Attachment #498224 for bug #592480

Lines 139-147 Link Here

(-)Python-3.6.3-orig/Modules/_ssl.c (-13 / +57 lines)
139	#define HAVE_OPENSSL_CRYPTO_LOCK	139	#define HAVE_OPENSSL_CRYPTO_LOCK
140	#endif	140	#endif
141		141
		142	#ifndef OPENSSL_VERSION_1_1
142	#define TLS_method SSLv23_method	143	#define TLS_method SSLv23_method
143	#define TLS_client_method SSLv23_client_method	144	#define TLS_client_method SSLv23_client_method
144	#define TLS_server_method SSLv23_server_method	145	#define TLS_server_method SSLv23_server_method
		146	#define X509_get0_notBefore X509_get_notBefore
		147	#define X509_get0_notAfter X509_get_notAfter
		148	#define ASN1_STRING_get0_data ASN1_STRING_data
		149	#define OpenSSL_version_num SSLeay
		150	#define OpenSSL_version SSLeay_version
		151	#define OPENSSL_VERSION SSLEAY_VERSION
		152	#endif
145		153
146	static int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne)	154	static int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne)
147	{	155	{
Lines 1062-1068 Link Here
1062	goto fail;	1070	goto fail;
1063	}	1071	}
1064	PyTuple_SET_ITEM(t, 0, v);	1072	PyTuple_SET_ITEM(t, 0, v);
1065	v = PyUnicode_FromStringAndSize((char *)ASN1_STRING_data(as),	1073	v = PyUnicode_FromStringAndSize((char *)ASN1_STRING_get0_data(as),
1066	ASN1_STRING_length(as));	1074	ASN1_STRING_length(as));
1067	if (v == NULL) {	1075	if (v == NULL) {
1068	Py_DECREF(t);	1076	Py_DECREF(t);
Lines 1365-1371 Link Here
1365	Py_DECREF(sn_obj);	1373	Py_DECREF(sn_obj);
1366		1374
1367	(void) BIO_reset(biobuf);	1375	(void) BIO_reset(biobuf);
1368	notBefore = X509_get_notBefore(certificate);	1376	notBefore = X509_get0_notBefore(certificate);
1369	ASN1_TIME_print(biobuf, notBefore);	1377	ASN1_TIME_print(biobuf, notBefore);
1370	len = BIO_gets(biobuf, buf, sizeof(buf)-1);	1378	len = BIO_gets(biobuf, buf, sizeof(buf)-1);
1371	if (len < 0) {	1379	if (len < 0) {
Lines 1382-1388 Link Here
1382	Py_DECREF(pnotBefore);	1390	Py_DECREF(pnotBefore);
1383		1391
1384	(void) BIO_reset(biobuf);	1392	(void) BIO_reset(biobuf);
1385	notAfter = X509_get_notAfter(certificate);	1393	notAfter = X509_get0_notAfter(certificate);
1386	ASN1_TIME_print(biobuf, notAfter);	1394	ASN1_TIME_print(biobuf, notAfter);
1387	len = BIO_gets(biobuf, buf, sizeof(buf)-1);	1395	len = BIO_gets(biobuf, buf, sizeof(buf)-1);
1388	if (len < 0) {	1396	if (len < 0) {
Lines 2648-2669 Link Here
2648	#endif	2656	#endif
2649		2657
2650	PySSL_BEGIN_ALLOW_THREADS	2658	PySSL_BEGIN_ALLOW_THREADS
2651	if (proto_version == PY_SSL_VERSION_TLS1)	2659	if (proto_version == PY_SSL_VERSION_TLS1) {
		2660	#ifdef OPENSSL_VERSION_1_1
		2661	ctx = SSL_CTX_new(TLS_method());
		2662	SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
		2663	#else
2652	ctx = SSL_CTX_new(TLSv1_method());	2664	ctx = SSL_CTX_new(TLSv1_method());
		2665	#endif
		2666	}
2653	#if HAVE_TLSv1_2	2667	#if HAVE_TLSv1_2
2654	else if (proto_version == PY_SSL_VERSION_TLS1_1)	2668	else if (proto_version == PY_SSL_VERSION_TLS1_1) {
		2669	#ifdef OPENSSL_VERSION_1_1
		2670	ctx = SSL_CTX_new(TLS_method());
		2671	SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION);
		2672	#else
2655	ctx = SSL_CTX_new(TLSv1_1_method());	2673	ctx = SSL_CTX_new(TLSv1_1_method());
2656	else if (proto_version == PY_SSL_VERSION_TLS1_2)	2674	#endif
		2675	}
		2676	else if (proto_version == PY_SSL_VERSION_TLS1_2) {
		2677	#ifdef OPENSSL_VERSION_1_1
		2678	ctx = SSL_CTX_new(TLS_method());
		2679	SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
		2680	#else
2657	ctx = SSL_CTX_new(TLSv1_2_method());	2681	ctx = SSL_CTX_new(TLSv1_2_method());
2658	#endif	2682	#endif
		2683	}
		2684	#endif
2659	#ifndef OPENSSL_NO_SSL3	2685	#ifndef OPENSSL_NO_SSL3
2660	else if (proto_version == PY_SSL_VERSION_SSL3)	2686	else if (proto_version == PY_SSL_VERSION_SSL3) {
		2687	#ifdef OPENSSL_VERSION_1_1
		2688	ctx = SSL_CTX_new(TLS_method());
		2689	SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION);
		2690	#else
2661	ctx = SSL_CTX_new(SSLv3_method());	2691	ctx = SSL_CTX_new(SSLv3_method());
2662	#endif	2692	#endif
		2693	}
		2694	#endif
2663	#ifndef OPENSSL_NO_SSL2	2695	#ifndef OPENSSL_NO_SSL2
2664	else if (proto_version == PY_SSL_VERSION_SSL2)	2696	else if (proto_version == PY_SSL_VERSION_SSL2) {
		2697	#ifdef OPENSSL_VERSION_1_1
		2698	ctx = SSL_CTX_new(TLS_method());
		2699	SSL_CTX_set_min_proto_version(ctx, SSL2_VERSION);
		2700	#else
2665	ctx = SSL_CTX_new(SSLv2_method());	2701	ctx = SSL_CTX_new(SSLv2_method());
2666	#endif	2702	#endif
		2703	}
		2704	#endif
2667	else if (proto_version == PY_SSL_VERSION_TLS) /* SSLv23 */	2705	else if (proto_version == PY_SSL_VERSION_TLS) /* SSLv23 */
2668	ctx = SSL_CTX_new(TLS_method());	2706	ctx = SSL_CTX_new(TLS_method());
2669	else if (proto_version == PY_SSL_VERSION_TLS_CLIENT)	2707	else if (proto_version == PY_SSL_VERSION_TLS_CLIENT)
Lines 2760-2766 Link Here
2760	conservative and assume it wasn't fixed until release. We do this check	2798	conservative and assume it wasn't fixed until release. We do this check
2761	at runtime to avoid problems from the dynamic linker.	2799	at runtime to avoid problems from the dynamic linker.
2762	See #25672 for more on this. */	2800	See #25672 for more on this. */
2763	libver = SSLeay();	2801	libver = OpenSSL_version_num();
2764	if (!(libver >= 0x10001000UL && libver < 0x1000108fUL) &&	2802	if (!(libver >= 0x10001000UL && libver < 0x1000108fUL) &&
2765	!(libver >= 0x10000000UL && libver < 0x100000dfUL)) {	2803	!(libver >= 0x10000000UL && libver < 0x100000dfUL)) {
2766	SSL_CTX_set_mode(self->ctx, SSL_MODE_RELEASE_BUFFERS);	2804	SSL_CTX_set_mode(self->ctx, SSL_MODE_RELEASE_BUFFERS);
Lines 4572-4578 Link Here
4572	if (bytes == NULL)	4610	if (bytes == NULL)
4573	return NULL;	4611	return NULL;
4574	if (pseudo) {	4612	if (pseudo) {
