mirror of
https://github.com/python/cpython.git
synced 2024-11-23 18:04:37 +08:00
Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The
availability of the function is checked during the compilation. Patch written by Bernard Spil.
This commit is contained in:
Victor Stinner
parent
9d01717f37
commit
fcfed19913
@ -106,7 +106,12 @@ from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
|
|||||||
from _ssl import (VERIFY_DEFAULT, VERIFY_CRL_CHECK_LEAF, VERIFY_CRL_CHECK_CHAIN,
|
from _ssl import (VERIFY_DEFAULT, VERIFY_CRL_CHECK_LEAF, VERIFY_CRL_CHECK_CHAIN,
|
||||||
VERIFY_X509_STRICT)
|
VERIFY_X509_STRICT)
|
||||||
from _ssl import txt2obj as _txt2obj, nid2obj as _nid2obj
|
from _ssl import txt2obj as _txt2obj, nid2obj as _nid2obj
|
||||||
from _ssl import RAND_status, RAND_egd, RAND_add, RAND_bytes, RAND_pseudo_bytes
|
from _ssl import RAND_status, RAND_add, RAND_bytes, RAND_pseudo_bytes
|
||||||
|
try:
|
||||||
|
from _ssl import RAND_egd
|
||||||
|
except ImportError:
|
||||||
|
# LibreSSL does not provide RAND_egd
|
||||||
|
pass
|
||||||
|
|
||||||
def _import_symbols(prefix):
|
def _import_symbols(prefix):
|
||||||
for n in dir(_ssl):
|
for n in dir(_ssl):
|
||||||
|
|||||||
@ -154,8 +154,9 @@ class BasicSocketTests(unittest.TestCase):
|
|||||||
self.assertRaises(ValueError, ssl.RAND_bytes, -5)
|
self.assertRaises(ValueError, ssl.RAND_bytes, -5)
|
||||||
self.assertRaises(ValueError, ssl.RAND_pseudo_bytes, -5)
|
self.assertRaises(ValueError, ssl.RAND_pseudo_bytes, -5)
|
||||||
|
|
||||||
self.assertRaises(TypeError, ssl.RAND_egd, 1)
|
if hasattr(ssl, 'RAND_egd'):
|
||||||
self.assertRaises(TypeError, ssl.RAND_egd, 'foo', 1)
|
self.assertRaises(TypeError, ssl.RAND_egd, 1)
|
||||||
|
self.assertRaises(TypeError, ssl.RAND_egd, 'foo', 1)
|
||||||
ssl.RAND_add("this is a random string", 75.0)
|
ssl.RAND_add("this is a random string", 75.0)
|
||||||
|
|
||||||
@unittest.skipUnless(os.name == 'posix', 'requires posix')
|
@unittest.skipUnless(os.name == 'posix', 'requires posix')
|
||||||
|
|||||||
@ -44,6 +44,10 @@ Core and Builtins
|
|||||||
Library
|
Library
|
||||||
-------
|
-------
|
||||||
|
|
||||||
|
- Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The
|
||||||
|
availability of the function is checked during the compilation. Patch written
|
||||||
|
by Bernard Spil.
|
||||||
|
|
||||||
- Issue #20896, #22935: The :func:`ssl.get_server_certificate` function now
|
- Issue #20896, #22935: The :func:`ssl.get_server_certificate` function now
|
||||||
uses the :data:`~ssl.PROTOCOL_SSLv23` protocol by default, not
|
uses the :data:`~ssl.PROTOCOL_SSLv23` protocol by default, not
|
||||||
:data:`~ssl.PROTOCOL_SSLv3`, for maximum compatibility and support platforms
|
:data:`~ssl.PROTOCOL_SSLv3`, for maximum compatibility and support platforms
|
||||||
|
|||||||
@ -3335,6 +3335,7 @@ Returns 1 if the OpenSSL PRNG has been seeded with enough data and 0 if not.\n\
|
|||||||
It is necessary to seed the PRNG with RAND_add() on some platforms before\n\
|
It is necessary to seed the PRNG with RAND_add() on some platforms before\n\
|
||||||
using the ssl() function.");
|
using the ssl() function.");
|
||||||
|
|
||||||
|
#ifdef HAVE_RAND_EGD
|
||||||
static PyObject *
|
static PyObject *
|
||||||
PySSL_RAND_egd(PyObject *self, PyObject *args)
|
PySSL_RAND_egd(PyObject *self, PyObject *args)
|
||||||
{
|
{
|
||||||
@ -3362,6 +3363,7 @@ PyDoc_STRVAR(PySSL_RAND_egd_doc,
|
|||||||
Queries the entropy gather daemon (EGD) on the socket named by 'path'.\n\
|
Queries the entropy gather daemon (EGD) on the socket named by 'path'.\n\
|
||||||
Returns number of bytes read. Raises SSLError if connection to EGD\n\
|
Returns number of bytes read. Raises SSLError if connection to EGD\n\
|
||||||
fails or if it does not provide enough data to seed PRNG.");
|
fails or if it does not provide enough data to seed PRNG.");
|
||||||
|
#endif /* HAVE_RAND_EGD */
|
||||||
|
|
||||||
#endif /* HAVE_OPENSSL_RAND */
|
#endif /* HAVE_OPENSSL_RAND */
|
||||||
|
|
||||||
@ -3757,8 +3759,10 @@ static PyMethodDef PySSL_methods[] = {
