Commit 0936729d authored by Victor Stinner's avatar Victor Stinner

Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The

availability of the function is checked during the compilation. Patch written
by Bernard Spil.
parent a3132ed9
...@@ -299,6 +299,8 @@ Random generation ...@@ -299,6 +299,8 @@ Random generation
See http://egd.sourceforge.net/ or http://prngd.sourceforge.net/ for sources See http://egd.sourceforge.net/ or http://prngd.sourceforge.net/ for sources
of entropy-gathering daemons. of entropy-gathering daemons.
Availability: not available with LibreSSL.
.. function:: RAND_add(bytes, entropy) .. function:: RAND_add(bytes, entropy)
Mixes the given *bytes* into the SSL pseudo-random number generator. The Mixes the given *bytes* into the SSL pseudo-random number generator. The
......
...@@ -67,7 +67,6 @@ else: ...@@ -67,7 +67,6 @@ else:
from _ssl import SSLError as sslerror from _ssl import SSLError as sslerror
from _ssl import \ from _ssl import \
RAND_add, \ RAND_add, \
RAND_egd, \
RAND_status, \ RAND_status, \
SSL_ERROR_ZERO_RETURN, \ SSL_ERROR_ZERO_RETURN, \
SSL_ERROR_WANT_READ, \ SSL_ERROR_WANT_READ, \
...@@ -78,6 +77,11 @@ else: ...@@ -78,6 +77,11 @@ else:
SSL_ERROR_WANT_CONNECT, \ SSL_ERROR_WANT_CONNECT, \
SSL_ERROR_EOF, \ SSL_ERROR_EOF, \
SSL_ERROR_INVALID_ERROR_CODE SSL_ERROR_INVALID_ERROR_CODE
try:
from _ssl import RAND_egd
except ImportError:
# LibreSSL does not provide RAND_egd
pass
import os, sys, warnings import os, sys, warnings
......
...@@ -106,7 +106,12 @@ from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED ...@@ -106,7 +106,12 @@ from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
from _ssl import (VERIFY_DEFAULT, VERIFY_CRL_CHECK_LEAF, VERIFY_CRL_CHECK_CHAIN, from _ssl import (VERIFY_DEFAULT, VERIFY_CRL_CHECK_LEAF, VERIFY_CRL_CHECK_CHAIN,
VERIFY_X509_STRICT) VERIFY_X509_STRICT)
from _ssl import txt2obj as _txt2obj, nid2obj as _nid2obj from _ssl import txt2obj as _txt2obj, nid2obj as _nid2obj
from _ssl import RAND_status, RAND_egd, RAND_add from _ssl import RAND_status, RAND_add
try:
from _ssl import RAND_egd
except ImportError:
# LibreSSL does not provide RAND_egd
pass
def _import_symbols(prefix): def _import_symbols(prefix):
for n in dir(_ssl): for n in dir(_ssl):
......
...@@ -169,8 +169,9 @@ class BasicSocketTests(unittest.TestCase): ...@@ -169,8 +169,9 @@ class BasicSocketTests(unittest.TestCase):
sys.stdout.write("\n RAND_status is %d (%s)\n" sys.stdout.write("\n RAND_status is %d (%s)\n"
% (v, (v and "sufficient randomness") or % (v, (v and "sufficient randomness") or
"insufficient randomness")) "insufficient randomness"))
self.assertRaises(TypeError, ssl.RAND_egd, 1) if hasattr(ssl, 'RAND_egd'):
self.assertRaises(TypeError, ssl.RAND_egd, 'foo', 1) self.assertRaises(TypeError, ssl.RAND_egd, 1)
self.assertRaises(TypeError, ssl.RAND_egd, 'foo', 1)
ssl.RAND_add("this is a random string", 75.0) ssl.RAND_add("this is a random string", 75.0)
def test_parse_cert(self): def test_parse_cert(self):
......
...@@ -15,6 +15,10 @@ Core and Builtins ...@@ -15,6 +15,10 @@ Core and Builtins
Library Library
------- -------
- Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The
availability of the function is checked during the compilation. Patch written
by Bernard Spil.
- Backport the context argument to ftplib.FTP_TLS. - Backport the context argument to ftplib.FTP_TLS.
- Issue #23111: Maximize compatibility in protocol versions of ftplib.FTP_TLS. - Issue #23111: Maximize compatibility in protocol versions of ftplib.FTP_TLS.
......
