# HG changeset patch

# User Christian Heimes <christian@python.org>

# Date 1473110345 -7200

# Node ID 5c75b315152b714f7c84258ea511b461e2c06154

# Parent  82467d0dbaea31a7971d1429ca5f4a251a995f33

Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0.

diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst

--- a/Doc/library/ssl.rst

+++ b/Doc/library/ssl.rst

@@ -178,7 +178,7 @@ instead.

    use.  Typically, the server chooses a particular protocol version, and the

    client must adapt to the server's choice.  Most of the versions are not

    interoperable with the other versions.  If not specified, the default is

-   :data:`PROTOCOL_SSLv23`; it provides the most compatibility with other

+   :data:`PROTOCOL_TLS`; it provides the most compatibility with other

    versions.

    Here's a table showing which versions in a client (down the side) can connect

@@ -187,11 +187,11 @@ instead.

      .. table::

        ========================  =========  =========  ==========  =========  ===========  ===========

-        *client* / **server**    **SSLv2**  **SSLv3**  **SSLv23**  **TLSv1**  **TLSv1.1**  **TLSv1.2**

+        *client* / **server**    **SSLv2**  **SSLv3**  **TLS**     **TLSv1**  **TLSv1.1**  **TLSv1.2**

        ------------------------  ---------  ---------  ----------  ---------  -----------  -----------

         *SSLv2*                    yes        no         yes         no         no         no

         *SSLv3*                    no         yes        yes         no         no         no

-        *SSLv23*                   no         yes        yes         yes        yes        yes

+        *TLS* (*SSLv23*)           no         yes        yes         yes        yes        yes

         *TLSv1*                    no         no         yes         yes        no         no

         *TLSv1.1*                  no         no         yes         no         yes        no

         *TLSv1.2*                  no         no         yes         no         no         yes

@@ -244,7 +244,7 @@ purposes.

    :const:`None`, this function can choose to trust the system's default

    CA certificates instead.

-   The settings are: :data:`PROTOCOL_SSLv23`, :data:`OP_NO_SSLv2`, and

+   The settings are: :data:`PROTOCOL_TLS`, :data:`OP_NO_SSLv2`, and

    :data:`OP_NO_SSLv3` with high encryption cipher suites without RC4 and

    without unauthenticated cipher suites. Passing :data:`~Purpose.SERVER_AUTH`

    as *purpose* sets :data:`~SSLContext.verify_mode` to :data:`CERT_REQUIRED`

@@ -316,6 +316,11 @@ Random generation

    .. versionadded:: 3.3

+   .. deprecated:: 3.5.3

+

+      OpenSSL has deprecated :func:`ssl.RAND_pseudo_bytes`, use

+      :func:`ssl.RAND_bytes` instead.

+

 .. function:: RAND_status()

    Return ``True`` if the SSL pseudo-random number generator has been seeded

@@ -334,7 +339,7 @@ Random generation

    See http://egd.sourceforge.net/ or http://prngd.sourceforge.net/ for sources

    of entropy-gathering daemons.

-   Availability: not available with LibreSSL.

+   Availability: not available with LibreSSL and OpenSSL > 1.1.0

 .. function:: RAND_add(bytes, entropy)

@@ -409,7 +414,7 @@ Certificate handling

       previously. Return an integer (no fractions of a second in the

       input format)

-.. function:: get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None)

+.. function:: get_server_certificate(addr, ssl_version=PROTOCOL_TLS, ca_certs=None)

    Given the address ``addr`` of an SSL-protected server, as a (*hostname*,

    *port-number*) pair, fetches the server's certificate, and returns it as a

@@ -425,7 +430,7 @@ Certificate handling

    .. versionchanged:: 3.5

       The default *ssl_version* is changed from :data:`PROTOCOL_SSLv3` to

-      :data:`PROTOCOL_SSLv23` for maximum compatibility with modern servers.

+      :data:`PROTOCOL_TLS` for maximum compatibility with modern servers.