		4613	#ifdef OPENSSL_VERSION_1_1
		4614	ok = RAND_bytes((unsigned char*)PyBytes_AS_STRING(bytes), len);
		4615	#else
4575	ok = RAND_pseudo_bytes((unsigned char*)PyBytes_AS_STRING(bytes), len);	4616	ok = RAND_pseudo_bytes((unsigned char*)PyBytes_AS_STRING(bytes), len);
		4617	#endif
4576	if (ok == 0 \|\| ok == 1)	4618	if (ok == 0 \|\| ok == 1)
4577	return Py_BuildValue("NO", bytes, ok == 1 ? Py_True : Py_False);	4619	return Py_BuildValue("NO", bytes, ok == 1 ? Py_True : Py_False);
4578	}	4620	}
Lines 5212-5218 Link Here
5212	return NULL;	5254	return NULL;
5213	PySocketModule = *socket_api;	5255	PySocketModule = *socket_api;
5214		5256
5215	#ifndef OPENSSL_VERSION_1_1	5257	#ifdef OPENSSL_VERSION_1_1
		5258	OPENSSL_init_ssl(0, NULL);
		5259	#else
5216	/* Load all algorithms and initialize cpuid */	5260	/* Load all algorithms and initialize cpuid */
5217	OPENSSL_add_all_algorithms_noconf();	5261	OPENSSL_add_all_algorithms_noconf();
5218	/* Init OpenSSL */	5262	/* Init OpenSSL */
Lines 5512-5521 Link Here
5512	return NULL;	5556	return NULL;
5513		5557
5514	/* OpenSSL version */	5558	/* OpenSSL version */
5515	/* SSLeay() gives us the version of the library linked against,	5559	/* OpenSSL_version_num() gives us the version of the library linked against,
5516	which could be different from the headers version.	5560	which could be different from the headers version.
5517	*/	5561	*/
5518	libver = SSLeay();	5562	libver = OpenSSL_version_num();
5519	r = PyLong_FromUnsignedLong(libver);	5563	r = PyLong_FromUnsignedLong(libver);
5520	if (r == NULL)	5564	if (r == NULL)
5521	return NULL;	5565	return NULL;
Lines 5525-5531 Link Here
5525	r = Py_BuildValue("IIIII", major, minor, fix, patch, status);	5569	r = Py_BuildValue("IIIII", major, minor, fix, patch, status);
5526	if (r == NULL \|\| PyModule_AddObject(m, "OPENSSL_VERSION_INFO", r))	5570	if (r == NULL \|\| PyModule_AddObject(m, "OPENSSL_VERSION_INFO", r))
5527	return NULL;	5571	return NULL;
5528	r = PyUnicode_FromString(SSLeay_version(SSLEAY_VERSION));	5572	r = PyUnicode_FromString(OpenSSL_version(OPENSSL_VERSION));
5529	if (r == NULL \|\| PyModule_AddObject(m, "OPENSSL_VERSION", r))	5573	if (r == NULL \|\| PyModule_AddObject(m, "OPENSSL_VERSION", r))
5530	return NULL;	5574	return NULL;
5531		5575

Lines 1022-1028 Link Here

(-)Python-3.6.3-orig/Modules/_hashopenssl.c (-1 / +1 lines)
1022	{	1022	{
1023	PyObject m, openssl_md_meth_names;	1023	PyObject m, openssl_md_meth_names;
1024		1024
1025	#ifndef OPENSSL_VERSION_1_1	1025	#if (OPENSSL_VERSION_NUMBER < 0x10100000L) \|\| defined(LIBRESSL_VERSION_NUMBER)
1026	/* Load all digest algorithms and initialize cpuid */	1026	/* Load all digest algorithms and initialize cpuid */
1027	OPENSSL_add_all_algorithms_noconf();	1027	OPENSSL_add_all_algorithms_noconf();
1028	ERR_load_crypto_strings();	1028	ERR_load_crypto_strings();

Return to bug 592480