From beeb512fe1d8c502d854d7e27742a7481bccd5c4 Mon Sep 17 00:00:00 2001 From: Victor Stinner Date: Fri, 28 Nov 2014 13:28:25 +0100 Subject: Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The availability of the function is checked during the compilation. Patch written by Bernard Spil. --- Lib/ssl.py | 7 ++++++- Lib/test/test_ssl.py | 5 +++-- Misc/NEWS | 4 ++++ Modules/_ssl.c | 4 ++++ configure | 42 ++++++++++++++++++++++++++++++++++++++++++ configure.ac | 3 +++ pyconfig.h.in | 3 +++ 7 files changed, 65 insertions(+), 3 deletions(-) diff --git a/Lib/ssl.py b/Lib/ssl.py index 3d132b2..9264699 100644 --- a/Lib/ssl.py +++ b/Lib/ssl.py @@ -106,7 +106,12 @@ from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED from _ssl import (VERIFY_DEFAULT, VERIFY_CRL_CHECK_LEAF, VERIFY_CRL_CHECK_CHAIN, VERIFY_X509_STRICT) from _ssl import txt2obj as _txt2obj, nid2obj as _nid2obj -from _ssl import RAND_status, RAND_egd, RAND_add, RAND_bytes, RAND_pseudo_bytes +from _ssl import RAND_status, RAND_add, RAND_bytes, RAND_pseudo_bytes +try: + from _ssl import RAND_egd +except ImportError: + # LibreSSL does not provide RAND_egd + pass def _import_symbols(prefix): for n in dir(_ssl): diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index 06705b2..2a18cc4 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -168,8 +168,9 @@ class BasicSocketTests(unittest.TestCase): self.assertRaises(ValueError, ssl.RAND_bytes, -5) self.assertRaises(ValueError, ssl.RAND_pseudo_bytes, -5) - self.assertRaises(TypeError, ssl.RAND_egd, 1) - self.assertRaises(TypeError, ssl.RAND_egd, 'foo', 1) + if hasattr(ssl, 'RAND_egd'): + self.assertRaises(TypeError, ssl.RAND_egd, 1) + self.assertRaises(TypeError, ssl.RAND_egd, 'foo', 1) ssl.RAND_add("this is a random string", 75.0) @unittest.skipUnless(os.name == 'posix', 'requires posix') diff --git a/Misc/NEWS b/Misc/NEWS index b3d92b2..1cf01c9 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -191,6 +191,10 @@ Core and Builtins Library ------- +- Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The + availability of the function is checked during the compilation. Patch written + by Bernard Spil. + - Issue #22915: SAX parser now supports files opened with file descriptor or bytes path. diff --git a/Modules/_ssl.c b/Modules/_ssl.c index de9a5b4..29e7469 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -3713,6 +3713,7 @@ Returns 1 if the OpenSSL PRNG has been seeded with enough data and 0 if not.\n\ It is necessary to seed the PRNG with RAND_add() on some platforms before\n\ using the ssl() function."); +#ifdef HAVE_RAND_EGD static PyObject * PySSL_RAND_egd(PyObject *self, PyObject *args) { @@ -3740,6 +3741,7 @@ PyDoc_STRVAR(PySSL_RAND_egd_doc, Queries the entropy gather daemon (EGD) on the socket named by 'path'.\n\ Returns number of bytes read. Raises SSLError if connection to EGD\n\ fails or if it does not provide enough data to seed PRNG."); +#endif /* HAVE_RAND_EGD */ #endif /* HAVE_OPENSSL_RAND */ @@ -4135,8 +4137,10 @@ static PyMethodDef PySSL_methods[] = { PySSL_RAND_bytes_doc}, {"RAND_pseudo_bytes", PySSL_RAND_pseudo_bytes, METH_VARARGS, PySSL_RAND_pseudo_bytes_doc}, +#ifdef HAVE_RAND_EGD {"RAND_egd", PySSL_RAND_egd, METH_VARARGS, PySSL_RAND_egd_doc}, +#endif {"RAND_status", (PyCFunction)PySSL_RAND_status, METH_NOARGS, PySSL_RAND_status_doc}, #endif diff --git a/configure b/configure index 44a7477..ce0c840 100755 --- a/configure +++ b/configure @@ -9046,6 +9046,48 @@ _ACEOF fi # Dynamic linking for HP-UX +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for RAND_egd in -lcrypto" >&5 +$as_echo_n "checking for RAND_egd in -lcrypto... " >&6; } +if ${ac_cv_lib_crypto_RAND_egd+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lcrypto $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char RAND_egd (); +int +main () +{ +return RAND_egd (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_crypto_RAND_egd=yes +else + ac_cv_lib_crypto_RAND_egd=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_RAND_egd" >&5 +$as_echo "$ac_cv_lib_crypto_RAND_egd" >&6; } +if test "x$ac_cv_lib_crypto_RAND_egd" = xyes; then : + +$as_echo "#define HAVE_RAND_EGD 1" >>confdefs.h + +fi + # only check for sem_init if thread support is requested if test "$with_threads" = "yes" -o -z "$with_threads"; then diff --git a/configure.ac b/configure.ac index c12622b..99d430c 100644 --- a/configure.ac +++ b/configure.ac @@ -2293,6 +2293,9 @@ AC_MSG_RESULT($SHLIBS) AC_CHECK_LIB(sendfile, sendfile) AC_CHECK_LIB(dl, dlopen) # Dynamic linking for SunOS/Solaris and SYSV AC_CHECK_LIB(dld, shl_load) # Dynamic linking for HP-UX +AC_CHECK_LIB(crypto, RAND_egd, + AC_DEFINE(HAVE_RAND_EGD, 1, + [Define if the libcrypto has RAND_egd])) # only check for sem_init if thread support is requested if test "$with_threads" = "yes" -o -z "$with_threads"; then diff --git a/pyconfig.h.in b/pyconfig.h.in index 9ebea5d..d623ceb 100644 --- a/pyconfig.h.in +++ b/pyconfig.h.in @@ -675,6 +675,9 @@ /* Define to 1 if you have the `pwrite' function. */ #undef HAVE_PWRITE +/* Define if the libcrypto has RAND_egd */ +#undef HAVE_RAND_EGD + /* Define to 1 if you have the `readlink' function. */ #undef HAVE_READLINK -- cgit v0.12