 .. function:: DER_cert_to_PEM_cert(DER_cert_bytes)

@@ -451,6 +456,9 @@ Certificate handling

    * :attr:`openssl_capath_env` - OpenSSL's environment key that points to a capath,

    * :attr:`openssl_capath` - hard coded path to a capath directory

+   Availability: LibreSSL ignores the environment vars

+   :attr:`openssl_cafile_env` and :attr:`openssl_capath_env`

+

    .. versionadded:: 3.4

 .. function:: enum_certificates(store_name)

@@ -568,11 +576,21 @@ Constants

    .. versionadded:: 3.4.4

-.. data:: PROTOCOL_SSLv23

+.. data:: PROTOCOL_TLS

    Selects the highest protocol version that both the client and server support.

    Despite the name, this option can select "TLS" protocols as well as "SSL".

+   .. versionadded:: 3.5.3

+

+.. data:: PROTOCOL_SSLv23

+

+   Alias for data:`PROTOCOL_TLS`.

+

+   .. deprecated:: 3.5.3

+

+      Use data:`PROTOCOL_TLS` instead.

+

 .. data:: PROTOCOL_SSLv2

    Selects SSL version 2 as the channel encryption protocol.

@@ -584,6 +602,10 @@ Constants

       SSL version 2 is insecure.  Its use is highly discouraged.

+   .. deprecated:: 3.5.3

+

+      OpenSSL has removed support for SSLv2.

+

 .. data:: PROTOCOL_SSLv3

    Selects SSL version 3 as the channel encryption protocol.

@@ -595,10 +617,20 @@ Constants

       SSL version 3 is insecure.  Its use is highly discouraged.

+   .. deprecated:: 3.5.3

+

+      OpenSSL has deprecated all version specific protocols. Use the default

+      protocol data:`PROTOCOL_TLS` with flags like data:`OP_NO_SSLv3` instead.

+

 .. data:: PROTOCOL_TLSv1

    Selects TLS version 1.0 as the channel encryption protocol.

+   .. deprecated:: 3.5.3

+

+      OpenSSL has deprecated all version specific protocols. Use the default

+      protocol data:`PROTOCOL_TLS` with flags like data:`OP_NO_SSLv3` instead.

+

 .. data:: PROTOCOL_TLSv1_1

    Selects TLS version 1.1 as the channel encryption protocol.

@@ -606,6 +638,11 @@ Constants

    .. versionadded:: 3.4

+   .. deprecated:: 3.5.3

+

+      OpenSSL has deprecated all version specific protocols. Use the default

+      protocol data:`PROTOCOL_TLS` with flags like data:`OP_NO_SSLv3` instead.

+

 .. data:: PROTOCOL_TLSv1_2

    Selects TLS version 1.2 as the channel encryption protocol. This is the

@@ -614,6 +651,11 @@ Constants

    .. versionadded:: 3.4

+   .. deprecated:: 3.5.3

+

+      OpenSSL has deprecated all version specific protocols. Use the default

+      protocol data:`PROTOCOL_TLS` with flags like data:`OP_NO_SSLv3` instead.

+

 .. data:: OP_ALL

    Enables workarounds for various bugs present in other SSL implementations.

@@ -625,23 +667,32 @@ Constants

 .. data:: OP_NO_SSLv2

    Prevents an SSLv2 connection.  This option is only applicable in

-   conjunction with :const:`PROTOCOL_SSLv23`.  It prevents the peers from

+   conjunction with :const:`PROTOCOL_TLS`.  It prevents the peers from

    choosing SSLv2 as the protocol version.

    .. versionadded:: 3.2

+   .. deprecated:: 3.5.3

+

+      SSLv2 is deprecated

+

+

 .. data:: OP_NO_SSLv3

    Prevents an SSLv3 connection.  This option is only applicable in

-   conjunction with :const:`PROTOCOL_SSLv23`.  It prevents the peers from

+   conjunction with :const:`PROTOCOL_TLS`.  It prevents the peers from

    choosing SSLv3 as the protocol version.

    .. versionadded:: 3.2

+   .. deprecated:: 3.5.3

+

+      SSLv3 is deprecated

+

 .. data:: OP_NO_TLSv1

    Prevents a TLSv1 connection.  This option is only applicable in

-   conjunction with :const:`PROTOCOL_SSLv23`.  It prevents the peers from

+   conjunction with :const:`PROTOCOL_TLS`.  It prevents the peers from

    choosing TLSv1 as the protocol version.

    .. versionadded:: 3.2

@@ -649,7 +700,7 @@ Constants

 .. data:: OP_NO_TLSv1_1

    Prevents a TLSv1.1 connection. This option is only applicable in conjunction

-   with :const:`PROTOCOL_SSLv23`. It prevents the peers from choosing TLSv1.1 as

+   with :const:`PROTOCOL_TLS`. It prevents the peers from choosing TLSv1.1 as

    the protocol version. Available only with openssl version 1.0.1+.

    .. versionadded:: 3.4

@@ -657,7 +708,7 @@ Constants

 .. data:: OP_NO_TLSv1_2

    Prevents a TLSv1.2 connection. This option is only applicable in conjunction

-   with :const:`PROTOCOL_SSLv23`. It prevents the peers from choosing TLSv1.2 as

+   with :const:`PROTOCOL_TLS`. It prevents the peers from choosing TLSv1.2 as

    the protocol version. Available only with openssl version 1.0.1+.

    .. versionadded:: 3.4

@@ -1081,17 +1132,21 @@ such as SSL configuration options, certi

 It also manages a cache of SSL sessions for server-side sockets, in order

 to speed up repeated connections from the same clients.

-.. class:: SSLContext(protocol)

-

-   Create a new SSL context.  You must pass *protocol* which must be one

+.. class:: SSLContext(protocol=PROTOCOL_TLS)

+

+   Create a new SSL context.  You may pass *protocol* which must be one

    of the ``PROTOCOL_*`` constants defined in this module.

-   :data:`PROTOCOL_SSLv23` is currently recommended for maximum

-   interoperability.

+   :data:`PROTOCOL_TLS` is currently recommended for maximum

+   interoperability and default value.

    .. seealso::

       :func:`create_default_context` lets the :mod:`ssl` module choose

       security settings for a given purpose.

+   .. versionchanged:: 3.5.3

+

+      :data:`PROTOCOL_TLS` is the default value.

+

 :class:`SSLContext` objects have the following methods and attributes:

@@ -1232,6 +1287,9 @@ to speed up repeated connections from th

    This method will raise :exc:`NotImplementedError` if :data:`HAS_ALPN` is

    False.

+   OpenSSL 1.1.0+ will abort the handshake and raise :exc:`SSLError` when

+   both sides support ALPN but cannot agree on a protocol.

+

    .. versionadded:: 3.5

 .. method:: SSLContext.set_npn_protocols(protocols)

@@ -1598,7 +1656,7 @@ If you prefer to tune security settings 

 a context from scratch (but beware that you might not get the settings

 right)::

-   >>> context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)

+   >>> context = ssl.SSLContext(ssl.PROTOCOL_TLS)

    >>> context.verify_mode = ssl.CERT_REQUIRED

    >>> context.check_hostname = True

    >>> context.load_verify_locations("/etc/ssl/certs/ca-bundle.crt")

@@ -1999,15 +2057,17 @@ Protocol versions

 SSL versions 2 and 3 are considered insecure and are therefore dangerous to

 use.  If you want maximum compatibility between clients and servers, it is

-recommended to use :const:`PROTOCOL_SSLv23` as the protocol version and then

+recommended to use :const:`PROTOCOL_TLS` as the protocol version and then

 disable SSLv2 and SSLv3 explicitly using the :data:`SSLContext.options`

 attribute::

-   context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)

+   context = ssl.SSLContext(ssl.PROTOCOL_TLS)

    context.options |= ssl.OP_NO_SSLv2

    context.options |= ssl.OP_NO_SSLv3

-

-The SSL context created above will only allow TLSv1 and later (if

+   context.options |= ssl.OP_NO_TLSv1

+   context.options |= ssl.OP_NO_TLSv1_1

+

+The SSL context created above will only allow TLSv1.2 and later (if

 supported by your system) connections.

