diff --git a/Misc/NEWS.d/next/Library/2020-05-15-17-38-21.bpo-40479.yamSCh.rst b/Misc/NEWS.d/next/Library/2020-05-15-17-38-21.bpo-40479.yamSCh.rst
new file mode 100644
index 00000000000000..87ede982f29677
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2020-05-15-17-38-21.bpo-40479.yamSCh.rst
@@ -0,0 +1 @@
+The :mod:`hashlib` now compiles with OpenSSL 3.0.0-alpha2.
diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c
index 91834e5330f4bd..b7661b40d0a7ba 100644
--- a/Modules/_hashopenssl.c
+++ b/Modules/_hashopenssl.c
@@ -1109,19 +1109,25 @@ _hashlib.get_fips_mode -> int
Determine the OpenSSL FIPS mode of operation.
+For OpenSSL 3.0.0 and newer it returns the state of the default provider
+in the default OSSL context. It's not quite the same as FIPS_mode() but good
+enough for unittests.
+
Effectively any non-zero return value indicates FIPS mode;
values other than 1 may have additional significance.
-
-See OpenSSL documentation for the FIPS_mode() function for details.
[clinic start generated code]*/
static int
_hashlib_get_fips_mode_impl(PyObject *module)
-/*[clinic end generated code: output=87eece1bab4d3fa9 input=c2799c3132a36d6c]*/
+/*[clinic end generated code: output=87eece1bab4d3fa9 input=2db61538c41c6fef]*/
{
+ int result;
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ result = EVP_default_properties_is_fips_enabled(NULL);
+#else
ERR_clear_error();
- int result = FIPS_mode();
+ result = FIPS_mode();
if (result == 0) {
// "If the library was built without support of the FIPS Object Module,
// then the function will return 0 with an error code of
@@ -1134,6 +1140,7 @@ _hashlib_get_fips_mode_impl(PyObject *module)
}
}
return result;
+#endif
}
#endif // !LIBRESSL_VERSION_NUMBER
diff --git a/Modules/clinic/_hashopenssl.c.h b/Modules/clinic/_hashopenssl.c.h
index 275784dcdcd0e9..1b0c6d0ce43d27 100644
--- a/Modules/clinic/_hashopenssl.c.h
+++ b/Modules/clinic/_hashopenssl.c.h
@@ -733,10 +733,12 @@ PyDoc_STRVAR(_hashlib_get_fips_mode__doc__,
"\n"
"Determine the OpenSSL FIPS mode of operation.\n"
"\n"
-"Effectively any non-zero return value indicates FIPS mode;\n"
-"values other than 1 may have additional significance.\n"
+"For OpenSSL 3.0.0 and newer it returns the state of the default provider\n"
+"in the default OSSL context. It\'s not quite the same as FIPS_mode() but good\n"
+"enough for unittests.\n"
"\n"
-"See OpenSSL documentation for the FIPS_mode() function for details.");
+"Effectively any non-zero return value indicates FIPS mode;\n"
+"values other than 1 may have additional significance.");
#define _HASHLIB_GET_FIPS_MODE_METHODDEF \
{"get_fips_mode", (PyCFunction)_hashlib_get_fips_mode, METH_NOARGS, _hashlib_get_fips_mode__doc__},
@@ -769,4 +771,4 @@ _hashlib_get_fips_mode(PyObject *module, PyObject *Py_UNUSED(ignored))
#ifndef _HASHLIB_GET_FIPS_MODE_METHODDEF
#define _HASHLIB_GET_FIPS_MODE_METHODDEF
#endif /* !defined(_HASHLIB_GET_FIPS_MODE_METHODDEF) */
-/*[clinic end generated code: output=b0703dd5a043394d input=a9049054013a1b77]*/
+/*[clinic end generated code: output=4babbd88389a196b input=a9049054013a1b77]*/
pFad - Phonifier reborn
Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy