From 47422a852de14a8ec11d058136c7c864d2cc7fc9 Mon Sep 17 00:00:00 2001
From: "Miss Islington (bot)"
 <31488909+miss-islington@users.noreply.github.com>
Date: Thu, 13 Jan 2022 13:08:47 -0800
Subject: [PATCH] [3.10] bpo-40479: Fix typo, flag must be set for OpenSSL <
 3.0.0 (GH-30584) (GH-30585)

(cherry picked from commit 276c234ce0fa6732237f1b187989837324d9dea3)


Co-authored-by: Christian Heimes <christian@python.org>

Automerge-Triggered-By: GH:tiran
---
 Modules/_hashopenssl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c
index cb8460ab2fcf..2eaa5f7d85d8 100644
--- a/Modules/_hashopenssl.c
+++ b/Modules/_hashopenssl.c
@@ -883,7 +883,7 @@ py_evp_fromname(PyObject *module, const char *digestname, PyObject *data_obj,
         goto exit;
     }
 
-#if defined(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW) &&  OPENSSL_VERSION_NUMBER >= 0x30000000L
+#if defined(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW) && OPENSSL_VERSION_NUMBER < 0x30000000L
     // In OpenSSL 1.1.1 the non FIPS allowed flag is context specific while
     // in 3.0.0 it is a different EVP_MD provider.
     if (!usedforsecurity) {
-- 
2.47.3