From 91f54153bf549723d82efbf0aa73e85133b644d4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?=
<10796600+picnixz@users.noreply.github.com>
Date: Wed, 9 Jul 2025 12:24:56 +0200
Subject: [PATCH] avoid using deprecated features for OpenSSL 3.0+
---
...-07-12-18-05-37.gh-issue-136591.ujXmSN.rst | 3 +++
Modules/_hashopenssl.c | 21 +++++++++++++++++--
2 files changed, 22 insertions(+), 2 deletions(-)
create mode 100644 Misc/NEWS.d/next/Library/2025-07-12-18-05-37.gh-issue-136591.ujXmSN.rst
diff --git a/Misc/NEWS.d/next/Library/2025-07-12-18-05-37.gh-issue-136591.ujXmSN.rst b/Misc/NEWS.d/next/Library/2025-07-12-18-05-37.gh-issue-136591.ujXmSN.rst
new file mode 100644
index 00000000000000..ccd5bf11f0467a
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2025-07-12-18-05-37.gh-issue-136591.ujXmSN.rst
@@ -0,0 +1,3 @@
+:mod:`!_hashlib`: avoid using deprecated functions
+:manpage:`ERR_func_error_string` and :manpage:`EVP_MD_CTX_md` when using
+OpenSSL 3.0 and later. Patch by Bénédikt Tran.
diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c
index 90a7391ebb09af..1a6c831e48377b 100644
--- a/Modules/_hashopenssl.c
+++ b/Modules/_hashopenssl.c
@@ -64,11 +64,15 @@
#define PY_EVP_MD_fetch(algorithm, properties) EVP_MD_fetch(NULL, algorithm, properties)
#define PY_EVP_MD_up_ref(md) EVP_MD_up_ref(md)
#define PY_EVP_MD_free(md) EVP_MD_free(md)
+
+#define PY_EVP_MD_CTX_md(CTX) EVP_MD_CTX_get0_md(CTX)
#else
#define PY_EVP_MD const EVP_MD
#define PY_EVP_MD_fetch(algorithm, properties) EVP_get_digestbyname(algorithm)
#define PY_EVP_MD_up_ref(md) do {} while(0)
#define PY_EVP_MD_free(md) do {} while(0)
+
+#define PY_EVP_MD_CTX_md(CTX) EVP_MD_CTX_md(CTX)
#endif
/* hash alias map and fast lookup
@@ -308,6 +312,14 @@ class _hashlib.HMAC "HMACobject *" "&PyType_Type"
/* LCOV_EXCL_START */
+/* Thin wrapper around ERR_reason_error_string() returning non-NULL text. */
+static const char *
+py_wrapper_ERR_reason_error_string(unsigned long errcode)
+{
+ const char *reason = ERR_reason_error_string(errcode);
+ return reason ? reason : "no reason";
+}
+
/* Set an exception of given type using the given OpenSSL error code. */
static void
set_ssl_exception_from_errcode(PyObject *exc_type, unsigned long errcode)
@@ -317,8 +329,13 @@ set_ssl_exception_from_errcode(PyObject *exc_type, unsigned long errcode)
/* ERR_ERROR_STRING(3) ensures that the messages below are ASCII */
const char *lib = ERR_lib_error_string(errcode);
+#ifdef Py_HAS_OPENSSL3_SUPPORT
+ // Since OpenSSL 3.0, ERR_func_error_string() always returns NULL.
+ const char *func = NULL;
+#else
const char *func = ERR_func_error_string(errcode);
- const char *reason = ERR_reason_error_string(errcode);
+#endif
+ const char *reason = py_wrapper_ERR_reason_error_string(errcode);
if (lib && func) {
PyErr_Format(exc_type, "[%s: %s] %s", lib, func, reason);
@@ -838,7 +855,7 @@ static PyObject *
_hashlib_HASH_get_name(PyObject *op, void *Py_UNUSED(closure))
{
HASHobject *self = HASHobject_CAST(op);
- const EVP_MD *md = EVP_MD_CTX_md(self->ctx);
+ const EVP_MD *md = PY_EVP_MD_CTX_md(self->ctx);
if (md == NULL) {
notify_ssl_error_occurred("missing EVP_MD for HASH context");
return NULL;
pFad - Phonifier reborn
Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy