cpython: 6f23bc5d480e (original) (raw)
Mercurial > cpython
changeset 93642:6f23bc5d480e
Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The availability of the function is checked during the compilation. Patch written by Bernard Spil. [#21356]
| Victor Stinner victor.stinner@gmail.com | |
|---|---|
| date | Fri, 28 Nov 2014 13:28:25 +0100 |
| parents | 29645775b75c |
| children | 2ab452a0c5c6 |
| files | Lib/ssl.py Lib/test/test_ssl.py Misc/NEWS Modules/_ssl.c configure configure.ac pyconfig.h.in |
| diffstat | 7 files changed, 65 insertions(+), 3 deletions(-)[+] [-] Lib/ssl.py 7 Lib/test/test_ssl.py 5 Misc/NEWS 4 Modules/_ssl.c 4 configure 42 configure.ac 3 pyconfig.h.in 3 |
line wrap: on
line diff
--- a/Lib/ssl.py +++ b/Lib/ssl.py @@ -106,7 +106,12 @@ from _ssl import CERT_NONE, CERT_OPTIONA from _ssl import (VERIFY_DEFAULT, VERIFY_CRL_CHECK_LEAF, VERIFY_CRL_CHECK_CHAIN, VERIFY_X509_STRICT) from _ssl import txt2obj as _txt2obj, nid2obj as _nid2obj -from _ssl import RAND_status, RAND_egd, RAND_add, RAND_bytes, RAND_pseudo_bytes +from _ssl import RAND_status, RAND_add, RAND_bytes, RAND_pseudo_bytes +try:
def _import_symbols(prefix): for n in dir(_ssl):
--- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -168,8 +168,9 @@ class BasicSocketTests(unittest.TestCase self.assertRaises(ValueError, ssl.RAND_bytes, -5) self.assertRaises(ValueError, ssl.RAND_pseudo_bytes, -5)
self.assertRaises(TypeError, ssl.RAND_egd, 1)[](#l2.7)self.assertRaises(TypeError, ssl.RAND_egd, 'foo', 1)[](#l2.8)
if hasattr(ssl, 'RAND_egd'):[](#l2.9)self.assertRaises(TypeError, ssl.RAND_egd, 1)[](#l2.10)self.assertRaises(TypeError, ssl.RAND_egd, 'foo', 1)[](#l2.11) ssl.RAND_add("this is a random string", 75.0)[](#l2.12)
@unittest.skipUnless(os.name == 'posix', 'requires posix')
--- a/Misc/NEWS +++ b/Misc/NEWS @@ -191,6 +191,10 @@ Core and Builtins Library ------- +- Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The
--- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -3713,6 +3713,7 @@ Returns 1 if the OpenSSL PRNG has been s It is necessary to seed the PRNG with RAND_add() on some platforms before\n[](#l4.4) using the ssl() function."); +#ifdef HAVE_RAND_EGD static PyObject * PySSL_RAND_egd(PyObject *self, PyObject args) { @@ -3740,6 +3741,7 @@ PyDoc_STRVAR(PySSL_RAND_egd_doc, Queries the entropy gather daemon (EGD) on the socket named by 'path'.\n[](#l4.12) Returns number of bytes read. Raises SSLError if connection to EGD\n[](#l4.13) fails or if it does not provide enough data to seed PRNG."); +#endif / HAVE_RAND_EGD / #endif / HAVE_OPENSSL_RAND */ @@ -4135,8 +4137,10 @@ static PyMethodDef PySSL_methods[] = { PySSL_RAND_bytes_doc}, {"RAND_pseudo_bytes", PySSL_RAND_pseudo_bytes, METH_VARARGS, PySSL_RAND_pseudo_bytes_doc}, +#ifdef HAVE_RAND_EGD {"RAND_egd", PySSL_RAND_egd, METH_VARARGS, PySSL_RAND_egd_doc}, +#endif {"RAND_status", (PyCFunction)PySSL_RAND_status, METH_NOARGS, PySSL_RAND_status_doc}, #endif
--- a/configure +++ b/configure @@ -9046,6 +9046,48 @@ if test "x$ac_cv_lib_dld_shl_load" = xye fi # Dynamic linking for HP-UX +{ asecho"as_echo "asecho"as_me:${as_lineno-$LINENO}: checking for RAND_egd in -lcrypto" >&5 +$as_echo_n "checking for RAND_egd in -lcrypto... " >&6; } +if ${ac_cv_lib_crypto_RAND_egd+:} false; then :
- $as_echo_n "(cached) " >&6 +else
- ac_check_lib_save_LIBS=$LIBS +LIBS="-lcrypto $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. / + +/ Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char RAND_egd (); +int +main () +{ +return RAND_egd ();
- ;
- return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then :
- ac_cv_lib_crypto_RAND_egd=yes +else
- ac_cv_lib_crypto_RAND_egd=no +fi +rm -f core conftest.err conftest.$ac_objext [](#l5.37)
- conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS +fi +{ asecho"as_echo "asecho"as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_RAND_egd" >&5 +$as_echo "$ac_cv_lib_crypto_RAND_egd" >&6; } +if test "x$ac_cv_lib_crypto_RAND_egd" = xyes; then : + +$as_echo "#define HAVE_RAND_EGD 1" >>confdefs.h + +fi +
only check for sem_init if thread support is requested
if test "$with_threads" = "yes" -o -z "$with_threads"; then
--- a/configure.ac +++ b/configure.ac @@ -2293,6 +2293,9 @@ AC_MSG_RESULT($SHLIBS) AC_CHECK_LIB(sendfile, sendfile) AC_CHECK_LIB(dl, dlopen) # Dynamic linking for SunOS/Solaris and SYSV AC_CHECK_LIB(dld, shl_load) # Dynamic linking for HP-UX +AC_CHECK_LIB(crypto, RAND_egd,
AC_DEFINE(HAVE_RAND_EGD, 1,[](#l6.8)[Define if the libcrypto has RAND_egd]))[](#l6.9)
only check for sem_init if thread support is requested
if test "$with_threads" = "yes" -o -z "$with_threads"; then
--- a/pyconfig.h.in
+++ b/pyconfig.h.in
@@ -675,6 +675,9 @@
/* Define to 1 if you have the pwrite' function. */[](#l7.4) #undef HAVE_PWRITE[](#l7.5) [](#l7.6) +/* Define if the libcrypto has RAND_egd */[](#l7.7) +#undef HAVE_RAND_EGD[](#l7.8) +[](#l7.9) /* Define to 1 if you have the readlink' function. */
#undef HAVE_READLINK