Update package to 4.1.0

The maintainer did this differently in a package update.

Update diff to latest version of package (23.2.0)

Add pytest-benchmark test dependency

Add pep517 requirement to security/py-cryptography-vectors too

Update patch to the latest version

Are these testcases already implemented in the libm tests?

LGTM

Respond to comments from @rfyu28uyeg_snkmail.com:

• fix licensing (lib/libc/db is BSD 3-clause, not 4-clause).
• remove unnecessary "dual licensing" logic for the BDB1 option.

@rfyu28uyeg_snkmail.com: thank you for the input about the licensing. You're right -- I'm updating the patch now.

Some of the comments I found elsewhere suggested this is unnecessary with OpenSSL 1.1+. Is this truly needed?

The commit message/revision description needs updating, BTW.

LGTM! I think @jhb’s suggestion about using static functions or macros with forward looking names would be a good potential investment, but that doesn’t need to be done here or now.

Sounds good to me! From https://www.openssl.org/docs/man3.1/man3/SSL_CTX_set_ecdh_auto.html :

I've been going back and forth a lot over the wording and APIs in use because I've been refining my understanding upon reading the manpages and tried to get things consistent across the board to aid with program UX 😅.
The existing code was also misleading/incorrect in terms of how the limits were calculated and enforced, too: it should have been 256, not 112 -- I have no idea why someone chose the number 112.

Include appropriate headers for new APIs in use

Consistently use bytes or bits in calculations

Make the minimum required RSA bits 256, not 112.

Update values and messages used when testing pubkey limits

Remove all pre-3.0 related ifdefs.

In D40273#917094, @emaste wrote:

(Copied from the GitHub pull request) So far I am aiming for minimal diffs, and plan to make another pass over everything later on including updates to use OpenSSL 3 APIs. In particular I don't want to delete SSL_library_init(); if other pre-OpenSSL-1.1 code remains (I haven't checked whether or not it does, yet).

Submitted as https://github.com/corecode/dma/pull/126 .

Ah, it’s not fixed upstream yet. I can submit the patch if that’s ok.

Can we also update this third-party package to a version that supports OpenSSL 3?

Update with @sunpoet's patch from https://people.freebsd.org/~sunpoet/patch/security-py-cryptography.txt .

Take back so I can update the diff.

@sunpoet : I'm going to pass this review to you, given that you're the more current maintainer and you have a patch out for updating to 40.0.1. Please feel free to abandon the review if you it's being addressed elsewhere or you don't feel this is necessary.

John: do you have any more comments I should follow up on?

This built successfully with poudriere on 13.1-RELEASE-p7/amd64. It also passed the exp-run according to @antoine: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270161#c1 .