mirror of
https://github.com/python/cpython.git
synced 2025-08-23 02:04:56 +00:00
Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The
availability of the function is checked during the compilation. Patch written by Bernard Spil.
This commit is contained in:
Victor Stinner
parent
07ff92a0d2
commit
beeb512fe1
7 changed files with 65 additions and 3 deletions
|
|
@ -106,7 +106,12 @@ from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
|
||||||
from _ssl import (VERIFY_DEFAULT, VERIFY_CRL_CHECK_LEAF, VERIFY_CRL_CHECK_CHAIN,
|
from _ssl import (VERIFY_DEFAULT, VERIFY_CRL_CHECK_LEAF, VERIFY_CRL_CHECK_CHAIN,
|
||||||
VERIFY_X509_STRICT)
|
VERIFY_X509_STRICT)
|
||||||
from _ssl import txt2obj as _txt2obj, nid2obj as _nid2obj
|
from _ssl import txt2obj as _txt2obj, nid2obj as _nid2obj
|
||||||
from _ssl import RAND_status, RAND_egd, RAND_add, RAND_bytes, RAND_pseudo_bytes
|
from _ssl import RAND_status, RAND_add, RAND_bytes, RAND_pseudo_bytes
|
||||||
|
try:
|
||||||
|
from _ssl import RAND_egd
|
||||||
|
except ImportError:
|
||||||
|
# LibreSSL does not provide RAND_egd
|
||||||
|
pass
|
||||||
|
|
||||||
def _import_symbols(prefix):
|
def _import_symbols(prefix):
|
||||||
for n in dir(_ssl):
|
for n in dir(_ssl):
|
||||||
|
|
|
||||||
|
|
@ -168,6 +168,7 @@ class BasicSocketTests(unittest.TestCase):
|
||||||
self.assertRaises(ValueError, ssl.RAND_bytes, -5)
|
self.assertRaises(ValueError, ssl.RAND_bytes, -5)
|
||||||
self.assertRaises(ValueError, ssl.RAND_pseudo_bytes, -5)
|
self.assertRaises(ValueError, ssl.RAND_pseudo_bytes, -5)
|
||||||
|
|
||||||
|
if hasattr(ssl, 'RAND_egd'):
|
||||||
self.assertRaises(TypeError, ssl.RAND_egd, 1)
|
self.assertRaises(TypeError, ssl.RAND_egd, 1)
|
||||||
self.assertRaises(TypeError, ssl.RAND_egd, 'foo', 1)
|
self.assertRaises(TypeError, ssl.RAND_egd, 'foo', 1)
|
||||||
ssl.RAND_add("this is a random string", 75.0)
|
ssl.RAND_add("this is a random string", 75.0)
|
||||||
|
|
|
||||||
|
|
@ -191,6 +191,10 @@ Core and Builtins
|
||||||
Library
|
Library
|
||||||
-------
|
-------
|
||||||
|
|
||||||
|
- Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The
|
||||||
|
availability of the function is checked during the compilation. Patch written
|
||||||
|
by Bernard Spil.
|
||||||
|
|
||||||
- Issue #22915: SAX parser now supports files opened with file descriptor or
|
- Issue #22915: SAX parser now supports files opened with file descriptor or
|
||||||
bytes path.
|
bytes path.
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -3713,6 +3713,7 @@ Returns 1 if the OpenSSL PRNG has been seeded with enough data and 0 if not.\n\
|
||||||
It is necessary to seed the PRNG with RAND_add() on some platforms before\n\
|
It is necessary to seed the PRNG with RAND_add() on some platforms before\n\
|
||||||
using the ssl() function.");
|
using the ssl() function.");
|
||||||
|
|
||||||
|
#ifdef HAVE_RAND_EGD
|
||||||
static PyObject *
|
static PyObject *
|
||||||
PySSL_RAND_egd(PyObject *self, PyObject *args)
|
PySSL_RAND_egd(PyObject *self, PyObject *args)
|
||||||
{
|
{
|
||||||
|
|
@ -3740,6 +3741,7 @@ PyDoc_STRVAR(PySSL_RAND_egd_doc,
|
||||||
Queries the entropy gather daemon (EGD) on the socket named by 'path'.\n\
|
Queries the entropy gather daemon (EGD) on the socket named by 'path'.\n\
|
||||||
Returns number of bytes read. Raises SSLError if connection to EGD\n\
|
Returns number of bytes read. Raises SSLError if connection to EGD\n\
|
||||||
fails or if it does not provide enough data to seed PRNG.");
|
fails or if it does not provide enough data to seed PRNG.");
|
||||||
|
#endif /* HAVE_RAND_EGD */
|
||||||
|
|
||||||
#endif /* HAVE_OPENSSL_RAND */
|
#endif /* HAVE_OPENSSL_RAND */
|
||||||
|
|
||||||
|
|
@ -4135,8 +4137,10 @@ static PyMethodDef PySSL_methods[] = {
|
||||||
PySSL_RAND_bytes_doc},
|
PySSL_RAND_bytes_doc},
|
||||||
{"RAND_pseudo_bytes", PySSL_RAND_pseudo_bytes, METH_VARARGS,
|