...@@ -3301,6 +3301,11 @@ Returns 1 if the OpenSSL PRNG has been seeded with enough data and 0 if not.\n\ ...@@ -3301,6 +3301,11 @@ Returns 1 if the OpenSSL PRNG has been seeded with enough data and 0 if not.\n\
It is necessary to seed the PRNG with RAND_add() on some platforms before\n\ It is necessary to seed the PRNG with RAND_add() on some platforms before\n\
using the ssl() function."); using the ssl() function.");
#endif /* HAVE_OPENSSL_RAND */
#ifdef HAVE_RAND_EGD
static PyObject * static PyObject *
PySSL_RAND_egd(PyObject *self, PyObject *arg) PySSL_RAND_egd(PyObject *self, PyObject *arg)
{ {
...@@ -3327,7 +3332,7 @@ Queries the entropy gather daemon (EGD) on the socket named by 'path'.\n\ ...@@ -3327,7 +3332,7 @@ Queries the entropy gather daemon (EGD) on the socket named by 'path'.\n\
Returns number of bytes read. Raises SSLError if connection to EGD\n\ Returns number of bytes read. Raises SSLError if connection to EGD\n\
fails or if it does not provide enough data to seed PRNG."); fails or if it does not provide enough data to seed PRNG.");
#endif /* HAVE_OPENSSL_RAND */ #endif /* HAVE_RAND_EGD */
PyDoc_STRVAR(PySSL_get_default_verify_paths_doc, PyDoc_STRVAR(PySSL_get_default_verify_paths_doc,
...@@ -3720,10 +3725,12 @@ static PyMethodDef PySSL_methods[] = { ...@@ -3720,10 +3725,12 @@ static PyMethodDef PySSL_methods[] = {
#ifdef HAVE_OPENSSL_RAND #ifdef HAVE_OPENSSL_RAND
{"RAND_add", PySSL_RAND_add, METH_VARARGS, {"RAND_add", PySSL_RAND_add, METH_VARARGS,
PySSL_RAND_add_doc}, PySSL_RAND_add_doc},
{"RAND_egd", PySSL_RAND_egd, METH_VARARGS,
PySSL_RAND_egd_doc},
{"RAND_status", (PyCFunction)PySSL_RAND_status, METH_NOARGS, {"RAND_status", (PyCFunction)PySSL_RAND_status, METH_NOARGS,
PySSL_RAND_status_doc}, PySSL_RAND_status_doc},
#endif
#ifdef HAVE_RAND_EGD
{"RAND_egd", PySSL_RAND_egd, METH_VARARGS,
PySSL_RAND_egd_doc},
#endif #endif
{"get_default_verify_paths", (PyCFunction)PySSL_get_default_verify_paths, {"get_default_verify_paths", (PyCFunction)PySSL_get_default_verify_paths,
METH_NOARGS, PySSL_get_default_verify_paths_doc}, METH_NOARGS, PySSL_get_default_verify_paths_doc},
......
...@@ -8551,6 +8551,48 @@ _ACEOF ...@@ -8551,6 +8551,48 @@ _ACEOF
fi fi
# Dynamic linking for HP-UX # Dynamic linking for HP-UX
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for RAND_egd in -lcrypto" >&5
$as_echo_n "checking for RAND_egd in -lcrypto... " >&6; }
if ${ac_cv_lib_crypto_RAND_egd+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
LIBS="-lcrypto $LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
/* Override any GCC internal prototype to avoid an error.
Use char because int might match the return type of a GCC
builtin and then its argument prototype would still apply. */
#ifdef __cplusplus
extern "C"
#endif
char RAND_egd ();
int
main ()
{
return RAND_egd ();
;
return 0;
}
_ACEOF
if ac_fn_c_try_link "$LINENO"; then :
ac_cv_lib_crypto_RAND_egd=yes
else
ac_cv_lib_crypto_RAND_egd=no
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_RAND_egd" >&5
$as_echo "$ac_cv_lib_crypto_RAND_egd" >&6; }
if test "x$ac_cv_lib_crypto_RAND_egd" = xyes; then :
$as_echo "#define HAVE_RAND_EGD 1" >>confdefs.h
fi
# only check for sem_init if thread support is requested # only check for sem_init if thread support is requested
if test "$with_threads" = "yes" -o -z "$with_threads"; then if test "$with_threads" = "yes" -o -z "$with_threads"; then
......
...@@ -2221,6 +2221,9 @@ AC_MSG_RESULT($SHLIBS) ...@@ -2221,6 +2221,9 @@ AC_MSG_RESULT($SHLIBS)
# checks for libraries # checks for libraries
AC_CHECK_LIB(dl, dlopen) # Dynamic linking for SunOS/Solaris and SYSV AC_CHECK_LIB(dl, dlopen) # Dynamic linking for SunOS/Solaris and SYSV
AC_CHECK_LIB(dld, shl_load) # Dynamic linking for HP-UX AC_CHECK_LIB(dld, shl_load) # Dynamic linking for HP-UX
AC_CHECK_LIB(crypto, RAND_egd,
AC_DEFINE(HAVE_RAND_EGD, 1,
[Define if the libcrypto has RAND_egd]))
# only check for sem_init if thread support is requested # only check for sem_init if thread support is requested
if test "$with_threads" = "yes" -o -z "$with_threads"; then if test "$with_threads" = "yes" -o -z "$with_threads"; then
......
...@@ -547,6 +547,9 @@ ...@@ -547,6 +547,9 @@
/* Define to 1 if you have the `putenv' function. */ /* Define to 1 if you have the `putenv' function. */
#undef HAVE_PUTENV #undef HAVE_PUTENV
/* Define if the libcrypto has RAND_egd */
#undef HAVE_RAND_EGD
/* Define to 1 if you have the `readlink' function. */ /* Define to 1 if you have the `readlink' function. */
#undef HAVE_READLINK #undef HAVE_READLINK
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment