE * (*SSL_get_selected_srtp_profile)(SSL *) = NULL;
- #endif
- 
--#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111
-+#if CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 || \
-+    (CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 && !CRYPTOGRAPHY_IS_LIBRESSL)
- static const long Cryptography_HAS_TLSv1_3 = 0;
- static const long SSL_OP_NO_TLSv1_3 = 0;
- static const long SSL_VERIFY_POST_HANDSHAKE = 0;
--- 
-2.32.0
-
diff --git a/security/py-cryptography/files/patch-setup.py b/security/py-cryptography/files/patch-setup.py
index 7e15e74dffd4..b0cfd33df0bc 100644
--- a/security/py-cryptography/files/patch-setup.py
+++ b/security/py-cryptography/files/patch-setup.py
@@ -1,8 +1,8 @@
---- setup.py.orig	2021-03-25 17:19:57 UTC
+--- setup.py.orig	2022-09-07 12:20:58 UTC
 +++ setup.py
-@@ -10,23 +10,7 @@ import sys
+@@ -13,23 +13,6 @@ import sys
  
- from setuptools import find_packages, setup
+ from setuptools import setup
  
 -try:
 -    from setuptools_rust import RustExtension
@@ -12,7 +12,7 @@
 -        =============================DEBUG ASSISTANCE==========================
 -        If you are seeing an error here please try the following to
 -        successfully install cryptography:
- 
+-
 -        Upgrade to the latest pip and try again. This will fix errors for most
 -        users. See: https://pip.pypa.io/en/stable/installing/#upgrading-pip
 -        =============================DEBUG ASSISTANCE==========================
@@ -24,32 +24,33 @@
  base_dir = os.path.dirname(__file__)
  src_dir = os.path.join(base_dir, "src")
  
-@@ -41,9 +25,8 @@ with open(os.path.join(src_dir, "cryptography", "__abo
- 
- # `install_requirements` and `setup_requirements` must be kept in sync with
- # `pyproject.toml`
--setuptools_rust = "setuptools-rust>=0.11.4"
- install_requirements = ["cffi>=1.12"]
--setup_requirements = install_requirements + [setuptools_rust]
-+setup_requirements = install_requirements
- 
- if os.environ.get("CRYPTOGRAPHY_DONT_BUILD_RUST"):
-     rust_extensions = []
-@@ -129,9 +112,6 @@ try:
-                 "twine >= 1.12.0",
-                 "sphinxcontrib-spelling >= 4.0.1",
-             ],
--            "sdist": [
--                setuptools_rust,
--            ],
-             "pep8test": [
-                 "black",
-                 "flake8",
-@@ -149,7 +129,6 @@ try:
+@@ -43,20 +26,6 @@ try:
+         cffi_modules=[
              "src/_cffi_src/build_openssl.py:ffi",
-             "src/_cffi_src/build_padding.py:ffi",
          ],
--        rust_extensions=rust_extensions,
+-        rust_extensions=[
+-            RustExtension(
+-                "cryptography.hazmat.bindings._rust",
+-                "src/rust/Cargo.toml",
+-                py_limited_api=True,
+-                # Enable abi3 mode if we're not using PyPy.
+-                features=(
+-                    []
+-                    if platform.python_implementation() == "PyPy"
+-                    else ["pyo3/abi3-py36"]
+-                ),
+-                rust_version=">=1.48.0",
+-            )
+-        ],
      )
  except:  # noqa: E722
      # Note: This is a bare exception that re-raises so that we don't interfere
+@@ -86,7 +55,7 @@ except:  # noqa: E722
+     )
+     print(f"    Python: {'.'.join(str(v) for v in sys.version_info[:3])}")
+     print(f"    platform: {platform.platform()}")
+-    for dist in ["pip", "setuptools", "setuptools_rust"]:
++    for dist in ["pip", "setuptools"]:
+         try:
+             version = pkg_resources.get_distribution(dist).version
+         except pkg_resources.DistributionNotFound: