Skip to content

gh-136591: avoid using deprecated features for OpenSSL 3.0+ #136592

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jul 12, 2025
Merged

gh-136591: avoid using deprecated features for OpenSSL 3.0+ #136592

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions Misc/NEWS.d/next/Library/2025-07-12-18-05-37.gh-issue-136591.ujXmSN.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
:mod:`!_hashlib`: avoid using deprecated functions
:manpage:`ERR_func_error_string` and :manpage:`EVP_MD_CTX_md` when using
OpenSSL 3.0 and later. Patch by Bénédikt Tran.
21 changes: 19 additions & 2 deletions Modules/_hashopenssl.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,11 +64,15 @@
#define PY_EVP_MD_fetch(algorithm, properties) EVP_MD_fetch(NULL, algorithm, properties)
#define PY_EVP_MD_up_ref(md) EVP_MD_up_ref(md)
#define PY_EVP_MD_free(md) EVP_MD_free(md)

#define PY_EVP_MD_CTX_md(CTX) EVP_MD_CTX_get0_md(CTX)
#else
#define PY_EVP_MD const EVP_MD
#define PY_EVP_MD_fetch(algorithm, properties) EVP_get_digestbyname(algorithm)
#define PY_EVP_MD_up_ref(md) do {} while(0)
#define PY_EVP_MD_free(md) do {} while(0)

#define PY_EVP_MD_CTX_md(CTX) EVP_MD_CTX_md(CTX)
#endif

/* hash alias map and fast lookup
Expand Down Expand Up @@ -308,6 +312,14 @@ class _hashlib.HMAC "HMACobject *" "&PyType_Type"

/* LCOV_EXCL_START */

/* Thin wrapper around ERR_reason_error_string() returning non-NULL text. */
static const char *
py_wrapper_ERR_reason_error_string(unsigned long errcode)
{
const char *reason = ERR_reason_error_string(errcode);
return reason ? reason : "no reason";
}

/* Set an exception of given type using the given OpenSSL error code. */
static void
set_ssl_exception_from_errcode(PyObject *exc_type, unsigned long errcode)
Expand All @@ -317,8 +329,13 @@ set_ssl_exception_from_errcode(PyObject *exc_type, unsigned long errcode)

/* ERR_ERROR_STRING(3) ensures that the messages below are ASCII */
const char *lib = ERR_lib_error_string(errcode);
#ifdef Py_HAS_OPENSSL3_SUPPORT
// Since OpenSSL 3.0, ERR_func_error_string() always returns NULL.
const char *func = NULL;
#else
const char *func = ERR_func_error_string(errcode);
const char *reason = ERR_reason_error_string(errcode);
#endif
const char *reason = py_wrapper_ERR_reason_error_string(errcode);

if (lib && func) {
PyErr_Format(exc_type, "[%s: %s] %s", lib, func, reason);
Expand Down Expand Up @@ -838,7 +855,7 @@ static PyObject *
_hashlib_HASH_get_name(PyObject *op, void *Py_UNUSED(closure))
{
HASHobject *self = HASHobject_CAST(op);
const EVP_MD *md = EVP_MD_CTX_md(self->ctx);
const EVP_MD *md = PY_EVP_MD_CTX_md(self->ctx);
if (md == NULL) {
notify_ssl_error_occurred("missing EVP_MD for HASH context");
return NULL;
Expand Down
Loading
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy