2 files changed, 191 insertions, 2 deletions

diff --git a/dev-python/pypy3/files/pypy3-2.4.0-libressl.patch b/dev-python/pypy3/files/pypy3-2.4.0-libressl.patch
new file mode 100644
index 000000000000..5852939c5075
--- /dev/null
+++ b/dev-python/pypy3/files/pypy3-2.4.0-libressl.patch
@@ -0,0 +1,187 @@
+From 66bef80988c9efe60b61c6bc05f3206b4c3df7e8 Mon Sep 17 00:00:00 2001
+From: hasufell <hasufell@gentoo.org>
+Date: Mon, 12 Oct 2015 20:43:50 +0200
+Subject: [PATCH] Add LibreSSL support, patches backported from upstream
+
+https://bitbucket.org/pypy/pypy/pull-requests/333/deal-with-platforms-without-rand_egd-take/diff
+---
+ pypy/module/_ssl/interp_ssl.py                 | 34 +++++++++++++++-----------
+ pypy/module/_ssl/test/test_ssl.py              |  8 +++---
+ rpython/rlib/ropenssl.py                       |  6 ++++-
+ rpython/rtyper/tool/rffi_platform.py           | 12 ++++++---
+ rpython/rtyper/tool/test/test_rffi_platform.py | 24 +++++++++++++++++-
+ 5 files changed, 61 insertions(+), 23 deletions(-)
+
+diff --git a/pypy/module/_ssl/interp_ssl.py b/pypy/module/_ssl/interp_ssl.py
+index 0cac165..f210167 100644
+--- a/pypy/module/_ssl/interp_ssl.py
++++ b/pypy/module/_ssl/interp_ssl.py
+@@ -310,20 +310,26 @@ if HAVE_OPENSSL_RAND:
+         res = libssl_RAND_status()
+         return space.wrap(res)
+ 
+-    @unwrap_spec(path=str)
+-    def RAND_egd(space, path):
+-        """RAND_egd(path) -> bytes
+-
+-        Queries the entropy gather daemon (EGD) on socket path.  Returns number
+-        of bytes read.  Raises socket.sslerror if connection to EGD fails or
+-        if it does provide enough data to seed PRNG."""
+-        with rffi.scoped_str2charp(path) as socket_path:
+-            bytes = libssl_RAND_egd(socket_path)
+-        if bytes == -1:
+-            raise ssl_error(space,
+-                            "EGD connection failed or EGD did not return "
+-                            "enough data to seed the PRNG")
+-        return space.wrap(bytes)
++    if HAVE_OPENSSL_RAND_EGD:
++        @unwrap_spec(path=str)
++        def RAND_egd(space, path):
++            """RAND_egd(path) -> bytes
++
++            Queries the entropy gather daemon (EGD) on socket path.  Returns number
++            of bytes read.  Raises socket.sslerror if connection to EGD fails or
++            if it does provide enough data to seed PRNG."""
++            with rffi.scoped_str2charp(path) as socket_path:
++                bytes = libssl_RAND_egd(socket_path)
++            if bytes == -1:
++                raise ssl_error(space,
++                                "EGD connection failed or EGD did not return "
++                                "enough data to seed the PRNG")
++            return space.wrap(bytes)
++    else:
++        # Dummy func for platforms missing RAND_egd(). Most likely LibreSSL.