|
|||||||
PySSL_RAND_bytes_doc},
|
PySSL_RAND_bytes_doc},
|
||||||
{"RAND_pseudo_bytes", PySSL_RAND_pseudo_bytes, METH_VARARGS,
|
{"RAND_pseudo_bytes", PySSL_RAND_pseudo_bytes, METH_VARARGS,
|
||||||
PySSL_RAND_pseudo_bytes_doc},
|
PySSL_RAND_pseudo_bytes_doc},
|
||||||
|
#ifdef HAVE_RAND_EGD
|
||||||
{"RAND_egd", PySSL_RAND_egd, METH_VARARGS,
|
{"RAND_egd", PySSL_RAND_egd, METH_VARARGS,
|
||||||
PySSL_RAND_egd_doc},
|
PySSL_RAND_egd_doc},
|
||||||
|
#endif
|
||||||
{"RAND_status", (PyCFunction)PySSL_RAND_status, METH_NOARGS,
|
{"RAND_status", (PyCFunction)PySSL_RAND_status, METH_NOARGS,
|
||||||
PySSL_RAND_status_doc},
|
PySSL_RAND_status_doc},
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
42
configure
vendored
42
configure
vendored
@ -8913,6 +8913,48 @@ _ACEOF
|
|||||||
|
|
||||||
fi
|
fi
|
||||||
# Dynamic linking for HP-UX
|
# Dynamic linking for HP-UX
|
||||||
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for RAND_egd in -lcrypto" >&5
|
||||||
|
$as_echo_n "checking for RAND_egd in -lcrypto... " >&6; }
|
||||||
|
if ${ac_cv_lib_crypto_RAND_egd+:} false; then :
|
||||||
|
$as_echo_n "(cached) " >&6
|
||||||
|
else
|
||||||
|
ac_check_lib_save_LIBS=$LIBS
|
||||||
|
LIBS="-lcrypto $LIBS"
|
||||||
|
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||||
|
/* end confdefs.h. */
|
||||||
|
|
||||||
|
/* Override any GCC internal prototype to avoid an error.
|
||||||
|
Use char because int might match the return type of a GCC
|
||||||
|
builtin and then its argument prototype would still apply. */
|
||||||
|
#ifdef __cplusplus
|
||||||
|
extern "C"
|
||||||
|
#endif
|
||||||
|
char RAND_egd ();
|
||||||
|
int
|
||||||
|
main ()
|
||||||
|
{
|
||||||
|
return RAND_egd ();
|
||||||
|
;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
_ACEOF
|
||||||
|
if ac_fn_c_try_link "$LINENO"; then :
|
||||||
|
ac_cv_lib_crypto_RAND_egd=yes
|
||||||
|
else
|
||||||
|
ac_cv_lib_crypto_RAND_egd=no
|
||||||
|
fi
|
||||||
|
rm -f core conftest.err conftest.$ac_objext \
|
||||||
|
conftest$ac_exeext conftest.$ac_ext
|
||||||
|
LIBS=$ac_check_lib_save_LIBS
|
||||||
|
fi
|
||||||
|
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_RAND_egd" >&5
|
||||||
|
$as_echo "$ac_cv_lib_crypto_RAND_egd" >&6; }
|
||||||
|
if test "x$ac_cv_lib_crypto_RAND_egd" = xyes; then :
|
||||||
|
|
||||||
|
$as_echo "#define HAVE_RAND_EGD 1" >>confdefs.h
|
||||||
|
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
# only check for sem_init if thread support is requested
|
# only check for sem_init if thread support is requested
|
||||||
if test "$with_threads" = "yes" -o -z "$with_threads"; then
|
if test "$with_threads" = "yes" -o -z "$with_threads"; then
|
||||||
|
|||||||
@ -2238,6 +2238,9 @@ AC_MSG_RESULT($SHLIBS)
|
|||||||
AC_CHECK_LIB(sendfile, sendfile)
|
AC_CHECK_LIB(sendfile, sendfile)
|
||||||
AC_CHECK_LIB(dl, dlopen) # Dynamic linking for SunOS/Solaris and SYSV
|
AC_CHECK_LIB(dl, dlopen) # Dynamic linking for SunOS/Solaris and SYSV
|
||||||
AC_CHECK_LIB(dld, shl_load) # Dynamic linking for HP-UX
|
AC_CHECK_LIB(dld, shl_load) # Dynamic linking for HP-UX
|
||||||
|
AC_CHECK_LIB(crypto, RAND_egd,
|
||||||
|
AC_DEFINE(HAVE_RAND_EGD, 1,
|
||||||
|
[Define if the libcrypto has RAND_egd]))
|
||||||
|
|
||||||
# only check for sem_init if thread support is requested
|
# only check for sem_init if thread support is requested
|
||||||
if test "$with_threads" = "yes" -o -z "$with_threads"; then
|
if test "$with_threads" = "yes" -o -z "$with_threads"; then
|
||||||
|
|||||||
@ -675,6 +675,9 @@
|
|||||||
/* Define to 1 if you have the `pwrite' function. */
|
/* Define to 1 if you have the `pwrite' function. */
|
||||||
#undef HAVE_PWRITE
|
#undef HAVE_PWRITE
|
||||||
|
|
||||||
|
/* Define if the libcrypto has RAND_egd */
|
||||||
|
#undef HAVE_RAND_EGD
|
||||||
|
|
||||||
/* Define to 1 if you have the `readlink' function. */
|
/* Define to 1 if you have the `readlink' function. */
|
||||||
#undef HAVE_READLINK
|
#undef HAVE_READLINK
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user