summaryrefslogtreecommitdiffstats
path: root/Lib
diff options
context:
space:
mode:
authorChristian Heimes <christian@cheimes.de>2013-08-21 11:26:34 (GMT)
committerChristian Heimes <christian@cheimes.de>2013-08-21 11:26:34 (GMT)
commit6acbe2aaa385ada342ac9421333fce083041f06f (patch)
treeb1de03775bdb9e03730fa8bb99d7b946986ce973 /Lib
parent5bb1b1dd6f94af0e8cb2d4a1686bc4882147ba66 (diff)
parentf77b4b20e931dd0247a176db856723fe1203d32e (diff)
downloadcpython-6acbe2aaa385ada342ac9421333fce083041f06f.zip
cpython-6acbe2aaa385ada342ac9421333fce083041f06f.tar.gz
cpython-6acbe2aaa385ada342ac9421333fce083041f06f.tar.bz2
Issue #18747: Re-seed OpenSSL's pseudo-random number generator after fork.
A pthread_atfork() child handler is used to seeded the PRNG with pid, time and some stack data.
Diffstat (limited to 'Lib')
-rw-r--r--Lib/test/test_ssl.py32
1 files changed, 32 insertions, 0 deletions
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index 7ccffad..6a99ad0 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -143,6 +143,38 @@ class BasicSocketTests(unittest.TestCase):
self.assertRaises(TypeError, ssl.RAND_egd, 'foo', 1)
ssl.RAND_add("this is a random string", 75.0)
+ @unittest.skipUnless(os.name == 'posix', 'requires posix')
+ def test_random_fork(self):
+ status = ssl.RAND_status()
+ if not status:
+ self.fail("OpenSSL's PRNG has insufficient randomness")
+
+ rfd, wfd = os.pipe()
+ pid = os.fork()
+ if pid == 0:
+ try:
+ os.close(rfd)
+ child_random = ssl.RAND_pseudo_bytes(16)[0]
+ self.assertEqual(len(child_random), 16)
+ os.write(wfd, child_random)
+ os.close(wfd)
+ except BaseException:
+ os._exit(1)
+ else:
+ os._exit(0)
+ else:
+ os.close(wfd)
+ self.addCleanup(os.close, rfd)
+ _, status = os.waitpid(pid, 0)
+ self.assertEqual(status, 0)
+
+ child_random = os.read(rfd, 16)
+ self.assertEqual(len(child_random), 16)
+ parent_random = ssl.RAND_pseudo_bytes(16)[0]
+ self.assertEqual(len(parent_random), 16)
+
+ self.assertNotEqual(child_random, parent_random)
+
def test_parse_cert(self):
# note that this uses an 'unofficial' function in _ssl.c,
# provided solely for this test, to exercise the certificate