diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c index 037fa4e2e99af9..e882a003c878b5 100644 --- a/Modules/_hashopenssl.c +++ b/Modules/_hashopenssl.c @@ -21,6 +21,7 @@ /* EVP is the preferred interface to hashing in OpenSSL */ #include +#include /* We use the object interface to discover what hashes OpenSSL supports. */ #include #include "openssl/err.h" @@ -43,6 +44,8 @@ module _hashlib #define EVP_MD_CTX_free EVP_MD_CTX_destroy #define HAS_FAST_PKCS5_PBKDF2_HMAC 0 #include +/* For some reason, this function is not declared on OpenSSL's headers */ +void OPENSSL_cpuid_setup(void); #else /* OpenSSL >= 1.1.0 */ #define HAS_FAST_PKCS5_PBKDF2_HMAC 1 @@ -1022,9 +1025,18 @@ PyInit__hashlib(void) { PyObject *m, *openssl_md_meth_names; +#ifndef OPENSSL_VERSION_1_1 + /* "As of version 1.1.0 OpenSSL will automatically allocate all resources + * that it needs so no explicit initialisation is required. Similarly it + * will also automatically deinitialise as required." + * https://www.openssl.org/docs/man1.1.0/crypto/OPENSSL_init_crypto.html */ OpenSSL_add_all_digests(); ERR_load_crypto_strings(); + /* Detect HW capabilities to improve performance */ + OPENSSL_cpuid_setup(); +#endif + /* TODO build EVP_functions openssl_* entries dynamically based * on what hashes are supported rather than listing many * but having some be unsupported. Only init appropriate diff --git a/Modules/_ssl.c b/Modules/_ssl.c index 1380c575119bf4..8ea9fc61ac4b69 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -75,6 +75,7 @@ static PySocketModule_APIObject PySocketModule; #include "openssl/err.h" #include "openssl/rand.h" #include "openssl/bio.h" +#include "openssl/engine.h" /* SSL error object */ static PyObject *PySSLErrorObject; @@ -175,6 +176,8 @@ static void _PySSLFixErrno(void) { #define HAVE_OPENSSL_CRYPTO_LOCK #endif +/* For some reason, this function is not declared on OpenSSL's headers */ +void OPENSSL_cpuid_setup(void); #define TLS_method SSLv23_method #define TLS_client_method SSLv23_client_method #define TLS_server_method SSLv23_server_method @@ -5186,8 +5189,18 @@ PyInit__ssl(void) _ssl_locks_count++; #endif #endif /* WITH_THREAD */ + +#ifndef OPENSSL_VERSION_1_1 + /* "As of version 1.1.0 OpenSSL will automatically allocate all resources + * that it needs so no explicit initialisation is required. Similarly it + * will also automatically deinitialise as required." + * https://www.openssl.org/docs/man1.1.0/crypto/OPENSSL_init_crypto.html */ OpenSSL_add_all_algorithms(); + /* Detect HW capabilities to improve performance */ + OPENSSL_cpuid_setup(); +#endif + /* Add symbols to module dict */ sslerror_type_slots[0].pfunc = PyExc_OSError; PySSLErrorObject = PyType_FromSpec(&sslerror_type_spec); diff --git a/PCbuild/_hashlib.vcxproj b/PCbuild/_hashlib.vcxproj index d6d88029d71341..3aff97e68d8034 100644 --- a/PCbuild/_hashlib.vcxproj +++ b/PCbuild/_hashlib.vcxproj @@ -62,7 +62,7 @@ - ws2_32.lib;%(AdditionalDependencies) + ws2_32.lib;crypt32.lib;%(AdditionalDependencies)