security/py-cryptography-legacy: fix OpenSSL >= 3.0 compat

py-cryptography-legacy still references functions that have been
removed in OpenSSL 3.0, and fails to load openssl.abi3.so at run-time because
it lacks ERR_GET_FUNC (reported) and FIPS_mode (masked by first error),
and later because py-openssl feeds our utils/deprecated() an
unsupported name=<some string> keyword argument.

https://www.openssl.org/docs/man3.0/man7/migration_guide.html
is the basis for fixes #1 and #2

removed, because OpenSSL 3.0 removed function codes from the error.
In our own binding, leave the err_func attribute in, but set it
to a constant 0.
(patch-src___cffi* and patch-*binding.py)

and FIPS_mode_set, which need rework. (patch-libressl)

our utils/deprecated() function does not support, so steal
the utils function from py-cryptography 42.0.7,1, drop the
argument and return type annotations for consistency.
(patch-src_cryptography_utils.py)

This is sufficient to fix run-time errors for py-certbot on my
FreeBSD 14.0-RELEASE-p6 amd64 server with Python 3.11,
which I set to default to py-cryptography-legacy.

PR:		272935
(and bug linkage will reflect changes in PRs 273770, 272885)
Approved by:	portmgr@ (just-fix-it blanket approval)
MFH:		2024Q2

security/py-cryptography-legacy/Makefile

@@ -1,6 +1,6 @@
 PORTNAME=	cryptography
 PORTVERSION=	3.4.8
-PORTREVISION=	2
+PORTREVISION=	3
 PORTEPOCH=	1
 CATEGORIES=	security python
 MASTER_SITES=	PYPI

security/py-cryptography-legacy/files/patch-libressl

@@ -1,4 +1,4 @@
---- src/_cffi_src/openssl/crypto.py.orig	2023-03-22 07:29:15 UTC
+--- src/_cffi_src/openssl/crypto.py.orig	2021-08-24 17:02:37 UTC
 +++ src/_cffi_src/openssl/crypto.py
 @@ -74,11 +74,8 @@ CUSTOMIZATIONS = """
  # define OPENSSL_DIR             SSLEAY_DIR
@@ -49,7 +49,7 @@
  #else
 --- src/_cffi_src/openssl/dh.py.orig	2021-08-24 17:17:17 UTC
 +++ src/_cffi_src/openssl/dh.py
-@@ -37,117 +37,9 @@ int Cryptography_i2d_DHxparams_bio(BIO *bp, DH *x);
+@@ -37,117 +37,9 @@ CUSTOMIZATIONS = """
  """
  
  CUSTOMIZATIONS = """
@@ -169,21 +169,26 @@
  /* Define our own to simplify support across all versions. */
 --- src/_cffi_src/openssl/fips.py.orig	2021-08-24 17:17:17 UTC
 +++ src/_cffi_src/openssl/fips.py
-@@ -17,11 +17,5 @@ int FIPS_mode(void);
+@@ -12,16 +12,8 @@ FUNCTIONS = """
+ """
+ 
+ FUNCTIONS = """
+-int FIPS_mode_set(int);
+-int FIPS_mode(void);
  """
  
  CUSTOMIZATIONS = """
 -#if CRYPTOGRAPHY_IS_LIBRESSL
--static const long Cryptography_HAS_FIPS = 0;
+ static const long Cryptography_HAS_FIPS = 0;
 -int (*FIPS_mode_set)(int) = NULL;
 -int (*FIPS_mode)(void) = NULL;
 -#else
- static const long Cryptography_HAS_FIPS = 1;
+-static const long Cryptography_HAS_FIPS = 1;
 -#endif
  """
 --- src/_cffi_src/openssl/ocsp.py.orig	2021-08-24 17:17:17 UTC
 +++ src/_cffi_src/openssl/ocsp.py
-@@ -77,7 +77,6 @@ int i2d_OCSP_RESPDATA(OCSP_RESPDATA *, unsigned char *
+@@ -77,7 +77,6 @@ CUSTOMIZATIONS = """
  