 Cipher selection

diff --git a/Lib/ssl.py b/Lib/ssl.py

--- a/Lib/ssl.py

+++ b/Lib/ssl.py

@@ -51,6 +51,7 @@ The following constants identify various

 PROTOCOL_SSLv2

 PROTOCOL_SSLv3

 PROTOCOL_SSLv23

+PROTOCOL_TLS

 PROTOCOL_TLSv1

 PROTOCOL_TLSv1_1

 PROTOCOL_TLSv1_2

@@ -128,9 +129,10 @@ from _ssl import _OPENSSL_API_VERSION

 _IntEnum._convert(

         '_SSLMethod', __name__,

-        lambda name: name.startswith('PROTOCOL_'),

+        lambda name: name.startswith('PROTOCOL_') and name != 'PROTOCOL_SSLv23',

         source=_ssl)

+PROTOCOL_SSLv23 = _SSLMethod.PROTOCOL_SSLv23 = _SSLMethod.PROTOCOL_TLS

 _PROTOCOL_NAMES = {value: name for name, value in _SSLMethod.__members__.items()}

 try:

@@ -357,13 +359,13 @@ class SSLContext(_SSLContext):

     __slots__ = ('protocol', '__weakref__')

     _windows_cert_stores = ("CA", "ROOT")

-    def __new__(cls, protocol, *args, **kwargs):

+    def __new__(cls, protocol=PROTOCOL_TLS, *args, **kwargs):

         self = _SSLContext.__new__(cls, protocol)

         if protocol != _SSLv2_IF_EXISTS:

             self.set_ciphers(_DEFAULT_CIPHERS)

         return self

-    def __init__(self, protocol):

+    def __init__(self, protocol=PROTOCOL_TLS):

         self.protocol = protocol

     def wrap_socket(self, sock, server_side=False,

@@ -438,7 +440,7 @@ def create_default_context(purpose=Purpo

     if not isinstance(purpose, _ASN1Object):

         raise TypeError(purpose)

-    context = SSLContext(PROTOCOL_SSLv23)

+    context = SSLContext(PROTOCOL_TLS)

     # SSLv2 considered harmful.

     context.options |= OP_NO_SSLv2

@@ -475,7 +477,7 @@ def create_default_context(purpose=Purpo

         context.load_default_certs(purpose)

     return context

-def _create_unverified_context(protocol=PROTOCOL_SSLv23, *, cert_reqs=None,

+def _create_unverified_context(protocol=PROTOCOL_TLS, *, cert_reqs=None,

                            check_hostname=False, purpose=Purpose.SERVER_AUTH,

                            certfile=None, keyfile=None,

                            cafile=None, capath=None, cadata=None):

@@ -666,7 +668,7 @@ class SSLSocket(socket):

     def __init__(self, sock=None, keyfile=None, certfile=None,

                  server_side=False, cert_reqs=CERT_NONE,

-                 ssl_version=PROTOCOL_SSLv23, ca_certs=None,

+                 ssl_version=PROTOCOL_TLS, ca_certs=None,

                  do_handshake_on_connect=True,

                  family=AF_INET, type=SOCK_STREAM, proto=0, fileno=None,

                  suppress_ragged_eofs=True, npn_protocols=None, ciphers=None,

@@ -1056,7 +1058,7 @@ class SSLSocket(socket):

 def wrap_socket(sock, keyfile=None, certfile=None,

                 server_side=False, cert_reqs=CERT_NONE,

-                ssl_version=PROTOCOL_SSLv23, ca_certs=None,

+                ssl_version=PROTOCOL_TLS, ca_certs=None,

                 do_handshake_on_connect=True,

                 suppress_ragged_eofs=True,

                 ciphers=None):

@@ -1125,7 +1127,7 @@ def PEM_cert_to_DER_cert(pem_cert_string

     d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]

     return base64.decodebytes(d.encode('ASCII', 'strict'))

-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):

+def get_server_certificate(addr, ssl_version=PROTOCOL_TLS, ca_certs=None):

     """Retrieve the certificate from the server at the specified address,

     and return it as a PEM-encoded string.

     If 'ca_certs' is specified, validate the server cert against it.

diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py

--- a/Lib/test/test_ssl.py

+++ b/Lib/test/test_ssl.py

@@ -23,6 +23,9 @@ ssl = support.import_module("ssl")

 PROTOCOLS = sorted(ssl._PROTOCOL_NAMES)

 HOST = support.HOST

+IS_LIBRESSL = ssl.OPENSSL_VERSION.startswith('LibreSSL')

+IS_OPENSSL_1_1 = not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 0)

+

 def data_file(*name):

     return os.path.join(os.path.dirname(__file__), *name)

@@ -143,8 +146,8 @@ class BasicSocketTests(unittest.TestCase

     def test_str_for_enums(self):

         # Make sure that the PROTOCOL_* constants have enum-like string

         # reprs.

-        proto = ssl.PROTOCOL_SSLv23

-        self.assertEqual(str(proto), '_SSLMethod.PROTOCOL_SSLv23')

+        proto = ssl.PROTOCOL_TLS

+        self.assertEqual(str(proto), '_SSLMethod.PROTOCOL_TLS')

         ctx = ssl.SSLContext(proto)

         self.assertIs(ctx.protocol, proto)

@@ -312,8 +315,8 @@ class BasicSocketTests(unittest.TestCase

         self.assertGreaterEqual(status, 0)

         self.assertLessEqual(status, 15)

         # Version string as returned by {Open,Libre}SSL, the format might change

-        if "LibreSSL" in s:

-            self.assertTrue(s.startswith("LibreSSL {:d}.{:d}".format(major, minor)),

+        if IS_LIBRESSL:

+            self.assertTrue(s.startswith("LibreSSL {:d}".format(major)),

                             (s, t, hex(n)))

         else:

             self.assertTrue(s.startswith("OpenSSL {:d}.{:d}.{:d}".format(major, minor, fix)),

@@ -790,7 +793,8 @@ class ContextTests(unittest.TestCase):

     def test_constructor(self):

         for protocol in PROTOCOLS:

             ssl.SSLContext(protocol)

-        self.assertRaises(TypeError, ssl.SSLContext)

+        ctx = ssl.SSLContext()

+        self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLS)

         self.assertRaises(ValueError, ssl.SSLContext, -1)

         self.assertRaises(ValueError, ssl.SSLContext, 42)

@@ -811,15 +815,15 @@ class ContextTests(unittest.TestCase):

     def test_options(self):

         ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)

         # OP_ALL | OP_NO_SSLv2 | OP_NO_SSLv3 is the default value

-        self.assertEqual(ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3,

-                         ctx.options)

+        default = (ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3)

+        if not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 0):

+            default |= ssl.OP_NO_COMPRESSION

+        self.assertEqual(default, ctx.options)

         ctx.options |= ssl.OP_NO_TLSv1

-        self.assertEqual(ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 | ssl.OP_NO_TLSv1,

-                         ctx.options)

+        self.assertEqual(default | ssl.OP_NO_TLSv1, ctx.options)

         if can_clear_options():

-            ctx.options = (ctx.options & ~ssl.OP_NO_SSLv2) | ssl.OP_NO_TLSv1

-            self.assertEqual(ssl.OP_ALL | ssl.OP_NO_TLSv1 | ssl.OP_NO_SSLv3,

-                             ctx.options)

