cpython: eddcb6671a48 (original) (raw)
Mercurial > cpython
changeset 94049:eddcb6671a48 2.7
Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The availability of the function is checked during the compilation. Patch written by Bernard Spil. [#21356]
| Victor Stinner victor.stinner@gmail.com | |
|---|---|
| date | Tue, 06 Jan 2015 13:53:37 +0100 |
| parents | 7f30206d402f |
| children | 35b5ff543d4b |
| files | Doc/library/ssl.rst Lib/socket.py Lib/ssl.py Lib/test/test_ssl.py Misc/NEWS Modules/_ssl.c configure configure.ac pyconfig.h.in |
| diffstat | 9 files changed, 78 insertions(+), 7 deletions(-)[+] [-] Doc/library/ssl.rst 2 Lib/socket.py 6 Lib/ssl.py 7 Lib/test/test_ssl.py 5 Misc/NEWS 4 Modules/_ssl.c 13 configure 42 configure.ac 3 pyconfig.h.in 3 |
line wrap: on
line diff
--- a/Doc/library/ssl.rst +++ b/Doc/library/ssl.rst @@ -299,6 +299,8 @@ Random generation See http://egd.sourceforge.net/ or http://prngd.sourceforge.net/ for sources of entropy-gathering daemons.
.. function:: RAND_add(bytes, entropy) Mixes the given bytes into the SSL pseudo-random number generator. The
--- a/Lib/socket.py +++ b/Lib/socket.py @@ -67,7 +67,6 @@ else: from _ssl import SSLError as sslerror from _ssl import [](#l2.5) RAND_add, [](#l2.6)
RAND_egd, \[](#l2.7) RAND_status, \[](#l2.8) SSL_ERROR_ZERO_RETURN, \[](#l2.9) SSL_ERROR_WANT_READ, \[](#l2.10)
@@ -78,6 +77,11 @@ else: SSL_ERROR_WANT_CONNECT, [](#l2.12) SSL_ERROR_EOF, [](#l2.13) SSL_ERROR_INVALID_ERROR_CODE
- try:
from _ssl import RAND_egd[](#l2.16)- except ImportError:
# LibreSSL does not provide RAND_egd[](#l2.18)pass[](#l2.19)
--- a/Lib/ssl.py +++ b/Lib/ssl.py @@ -106,7 +106,12 @@ from _ssl import CERT_NONE, CERT_OPTIONA from _ssl import (VERIFY_DEFAULT, VERIFY_CRL_CHECK_LEAF, VERIFY_CRL_CHECK_CHAIN, VERIFY_X509_STRICT) from _ssl import txt2obj as _txt2obj, nid2obj as _nid2obj -from _ssl import RAND_status, RAND_egd, RAND_add +from _ssl import RAND_status, RAND_add +try:
def _import_symbols(prefix): for n in dir(_ssl):
--- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -169,8 +169,9 @@ class BasicSocketTests(unittest.TestCase sys.stdout.write("\n RAND_status is %d (%s)\n" % (v, (v and "sufficient randomness") or "insufficient randomness"))
self.assertRaises(TypeError, ssl.RAND_egd, 1)[](#l4.7)self.assertRaises(TypeError, ssl.RAND_egd, 'foo', 1)[](#l4.8)
if hasattr(ssl, 'RAND_egd'):[](#l4.9)self.assertRaises(TypeError, ssl.RAND_egd, 1)[](#l4.10)self.assertRaises(TypeError, ssl.RAND_egd, 'foo', 1)[](#l4.11) ssl.RAND_add("this is a random string", 75.0)[](#l4.12)
--- a/Misc/NEWS +++ b/Misc/NEWS @@ -15,6 +15,10 @@ Core and Builtins Library ------- +- Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The
- Backport the context argument to ftplib.FTP_TLS.
- Issue #23111: Maximize compatibility in protocol versions of ftplib.FTP_TLS.
--- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -3301,6 +3301,11 @@ Returns 1 if the OpenSSL PRNG has been s It is necessary to seed the PRNG with RAND_add() on some platforms before\n[](#l6.4) using the ssl() function."); +#endif /* HAVE_OPENSSL_RAND */ + + +#ifdef HAVE_RAND_EGD + static PyObject * PySSL_RAND_egd(PyObject *self, PyObject arg) { @@ -3327,7 +3332,7 @@ Queries the entropy gather daemon (EGD) Returns number of bytes read. Raises SSLError if connection to EGD\n[](#l6.16) fails or if it does not provide enough data to seed PRNG."); -#endif / HAVE_OPENSSL_RAND / +#endif / HAVE_RAND_EGD */ PyDoc_STRVAR(PySSL_get_default_verify_paths_doc, @@ -3720,10 +3725,12 @@ static PyMethodDef PySSL_methods[] = { #ifdef HAVE_OPENSSL_RAND {"RAND_add", PySSL_RAND_add, METH_VARARGS, PySSL_RAND_add_doc},
+#endif +#ifdef HAVE_RAND_EGD {"RAND_egd", PySSL_RAND_egd, METH_VARARGS, PySSL_RAND_egd_doc},
#endif {"get_default_verify_paths", (PyCFunction)PySSL_get_default_verify_paths, METH_NOARGS, PySSL_get_default_verify_paths_doc},
--- a/configure +++ b/configure @@ -8551,6 +8551,48 @@ if test "x$ac_cv_lib_dld_shl_load" = xye fi # Dynamic linking for HP-UX +{ asecho"as_echo "asecho"as_me:${as_lineno-$LINENO}: checking for RAND_egd in -lcrypto" >&5 +$as_echo_n "checking for RAND_egd in -lcrypto... " >&6; } +if ${ac_cv_lib_crypto_RAND_egd+:} false; then :
- $as_echo_n "(cached) " >&6 +else
- ac_check_lib_save_LIBS=$LIBS +LIBS="-lcrypto $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. / + +/ Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char RAND_egd (); +int +main () +{ +return RAND_egd ();
- ;
- return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then :
- ac_cv_lib_crypto_RAND_egd=yes +else
- ac_cv_lib_crypto_RAND_egd=no +fi +rm -f core conftest.err conftest.$ac_objext [](#l7.37)
- conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS +fi +{ asecho"as_echo "asecho"as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_RAND_egd" >&5 +$as_echo "$ac_cv_lib_crypto_RAND_egd" >&6; } +if test "x$ac_cv_lib_crypto_RAND_egd" = xyes; then : + +$as_echo "#define HAVE_RAND_EGD 1" >>confdefs.h + +fi +
only check for sem_init if thread support is requested
if test "$with_threads" = "yes" -o -z "$with_threads"; then
--- a/configure.ac +++ b/configure.ac @@ -2221,6 +2221,9 @@ AC_MSG_RESULT($SHLIBS)
checks for libraries
AC_CHECK_LIB(dl, dlopen) # Dynamic linking for SunOS/Solaris and SYSV AC_CHECK_LIB(dld, shl_load) # Dynamic linking for HP-UX +AC_CHECK_LIB(crypto, RAND_egd,
AC_DEFINE(HAVE_RAND_EGD, 1,[](#l8.8)[Define if the libcrypto has RAND_egd]))[](#l8.9)
only check for sem_init if thread support is requested
if test "$with_threads" = "yes" -o -z "$with_threads"; then
--- a/pyconfig.h.in
+++ b/pyconfig.h.in
@@ -547,6 +547,9 @@
/* Define to 1 if you have the putenv' function. */[](#l9.4) #undef HAVE_PUTENV[](#l9.5) [](#l9.6) +/* Define if the libcrypto has RAND_egd */[](#l9.7) +#undef HAVE_RAND_EGD[](#l9.8) +[](#l9.9) /* Define to 1 if you have the readlink' function. */
#undef HAVE_READLINK