summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVictor Stinner <victor.stinner@gmail.com>2015-01-06 12:54:58 (GMT)
committerVictor Stinner <victor.stinner@gmail.com>2015-01-06 12:54:58 (GMT)
commitfcfed1991382f9697df574fae4115a9f815adca0 (patch)
tree5f9519dcdc56aab61eea2e7d6ef280f1f70e47f5
parent9d01717f373d0180e2804c827efbc40d8cf72063 (diff)
downloadcpython-fcfed1991382f9697df574fae4115a9f815adca0.zip
cpython-fcfed1991382f9697df574fae4115a9f815adca0.tar.gz
cpython-fcfed1991382f9697df574fae4115a9f815adca0.tar.bz2
Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The
availability of the function is checked during the compilation. Patch written by Bernard Spil.
-rw-r--r--Lib/ssl.py7
-rw-r--r--Lib/test/test_ssl.py5
-rw-r--r--Misc/NEWS4
-rw-r--r--Modules/_ssl.c4
-rwxr-xr-xconfigure42
-rw-r--r--configure.ac3
-rw-r--r--pyconfig.h.in3
7 files changed, 65 insertions, 3 deletions
diff --git a/Lib/ssl.py b/Lib/ssl.py
index 3b667ff..8c75f00 100644
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -106,7 +106,12 @@ from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
from _ssl import (VERIFY_DEFAULT, VERIFY_CRL_CHECK_LEAF, VERIFY_CRL_CHECK_CHAIN,
VERIFY_X509_STRICT)
from _ssl import txt2obj as _txt2obj, nid2obj as _nid2obj
-from _ssl import RAND_status, RAND_egd, RAND_add, RAND_bytes, RAND_pseudo_bytes
+from _ssl import RAND_status, RAND_add, RAND_bytes, RAND_pseudo_bytes
+try:
+ from _ssl import RAND_egd
+except ImportError:
+ # LibreSSL does not provide RAND_egd
+ pass
def _import_symbols(prefix):
for n in dir(_ssl):
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index 9885eae..0a7b905 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -154,8 +154,9 @@ class BasicSocketTests(unittest.TestCase):
self.assertRaises(ValueError, ssl.RAND_bytes, -5)
self.assertRaises(ValueError, ssl.RAND_pseudo_bytes, -5)
- self.assertRaises(TypeError, ssl.RAND_egd, 1)
- self.assertRaises(TypeError, ssl.RAND_egd, 'foo', 1)
+ if hasattr(ssl, 'RAND_egd'):
+ self.assertRaises(TypeError, ssl.RAND_egd, 1)
+ self.assertRaises(TypeError, ssl.RAND_egd, 'foo', 1)
ssl.RAND_add("this is a random string", 75.0)
@unittest.skipUnless(os.name == 'posix', 'requires posix')
diff --git a/Misc/NEWS b/Misc/NEWS
index 79cb8ee..80bfdac 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -44,6 +44,10 @@ Core and Builtins
Library
-------
+- Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The
+ availability of the function is checked during the compilation. Patch written
+ by Bernard Spil.
+
- Issue #20896, #22935: The :func:`ssl.get_server_certificate` function now
uses the :data:`~ssl.PROTOCOL_SSLv23` protocol by default, not
:data:`~ssl.PROTOCOL_SSLv3`, for maximum compatibility and support platforms
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 17beaf8..914d5aa 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -3335,6 +3335,7 @@ Returns 1 if the OpenSSL PRNG has been seeded with enough data and 0 if not.\n\
It is necessary to seed the PRNG with RAND_add() on some platforms before\n\
using the ssl() function.");
+#ifdef HAVE_RAND_EGD
static PyObject *
PySSL_RAND_egd(PyObject *self, PyObject *args)
{
@@ -3362,6 +3363,7 @@ PyDoc_STRVAR(PySSL_RAND_egd_doc,
Queries the entropy gather daemon (EGD) on the socket named by 'path'.\n\
Returns number of bytes read. Raises SSLError if connection to EGD\n\
fails or if it does not provide enough data to seed PRNG.");
+#endif /* HAVE_RAND_EGD */
#endif /* HAVE_OPENSSL_RAND */
@@ -3757,8 +3759,10 @@ static PyMethodDef PySSL_methods[] = {
PySSL_RAND_bytes_doc},
{"RAND_pseudo_bytes", PySSL_RAND_pseudo_bytes, METH_VARARGS,
PySSL_RAND_pseudo_bytes_doc},
+#ifdef HAVE_RAND_EGD
{"RAND_egd", PySSL_RAND_egd, METH_VARARGS,
PySSL_RAND_egd_doc},
+#endif
{"RAND_status", (PyCFunction)PySSL_RAND_status, METH_NOARGS,
PySSL_RAND_status_doc},
#endif
diff --git a/configure b/configure
index 79e9376..274af7e 100755
--- a/configure
+++ b/configure
@@ -8913,6 +8913,48 @@ _ACEOF
fi
# Dynamic linking for HP-UX
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for RAND_egd in -lcrypto" >&5
+$as_echo_n "checking for RAND_egd in -lcrypto... " >&6; }
+if ${ac_cv_lib_crypto_RAND_egd+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lcrypto $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char RAND_egd ();
+int
+main ()
+{
+return RAND_egd ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_crypto_RAND_egd=yes
+else
+ ac_cv_lib_crypto_RAND_egd=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_RAND_egd" >&5
+$as_echo "$ac_cv_lib_crypto_RAND_egd" >&6; }
+if test "x$ac_cv_lib_crypto_RAND_egd" = xyes; then :
+
+$as_echo "#define HAVE_RAND_EGD 1" >>confdefs.h
+
+fi
+
# only check for sem_init if thread support is requested
if test "$with_threads" = "yes" -o -z "$with_threads"; then
diff --git a/configure.ac b/configure.ac
index 21f4152..a0d0afa 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2238,6 +2238,9 @@ AC_MSG_RESULT($SHLIBS)
AC_CHECK_LIB(sendfile, sendfile)
AC_CHECK_LIB(dl, dlopen) # Dynamic linking for SunOS/Solaris and SYSV
AC_CHECK_LIB(dld, shl_load) # Dynamic linking for HP-UX
+AC_CHECK_LIB(crypto, RAND_egd,
+ AC_DEFINE(HAVE_RAND_EGD, 1,
+ [Define if the libcrypto has RAND_egd]))
# only check for sem_init if thread support is requested
if test "$with_threads" = "yes" -o -z "$with_threads"; then
diff --git a/pyconfig.h.in b/pyconfig.h.in
index b3a3e17..85490c8 100644
--- a/pyconfig.h.in
+++ b/pyconfig.h.in
@@ -675,6 +675,9 @@
/* Define to 1 if you have the `pwrite' function. */
#undef HAVE_PWRITE
+/* Define if the libcrypto has RAND_egd */
+#undef HAVE_RAND_EGD
+
/* Define to 1 if you have the `readlink' function. */
#undef HAVE_READLINK