{"RAND_pseudo_bytes", PySSL_RAND_pseudo_bytes, METH_VARARGS,
|
||||||
PySSL_RAND_pseudo_bytes_doc},
|
PySSL_RAND_pseudo_bytes_doc},
|
||||||
|
#ifdef HAVE_RAND_EGD
|
||||||
{"RAND_egd", PySSL_RAND_egd, METH_VARARGS,
|
{"RAND_egd", PySSL_RAND_egd, METH_VARARGS,
|
||||||
PySSL_RAND_egd_doc},
|
PySSL_RAND_egd_doc},
|
||||||
|
#endif
|
||||||
{"RAND_status", (PyCFunction)PySSL_RAND_status, METH_NOARGS,
|
{"RAND_status", (PyCFunction)PySSL_RAND_status, METH_NOARGS,
|
||||||
PySSL_RAND_status_doc},
|
PySSL_RAND_status_doc},
|
||||||
#endif
|
#endif
|
||||||
|
|
|
||||||
42
configure
vendored
42
configure
vendored
|
|
@ -9046,6 +9046,48 @@ _ACEOF
|
||||||
|
|
||||||
fi
|
fi
|
||||||
# Dynamic linking for HP-UX
|
# Dynamic linking for HP-UX
|
||||||
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for RAND_egd in -lcrypto" >&5
|
||||||
|
$as_echo_n "checking for RAND_egd in -lcrypto... " >&6; }
|
||||||
|
if ${ac_cv_lib_crypto_RAND_egd+:} false; then :
|
||||||
|
$as_echo_n "(cached) " >&6
|
||||||
|
else
|
||||||
|
ac_check_lib_save_LIBS=$LIBS
|
||||||
|
LIBS="-lcrypto $LIBS"
|
||||||
|
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||||
|
/* end confdefs.h. */
|
||||||
|
|
||||||
|
/* Override any GCC internal prototype to avoid an error.
|
||||||
|
Use char because int might match the return type of a GCC
|
||||||
|
builtin and then its argument prototype would still apply. */
|
||||||
|
#ifdef __cplusplus
|
||||||
|
extern "C"
|
||||||
|
#endif
|
||||||
|
char RAND_egd ();
|
||||||
|
int
|
||||||
|
main ()
|
||||||
|
{
|
||||||
|
return RAND_egd ();
|
||||||
|
;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
_ACEOF
|
||||||
|
if ac_fn_c_try_link "$LINENO"; then :
|
||||||
|
ac_cv_lib_crypto_RAND_egd=yes
|
||||||
|
else
|
||||||
|
ac_cv_lib_crypto_RAND_egd=no
|
||||||
|
fi
|
||||||
|
rm -f core conftest.err conftest.$ac_objext \
|
||||||
|
conftest$ac_exeext conftest.$ac_ext
|
||||||
|
LIBS=$ac_check_lib_save_LIBS
|
||||||
|
fi
|
||||||
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_RAND_egd" >&5
|
||||||
|
$as_echo "$ac_cv_lib_crypto_RAND_egd" >&6; }
|
||||||
|
if test "x$ac_cv_lib_crypto_RAND_egd" = xyes; then :
|
||||||
|
|
||||||
|
$as_echo "#define HAVE_RAND_EGD 1" >>confdefs.h
|
||||||
|
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
# only check for sem_init if thread support is requested
|
# only check for sem_init if thread support is requested
|
||||||
if test "$with_threads" = "yes" -o -z "$with_threads"; then
|
if test "$with_threads" = "yes" -o -z "$with_threads"; then
|
||||||
|
|
|
||||||
|
|
@ -2293,6 +2293,9 @@ AC_MSG_RESULT($SHLIBS)
|
||||||
AC_CHECK_LIB(sendfile, sendfile)
|
AC_CHECK_LIB(sendfile, sendfile)
|
||||||
AC_CHECK_LIB(dl, dlopen) # Dynamic linking for SunOS/Solaris and SYSV
|
AC_CHECK_LIB(dl, dlopen) # Dynamic linking for SunOS/Solaris and SYSV
|
||||||
AC_CHECK_LIB(dld, shl_load) # Dynamic linking for HP-UX
|
AC_CHECK_LIB(dld, shl_load) # Dynamic linking for HP-UX
|
||||||
|
AC_CHECK_LIB(crypto, RAND_egd,
|
||||||
|
AC_DEFINE(HAVE_RAND_EGD, 1,
|
||||||
|
[Define if the libcrypto has RAND_egd]))
|
||||||
|
|
||||||
# only check for sem_init if thread support is requested
|
# only check for sem_init if thread support is requested
|
||||||
if test "$with_threads" = "yes" -o -z "$with_threads"; then
|
if test "$with_threads" = "yes" -o -z "$with_threads"; then
|
||||||
|
|
|
||||||
|
|
@ -675,6 +675,9 @@
|
||||||
/* Define to 1 if you have the `pwrite' function. */
|
/* Define to 1 if you have the `pwrite' function. */
|
||||||
#undef HAVE_PWRITE
|
#undef HAVE_PWRITE
|
||||||
|
|
||||||
|
/* Define if the libcrypto has RAND_egd */
|
||||||
|
#undef HAVE_RAND_EGD
|
||||||
|
|
||||||
/* Define to 1 if you have the `readlink' function. */
|
/* Define to 1 if you have the `readlink' function. */
|
||||||
#undef HAVE_READLINK
|
#undef HAVE_READLINK
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue