From: Christian Heimes <christian@python.org>
Date: Thu, 13 Jan 2022 20:47:42 +0000 (+0200)
Subject: bpo-40479: Fix typo, flag must be set for OpenSSL < 3.0.0 (GH-30584)
X-Git-Tag: v3.11.0a5~248^2~12
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=276c234ce0fa6732237f1b187989837324d9dea3;p=thirdparty%2FPython%2Fcpython.git

bpo-40479: Fix typo, flag must be set for OpenSSL < 3.0.0 (GH-30584)
---

diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c
index eeea61aeceb5..fb155b2e6225 100644
--- a/Modules/_hashopenssl.c
+++ b/Modules/_hashopenssl.c
@@ -883,7 +883,7 @@ py_evp_fromname(PyObject *module, const char *digestname, PyObject *data_obj,
         goto exit;
     }
 
-#if defined(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW) &&  OPENSSL_VERSION_NUMBER >= 0x30000000L
+#if defined(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW) && OPENSSL_VERSION_NUMBER < 0x30000000L
     // In OpenSSL 1.1.1 the non FIPS allowed flag is context specific while
     // in 3.0.0 it is a different EVP_MD provider.
     if (!usedforsecurity) {