+            ctx.options = (ctx.options & ~ssl.OP_NO_TLSv1)

+            self.assertEqual(default, ctx.options)

             ctx.options = 0

             # Ubuntu has OP_NO_SSLv3 forced on by default

             self.assertEqual(0, ctx.options & ~ssl.OP_NO_SSLv3)

@@ -1155,6 +1159,7 @@ class ContextTests(unittest.TestCase):

         self.assertRaises(TypeError, ctx.load_default_certs, 'SERVER_AUTH')

     @unittest.skipIf(sys.platform == "win32", "not-Windows specific")

+    @unittest.skipIf(IS_LIBRESSL, "LibreSSL doesn't support env vars")

     def test_load_default_certs_env(self):

         ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)

         with support.EnvironmentVarGuard() as env:

@@ -1750,13 +1755,13 @@ class NetworkedBIOTests(unittest.TestCas

             sslobj = ctx.wrap_bio(incoming, outgoing, False, REMOTE_HOST)

             self.assertIs(sslobj._sslobj.owner, sslobj)

             self.assertIsNone(sslobj.cipher())

-            self.assertIsNone(sslobj.shared_ciphers())

+            self.assertIsNotNone(sslobj.shared_ciphers())

             self.assertRaises(ValueError, sslobj.getpeercert)

             if 'tls-unique' in ssl.CHANNEL_BINDING_TYPES:

                 self.assertIsNone(sslobj.get_channel_binding('tls-unique'))

             self.ssl_io_loop(sock, incoming, outgoing, sslobj.do_handshake)

             self.assertTrue(sslobj.cipher())

-            self.assertIsNone(sslobj.shared_ciphers())

+            self.assertIsNotNone(sslobj.shared_ciphers())

             self.assertTrue(sslobj.getpeercert())

             if 'tls-unique' in ssl.CHANNEL_BINDING_TYPES:

                 self.assertTrue(sslobj.get_channel_binding('tls-unique'))

@@ -2993,7 +2998,7 @@ else:

                 with context.wrap_socket(socket.socket()) as s:

                     self.assertIs(s.version(), None)

                     s.connect((HOST, server.port))

-                    self.assertEqual(s.version(), "TLSv1")

+                    self.assertEqual(s.version(), 'TLSv1')

                 self.assertIs(s.version(), None)

         @unittest.skipUnless(ssl.HAS_ECDH, "test requires ECDH-enabled OpenSSL")

@@ -3135,24 +3140,36 @@ else:

                 (['http/3.0', 'http/4.0'], None)

             ]

             for client_protocols, expected in protocol_tests:

-                server_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)

+                server_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)

                 server_context.load_cert_chain(CERTFILE)

                 server_context.set_alpn_protocols(server_protocols)

-                client_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)

+                client_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)

                 client_context.load_cert_chain(CERTFILE)

                 client_context.set_alpn_protocols(client_protocols)

-                stats = server_params_test(client_context, server_context,

-                                           chatty=True, connectionchatty=True)

-

-                msg = "failed trying %s (s) and %s (c).\n" \

-                      "was expecting %s, but got %%s from the %%s" \

-                          % (str(server_protocols), str(client_protocols),

-                             str(expected))

-                client_result = stats['client_alpn_protocol']

-                self.assertEqual(client_result, expected, msg % (client_result, "client"))

-                server_result = stats['server_alpn_protocols'][-1] \

-                    if len(stats['server_alpn_protocols']) else 'nothing'

-                self.assertEqual(server_result, expected, msg % (server_result, "server"))

+

+                try:

+                    stats = server_params_test(client_context,

+                                               server_context,

+                                               chatty=True,

+                                               connectionchatty=True)

+                except ssl.SSLError as e:

+                    stats = e

+

+                if expected is None and IS_OPENSSL_1_1:

+                    # OpenSSL 1.1.0 raises handshake error

+                    self.assertIsInstance(stats, ssl.SSLError)

+                else:

+                    msg = "failed trying %s (s) and %s (c).\n" \

+                        "was expecting %s, but got %%s from the %%s" \

+                            % (str(server_protocols), str(client_protocols),

+                                str(expected))

+                    client_result = stats['client_alpn_protocol']

+                    self.assertEqual(client_result, expected,

+                                     msg % (client_result, "client"))

+                    server_result = stats['server_alpn_protocols'][-1] \

+                        if len(stats['server_alpn_protocols']) else 'nothing'

+                    self.assertEqual(server_result, expected,

+                                     msg % (server_result, "server"))

         def test_selected_npn_protocol(self):

             # selected_npn_protocol() is None unless NPN is used

@@ -3300,13 +3317,23 @@ else:

             client_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)

             client_context.verify_mode = ssl.CERT_REQUIRED

             client_context.load_verify_locations(SIGNING_CA)

-            client_context.set_ciphers("RC4")

-            server_context.set_ciphers("AES:RC4")

+            if ssl.OPENSSL_VERSION_INFO >= (1, 0, 2):

+                client_context.set_ciphers("AES128:AES256")

+                server_context.set_ciphers("AES256")

+                alg1 = "AES256"

+                alg2 = "AES-256"

+            else:

+                client_context.set_ciphers("AES:3DES")

+                server_context.set_ciphers("3DES")

+                alg1 = "3DES"

+                alg2 = "DES-CBC3"

+

             stats = server_params_test(client_context, server_context)

             ciphers = stats['server_shared_ciphers'][0]

             self.assertGreater(len(ciphers), 0)

             for name, tls_version, bits in ciphers:

-                self.assertIn("RC4", name.split("-"))

+                if not alg1 in name.split("-") and alg2 not in name:

+                    self.fail(name)

         def test_read_write_after_close_raises_valuerror(self):

             context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)

diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c

--- a/Modules/_hashopenssl.c

+++ b/Modules/_hashopenssl.c

@@ -21,7 +21,6 @@

 /* EVP is the preferred interface to hashing in OpenSSL */

 #include <openssl/evp.h>

-#include <openssl/hmac.h>

 /* We use the object interface to discover what hashes OpenSSL supports. */

 #include <openssl/objects.h>

 #include "openssl/err.h"

@@ -32,11 +31,22 @@

 #define HASH_OBJ_CONSTRUCTOR 0

 #endif

+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)

+/* OpenSSL < 1.1.0 */

+#define EVP_MD_CTX_new EVP_MD_CTX_create

+#define EVP_MD_CTX_free EVP_MD_CTX_destroy

+#define HAS_FAST_PKCS5_PBKDF2_HMAC 0

+#include <openssl/hmac.h>

+#else

+/* OpenSSL >= 1.1.0 */

+#define HAS_FAST_PKCS5_PBKDF2_HMAC 1

+#endif

+

 typedef struct {

     PyObject_HEAD

     PyObject            *name;  /* name of this hash algorithm */

-    EVP_MD_CTX           ctx;   /* OpenSSL message digest context */

+    EVP_MD_CTX          *ctx;   /* OpenSSL message digest context */

 #ifdef WITH_THREAD

     PyThread_type_lock   lock;  /* OpenSSL context lock */

 #endif

@@ -48,7 +58,6 @@ static PyTypeObject EVPtype;

 #define DEFINE_CONSTS_FOR_NEW(Name)  \

     static PyObject *CONST_ ## Name ## _name_obj = NULL; \

-    static EVP_MD_CTX CONST_new_ ## Name ## _ctx; \

     static EVP_MD_CTX *CONST_new_ ## Name ## _ctx_p = NULL;

 DEFINE_CONSTS_FOR_NEW(md5)

@@ -59,19 +68,57 @@ DEFINE_CONSTS_FOR_NEW(sha384)

 DEFINE_CONSTS_FOR_NEW(sha512)

