From 138af6f7696e5450d11a6ef4cdca869a26fefe13 Mon Sep 17 00:00:00 2001 From: Yasuhiro Kimura Date: Tue, 11 May 2021 05:47:21 +0900 Subject: [PATCH] Revert "[3.9] bpo-43799: OpenSSL 3.0.0: declare OPENSSL_API_COMPAT 1.1.1 (GH-25329) (GH-25382)" This reverts commit 7d9d5bf863bb0af26b74b0732ab89b2053d2fbec. --- Modules/_hashopenssl.c | 15 +++++---------- Modules/_ssl.c | 33 +++++++++++++++++++-------------- 2 files changed, 24 insertions(+), 24 deletions(-) diff --git Modules/_hashopenssl.c Modules/_hashopenssl.c index 0dd1662101..adc8653773 100644 --- src/external/cpython/Modules/_hashopenssl.c +++ src/external/cpython/Modules/_hashopenssl.c @@ -11,13 +11,6 @@ * */ -/* Don't warn about deprecated functions, */ -#ifndef OPENSSL_API_COMPAT - // 0x10101000L == 1.1.1, 30000 == 3.0.0 - #define OPENSSL_API_COMPAT 0x10101000L -#endif -#define OPENSSL_NO_DEPRECATED 1 - #ifndef Py_BUILD_CORE_BUILTIN # define Py_BUILD_CORE_MODULE 1 #endif @@ -35,7 +28,7 @@ #include /* We use the object interface to discover what hashes OpenSSL supports. */ #include -#include +#include "openssl/err.h" #include // FIPS_mode() @@ -1932,11 +1925,12 @@ _hashlib_get_fips_mode_impl(PyObject *module) /*[clinic end generated code: output=87eece1bab4d3fa9 input=2db61538c41c6fef]*/ { + int result; #if OPENSSL_VERSION_NUMBER >= 0x30000000L - return EVP_default_properties_is_fips_enabled(NULL); + result = EVP_default_properties_is_fips_enabled(NULL); #else ERR_clear_error(); - int result = FIPS_mode(); + result = FIPS_mode(); if (result == 0) { // "If the library was built without support of the FIPS Object Module, // then the function will return 0 with an error code of diff --git Modules/_ssl.c Modules/_ssl.c index 97e314b21f..82069a5832 100644 --- src/external/cpython/Modules/_ssl.c +++ src/external/cpython/Modules/_ssl.c @@ -14,13 +14,6 @@ http://bugs.python.org/issue8108#msg102867 ? */ -/* Don't warn about deprecated functions, */ -#ifndef OPENSSL_API_COMPAT - // 0x10101000L == 1.1.1, 30000 == 3.0.0 - #define OPENSSL_API_COMPAT 0x10101000L -#endif -#define OPENSSL_NO_DEPRECATED 1 - #define PY_SSIZE_T_CLEAN #include "Python.h" @@ -50,6 +43,14 @@ static PySocketModule_APIObject PySocketModule; #include #endif +/* Don't warn about deprecated functions */ +#ifdef __GNUC__ +#pragma GCC diagnostic ignored "-Wdeprecated-declarations" +#endif +#ifdef __clang__ +#pragma clang diagnostic ignored "-Wdeprecated-declarations" +#endif + /* Include OpenSSL header files */ #include "openssl/rsa.h" #include "openssl/crypto.h" @@ -147,19 +148,23 @@ static void _PySSLFixErrno(void) { # define PY_OPENSSL_1_1_API 1 #endif -/* OpenSSL API 1.1.0+ does not include version methods. Define the methods - * unless OpenSSL is compiled without the methods. It's the easiest way to - * make 1.0.2, 1.1.0, 1.1.1, and 3.0.0 happy without deprecation warnings. - */ +/* OpenSSL API compat */ +#ifdef OPENSSL_API_COMPAT +#if OPENSSL_API_COMPAT >= 0x10100000L + +/* OpenSSL API 1.1.0+ does not include version methods */ #ifndef OPENSSL_NO_TLS1_METHOD -extern const SSL_METHOD *TLSv1_method(void); +#define OPENSSL_NO_TLS1_METHOD 1 #endif #ifndef OPENSSL_NO_TLS1_1_METHOD -extern const SSL_METHOD *TLSv1_1_method(void); +#define OPENSSL_NO_TLS1_1_METHOD 1 #endif #ifndef OPENSSL_NO_TLS1_2_METHOD -extern const SSL_METHOD *TLSv1_2_method(void); +#define OPENSSL_NO_TLS1_2_METHOD 1 #endif + +#endif /* >= 1.1.0 compcat */ +#endif /* OPENSSL_API_COMPAT */ /* LibreSSL 2.7.0 provides necessary OpenSSL 1.1.0 APIs */ #if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x2070000fL -- 2.31.1