  CUSTOMIZATIONS = """
  #if ( \
@@ -256,7 +261,7 @@
  """
 --- src/_cffi_src/openssl/ssl.py.orig	2021-08-24 17:17:17 UTC
 +++ src/_cffi_src/openssl/ssl.py
-@@ -515,12 +515,7 @@ CUSTOMIZATIONS = """
+@@ -515,12 +515,7 @@ static const long Cryptography_HAS_TLSEXT_HOSTNAME = 1
  // users have upgraded. PersistentlyDeprecated2020
  static const long Cryptography_HAS_TLSEXT_HOSTNAME = 1;
  
@@ -280,7 +285,7 @@
  #endif
 --- src/_cffi_src/openssl/x509.py.orig	2021-08-24 17:02:37 UTC
 +++ src/_cffi_src/openssl/x509.py
-@@ -276,33 +276,8 @@ void X509_REQ_get0_signature(const X509_REQ *, const A
+@@ -276,33 +276,8 @@ CUSTOMIZATIONS = """
  """
  
  CUSTOMIZATIONS = """

security/py-cryptography-legacy/files/patch-src___cffi__src_openssl_err.py

@@ -0,0 +1,13 @@
+https://www.openssl.org/docs/man3.0/man7/migration_guide.html#Removal-of-function-code-from-the-error-codes
+states that the ERR_GET_FUNC() "macro" was removed, so follow suit:
+
+--- src/_cffi_src/openssl/err.py.orig	2021-08-24 17:17:17 UTC
++++ src/_cffi_src/openssl/err.py
+@@ -39,7 +39,6 @@ int ERR_GET_LIB(unsigned long);
+ void ERR_put_error(int, int, int, const char *, int);
+ 
+ int ERR_GET_LIB(unsigned long);
+-int ERR_GET_FUNC(unsigned long);
+ int ERR_GET_REASON(unsigned long);
+ 
+ """

security/py-cryptography-legacy/files/patch-src_cryptography_hazmat_bindings_openssl_binding.py

@@ -0,0 +1,15 @@
+https://www.openssl.org/docs/man3.0/man7/migration_guide.html#Removal-of-function-code-from-the-error-codes
+states that the code is always 0, so do just that and forgo the call of a
+nonexistent function.
+
+--- src/cryptography/hazmat/bindings/openssl/binding.py.orig	2021-08-24 17:17:17 UTC
++++ src/cryptography/hazmat/bindings/openssl/binding.py
+@@ -43,7 +43,7 @@ def _consume_errors(lib):
+             break
+ 
+         err_lib = lib.ERR_GET_LIB(code)
+-        err_func = lib.ERR_GET_FUNC(code)
++        err_func = 0
+         err_reason = lib.ERR_GET_REASON(code)
+ 
+         errors.append(_OpenSSLError(code, err_lib, err_func, err_reason))

security/py-cryptography-legacy/files/patch-src_cryptography_utils.py

@@ -0,0 +1,28 @@
+Taken from ../py-cryptography source code as of
+FreeBSD ports tree 3216ed57448ee28aa6061e08839198c3e5cff5d7
+with py-cryptography-42.0.7,1, with type annotations stripped out:
+-- mandree@ 2024-05-30
+
+--- src/cryptography/utils.py.orig	2021-08-24 17:17:17 UTC
++++ src/cryptography/utils.py
+@@ -132,13 +132,15 @@ class _ModuleWithDeprecations(object):
+         return ["_module"] + dir(self._module)
+ 
+ 
+-def deprecated(value, module_name, message, warning_class):
++def deprecated(value, module_name, message, warning_class, name=None):
+     module = sys.modules[module_name]
+     if not isinstance(module, _ModuleWithDeprecations):
+-        sys.modules[module_name] = _ModuleWithDeprecations(
+-            module
+-        )  # type: ignore[assignment]
+-    return _DeprecatedValue(value, message, warning_class)
++        sys.modules[module_name] = module = _ModuleWithDeprecations(module)
++    dv = _DeprecatedValue(value, message, warning_class)
++    # Maintain backwards compatibility with `name is None` for pyOpenSSL.
++    if name is not None:
++        setattr(module, name, dv)
++    return dv
+ 
+ 
+ def cached_property(func):