+/* LCOV_EXCL_START */

+static PyObject *

+_setException(PyObject *exc)

+{

+    unsigned long errcode;

+    const char *lib, *func, *reason;

+

+    errcode = ERR_peek_last_error();

+    if (!errcode) {

+        PyErr_SetString(exc, "unknown reasons");

+        return NULL;

+    }

+    ERR_clear_error();

+

+    lib = ERR_lib_error_string(errcode);

+    func = ERR_func_error_string(errcode);

+    reason = ERR_reason_error_string(errcode);

+

+    if (lib && func) {

+        PyErr_Format(exc, "[%s: %s] %s", lib, func, reason);

+    }

+    else if (lib) {

+        PyErr_Format(exc, "[%s] %s", lib, reason);

+    }

+    else {

+        PyErr_SetString(exc, reason);

+    }

+    return NULL;

+}

+/* LCOV_EXCL_STOP */

+

 static EVPobject *

 newEVPobject(PyObject *name)

 {

     EVPobject *retval = (EVPobject *)PyObject_New(EVPobject, &EVPtype);

+    if (retval == NULL) {

+        return NULL;

+    }

+

+    retval->ctx = EVP_MD_CTX_new();

+    if (retval->ctx == NULL) {

+        PyErr_NoMemory();

+        return NULL;

+    }

     /* save the name for .name to return */

-    if (retval != NULL) {

-        Py_INCREF(name);

-        retval->name = name;

+    Py_INCREF(name);

+    retval->name = name;

 #ifdef WITH_THREAD

-        retval->lock = NULL;

+    retval->lock = NULL;

 #endif

-    }

     return retval;

 }

@@ -86,7 +133,7 @@ EVP_hash(EVPobject *self, const void *vp

             process = MUNCH_SIZE;

         else

             process = Py_SAFE_DOWNCAST(len, Py_ssize_t, unsigned int);

-        EVP_DigestUpdate(&self->ctx, (const void*)cp, process);

+        EVP_DigestUpdate(self->ctx, (const void*)cp, process);

         len -= process;

         cp += process;

     }

@@ -101,16 +148,19 @@ EVP_dealloc(EVPobject *self)

     if (self->lock != NULL)

         PyThread_free_lock(self->lock);

 #endif

-    EVP_MD_CTX_cleanup(&self->ctx);

+    EVP_MD_CTX_free(self->ctx);

     Py_XDECREF(self->name);

     PyObject_Del(self);

 }

-static void locked_EVP_MD_CTX_copy(EVP_MD_CTX *new_ctx_p, EVPobject *self)

+static int

+locked_EVP_MD_CTX_copy(EVP_MD_CTX *new_ctx_p, EVPobject *self)

 {

+    int result;

     ENTER_HASHLIB(self);

-    EVP_MD_CTX_copy(new_ctx_p, &self->ctx);

+    result = EVP_MD_CTX_copy(new_ctx_p, self->ctx);

     LEAVE_HASHLIB(self);

+    return result;

 }

 /* External methods for a hash object */

@@ -126,7 +176,9 @@ EVP_copy(EVPobject *self, PyObject *unus

     if ( (newobj = newEVPobject(self->name))==NULL)

         return NULL;

-    locked_EVP_MD_CTX_copy(&newobj->ctx, self);

+    if (!locked_EVP_MD_CTX_copy(newobj->ctx, self)) {

+        return _setException(PyExc_ValueError);

+    }

     return (PyObject *)newobj;

 }

@@ -137,16 +189,24 @@ static PyObject *

 EVP_digest(EVPobject *self, PyObject *unused)

 {

     unsigned char digest[EVP_MAX_MD_SIZE];

-    EVP_MD_CTX temp_ctx;

+    EVP_MD_CTX *temp_ctx;

     PyObject *retval;

     unsigned int digest_size;

-    locked_EVP_MD_CTX_copy(&temp_ctx, self);