More main BoringSSL build & run fixes.

gpshead · Mar 28, 2024 · 4a41ae3 · 4a41ae3
1 parent 29fedb4
commit 4a41ae3
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 1 deletion.
diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c
@@ -1828,6 +1828,7 @@ typedef struct _internal_name_mapper_state {
 } _InternalNameMapperState;
 
 
+#ifndef OPENSSL_IS_BORINGSSL
 /* A callback function to pass to OpenSSL's OBJ_NAME_do_all(...) */
 static void
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
@@ -1856,6 +1857,7 @@ _openssl_hash_name_mapper(const EVP_MD *md, const char *from,
         Py_DECREF(py_name);
     }
 }
+#endif  // !OPENSSL_IS_BORINGSSL
 
 
 /* Ask OpenSSL for a list of supported ciphers, filling in a Python set. */
@@ -1864,12 +1866,42 @@ hashlib_md_meth_names(PyObject *module)
 {
     _InternalNameMapperState state = {
         .set = PyFrozenSet_New(NULL),
+#ifndef OPENSSL_IS_BORINGSSL
         .error = 0
+#endif  // !OPENSSL_IS_BORINGSSL
     };
     if (state.set == NULL) {
         return -1;
     }
 
+#if defined(OPENSSL_IS_BORINGSSL)
+    // This avoids a need to link with -ldecrepit for EVP_MD_do_all().
+    // TODO(gpshead): Using CPython predefined constant internal C APIs
+    // would be better.
+    const char *boringssl_hash_names[] = {
+        "md5",
+        "sha1",
+        "sha224",
+        "sha256",
+        "sha384",
+        "sha512",
+        NULL,
+    };
+    for (int i=0; boringssl_hash_names[i] != NULL; ++i) {
+        PyObject *py_name = PyUnicode_FromString(boringssl_hash_names[i]);
+        if (py_name == NULL) {
+            Py_DECREF(state.set);
+            return -1;
+        } else {
+            if (PySet_Add(state.set, py_name) != 0) {
+                Py_DECREF(py_name);
+                Py_DECREF(state.set);
+                return -1;
+            };
+            Py_DECREF(py_name);
+        }
+    }
+#else
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
     // get algorithms from all activated providers in default context
     EVP_MD_do_all_provided(NULL, &_openssl_hash_name_mapper, &state);
@@ -1881,6 +1913,7 @@ hashlib_md_meth_names(PyObject *module)
         Py_DECREF(state.set);
         return -1;
     }
+#endif  // !OPENSSL_IS_BORINGSSL
 
     return PyModule_Add(module, "openssl_md_meth_names", state.set);
 }

diff --git a/Modules/_ssl.c b/Modules/_ssl.c
@@ -127,6 +127,7 @@ static void _PySSLFixErrno(void) {
 #define _PySSL_FIX_ERRNO _PySSLFixErrno()
 #endif
 
+#ifndef OPENSSL_IS_BORINGSSL
 /* Include generated data (error codes) */
 #if (OPENSSL_VERSION_NUMBER >= 0x30100000L)
 #include "_ssl_data_31.h"
@@ -137,6 +138,7 @@ static void _PySSLFixErrno(void) {
 #else
 #error Unsupported OpenSSL version
 #endif
+#endif  // !OPENSSL_IS_BORINGSSL
 
 /* OpenSSL API 1.1.0+ does not include version methods */
 #ifndef OPENSSL_NO_SSL3_METHOD
@@ -3200,7 +3202,6 @@ _ssl__SSLContext_impl(PyTypeObject *type, int proto_version)
         result = SSL_CTX_set_cipher_list(ctx, "HIGH:!aNULL:!eNULL");
     }
     if (result == 0) {
-        Py_DECREF(self);
         ERR_clear_error();
         PyErr_SetString(get_state_ctx(self)->PySSLErrorObject,
                         "No cipher can be selected.");