diff options
author | Christian Heimes <christian@cheimes.de> | 2013-08-21 11:26:34 (GMT) |
---|---|---|
committer | Christian Heimes <christian@cheimes.de> | 2013-08-21 11:26:34 (GMT) |
commit | 6acbe2aaa385ada342ac9421333fce083041f06f (patch) | |
tree | b1de03775bdb9e03730fa8bb99d7b946986ce973 /Lib | |
parent | 5bb1b1dd6f94af0e8cb2d4a1686bc4882147ba66 (diff) | |
parent | f77b4b20e931dd0247a176db856723fe1203d32e (diff) | |
download | cpython-6acbe2aaa385ada342ac9421333fce083041f06f.zip cpython-6acbe2aaa385ada342ac9421333fce083041f06f.tar.gz cpython-6acbe2aaa385ada342ac9421333fce083041f06f.tar.bz2 |
Issue #18747: Re-seed OpenSSL's pseudo-random number generator after fork.
A pthread_atfork() child handler is used to seeded the PRNG with pid, time
and some stack data.
Diffstat (limited to 'Lib')
-rw-r--r-- | Lib/test/test_ssl.py | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index 7ccffad..6a99ad0 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -143,6 +143,38 @@ class BasicSocketTests(unittest.TestCase): self.assertRaises(TypeError, ssl.RAND_egd, 'foo', 1) ssl.RAND_add("this is a random string", 75.0) + @unittest.skipUnless(os.name == 'posix', 'requires posix') + def test_random_fork(self): + status = ssl.RAND_status() + if not status: + self.fail("OpenSSL's PRNG has insufficient randomness") + + rfd, wfd = os.pipe() + pid = os.fork() + if pid == 0: + try: + os.close(rfd) + child_random = ssl.RAND_pseudo_bytes(16)[0] + self.assertEqual(len(child_random), 16) + os.write(wfd, child_random) + os.close(wfd) + except BaseException: + os._exit(1) + else: + os._exit(0) + else: + os.close(wfd) + self.addCleanup(os.close, rfd) + _, status = os.waitpid(pid, 0) + self.assertEqual(status, 0) + + child_random = os.read(rfd, 16) + self.assertEqual(len(child_random), 16) + parent_random = ssl.RAND_pseudo_bytes(16)[0] + self.assertEqual(len(parent_random), 16) + + self.assertNotEqual(child_random, parent_random) + def test_parse_cert(self): # note that this uses an 'unofficial' function in _ssl.c, # provided solely for this test, to exercise the certificate |