++        @unwrap_spec(path=str)
++        def RAND_egd(space, path):
++            raise ssl_error(space, "RAND_egd unavailable")
+ 
+ 
+ class SSLSocket(W_Root):
+diff --git a/pypy/module/_ssl/test/test_ssl.py b/pypy/module/_ssl/test/test_ssl.py
+index 3204610..9722fd5 100644
+--- a/pypy/module/_ssl/test/test_ssl.py
++++ b/pypy/module/_ssl/test/test_ssl.py
+@@ -33,7 +33,8 @@ class AppTestSSL:
+         assert isinstance(_ssl.OPENSSL_VERSION_INFO, tuple)
+         assert len(_ssl.OPENSSL_VERSION_INFO) == 5
+         assert isinstance(_ssl.OPENSSL_VERSION, str)
+-        assert 'openssl' in _ssl.OPENSSL_VERSION.lower()
++        lower_version = _ssl.OPENSSL_VERSION.lower()
++        assert 'openssl' in lower_version or "libressl" in lower_version
+ 
+     def test_RAND_add(self):
+         import _ssl
+@@ -64,8 +65,9 @@ class AppTestSSL:
+ 
+     def test_sslwrap(self):
+         import ssl, _socket, sys, gc
+-        if sys.platform == 'darwin' or 'freebsd' in sys.platform:
+-            skip("hangs indefinitely on OSX & FreeBSD (also on CPython)")
++        if sys.platform == 'darwin' or 'freebsd' in sys.platform or \
++                'openbsd' in sys.platform:
++            skip("hangs indefinitely on OSX & BSD (also on CPython)")
+         s = _socket.socket()
+         ss = ssl.wrap_socket(s)
+ 
+diff --git a/rpython/rlib/ropenssl.py b/rpython/rlib/ropenssl.py
+index c36779d..6fe45d0 100644
+--- a/rpython/rlib/ropenssl.py
++++ b/rpython/rlib/ropenssl.py
+@@ -168,6 +168,9 @@ OBJ_NAME = rffi.CArrayPtr(OBJ_NAME_st)
+ 
+ HAVE_OPENSSL_RAND = OPENSSL_VERSION_NUMBER >= 0x0090500f
+ HAVE_SSL_CTX_CLEAR_OPTIONS = OPENSSL_VERSION_NUMBER >= 0x009080df
++HAVE_OPENSSL_RAND_EGD = rffi_platform.has('RAND_egd("/")',
++                                          '#include <openssl/rand.h>',
++                                          libraries=['ssl', 'crypto'])
+ 
+ def external(name, argtypes, restype, **kw):
+     kw['compilation_info'] = eci
+@@ -194,7 +197,8 @@ ssl_external('CRYPTO_set_id_callback',
+ if HAVE_OPENSSL_RAND:
+     ssl_external('RAND_add', [rffi.CCHARP, rffi.INT, rffi.DOUBLE], lltype.Void)
+     ssl_external('RAND_status', [], rffi.INT)
+-    ssl_external('RAND_egd', [rffi.CCHARP], rffi.INT)
++    if HAVE_OPENSSL_RAND_EGD:
++        ssl_external('RAND_egd', [rffi.CCHARP], rffi.INT)
+ ssl_external('SSL_CTX_new', [SSL_METHOD], SSL_CTX)
+ ssl_external('SSL_get_SSL_CTX', [SSL], SSL_CTX)
+ ssl_external('TLSv1_method', [], SSL_METHOD)
+diff --git a/rpython/rtyper/tool/rffi_platform.py b/rpython/rtyper/tool/rffi_platform.py
+index 1760877..1d56c20 100755
+--- a/rpython/rtyper/tool/rffi_platform.py
++++ b/rpython/rtyper/tool/rffi_platform.py
+@@ -17,12 +17,15 @@ from rpython.rlib.rarithmetic import r_uint, r_longlong, r_ulonglong, intmask
+ #
+ # Helpers for simple cases
+ 
+-def eci_from_header(c_header_source, include_dirs=None):
++def eci_from_header(c_header_source, include_dirs=None, libraries=None):
+     if include_dirs is None:
+         include_dirs = []
++    if libraries is None:
++        libraries = []
+     return ExternalCompilationInfo(
+         post_include_bits=[c_header_source],
+-        include_dirs=include_dirs
++        include_dirs=include_dirs,
++        libraries=libraries,
+     )
+ 
+ def getstruct(name, c_header_source, interesting_fields):
+@@ -75,9 +78,10 @@ def getintegerfunctionresult(function, args=None, c_header_source='', includes=[
+         CConfig._compilation_info_.includes = includes
+     return configure(CConfig)['RESULT']
+ 
+-def has(name, c_header_source, include_dirs=None):
++def has(name, c_header_source, include_dirs=None, libraries=None):
+     class CConfig:
+-        _compilation_info_ = eci_from_header(c_header_source, include_dirs)
++        _compilation_info_ = \
++            eci_from_header(c_header_source, include_dirs, libraries)
+         HAS = Has(name)
+     return configure(CConfig)['HAS']
+ 
+diff --git a/rpython/rtyper/tool/test/test_rffi_platform.py b/rpython/rtyper/tool/test/test_rffi_platform.py
+index bfa069e..4feae87 100644
+--- a/rpython/rtyper/tool/test/test_rffi_platform.py
++++ b/rpython/rtyper/tool/test/test_rffi_platform.py
+@@ -271,12 +271,34 @@ def test_array():
+                                        [("d_name", lltype.FixedSizeArray(rffi.CHAR, 1))])
+     assert dirent.c_d_name.length == 32
+ 
+-def test_has():
++def test_has_0001():
+     assert rffi_platform.has("x", "int x = 3;")
+     assert not rffi_platform.has("x", "")
+     # has() should also not crash if it is given an invalid #include
+     assert not rffi_platform.has("x", "#include <some/path/which/cannot/exist>")
+ 
++def test_has_0002():
++    assert rffi_platform.has("pow", "#include <math.h>", libraries=["m"])
++
++def test_has_0003():
++    """multiple libraries"""
++    assert rffi_platform.has("pow", "#include <math.h>", libraries=["m", "c"])
++
++def test_has_0004():
++    """bogus symbol name"""
++    assert not rffi_platform.has("pow", "#include <math.h>",
++                                 libraries=["boguslibname"])
++
++def test_has_0005():
++    """bogus symbol name and lib name"""
++    assert not rffi_platform.has("bogus_symbol_name", "#include <math.h>",
++                                 libraries=["boguslibname"])
++
++def test_has_0006():
++    """missing include"""
++    assert not rffi_platform.has("pow", "", libraries=["m"])
++
++
+ def test_verify_eci():
+     eci = ExternalCompilationInfo()
+     rffi_platform.verify_eci(eci)
+-- 
+2.6.1
+
diff --git a/dev-python/pypy3/pypy3-2.4.0.ebuild b/dev-python/pypy3/pypy3-2.4.0.ebuild
index 1c66a024bcb9..47a824e12292 100644
--- a/dev-python/pypy3/pypy3-2.4.0.ebuild
+++ b/dev-python/pypy3/pypy3-2.4.0.ebuild
@@ -16,13 +16,14 @@ SRC_URI="https://bitbucket.org/pypy/pypy/downloads/${P}-src.tar.bz2"
 LICENSE="MIT"
 SLOT="0/$(get_version_component_range 1-2 ${PV})"
 KEYWORDS="~amd64 ~x86 ~amd64-linux ~x86-linux"
-IUSE="bzip2 gdbm +jit low-memory ncurses sandbox shadowstack sqlite cpu_flags_x86_sse2 tk"
+IUSE="bzip2 gdbm +jit libressl low-memory ncurses sandbox shadowstack sqlite cpu_flags_x86_sse2 tk"
 
 RDEPEND=">=sys-libs/zlib-1.1.3:0=
 	virtual/libffi:0=
 	virtual/libintl:0=
 	dev-libs/expat:0=
-	dev-libs/openssl:0=
+	!libressl? ( dev-libs/openssl:0= )
+	libressl? ( dev-libs/libressl:= )
 	bzip2? ( app-arch/bzip2:0= )
 	gdbm? ( sys-libs/gdbm:0= )
 	ncurses? ( =sys-libs/ncurses-5*:0= )
@@ -79,6 +80,7 @@ src_prepare() {
 		"${FILESDIR}/1.9-scripts-location.patch" \
 		"${FILESDIR}/1.9-distutils.unixccompiler.UnixCCompiler.runtime_library_dir_option.patch" \
 		"${FILESDIR}"/2.3.1-shared-lib.patch	# 517002
+	epatch "${FILESDIR}"/${PN}-2.4.0-libressl.patch
 
 	epatch_user
 }