mirror of
https://github.com/python/cpython.git
synced 2024-11-23 18:04:37 +08:00
Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The
availability of the function is checked during the compilation. Patch written by Bernard Spil.
This commit is contained in:
parent
9d01717f37
commit
fcfed19913
@ -106,7 +106,12 @@ from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED
|
||||
from _ssl import (VERIFY_DEFAULT, VERIFY_CRL_CHECK_LEAF, VERIFY_CRL_CHECK_CHAIN,
|
||||
VERIFY_X509_STRICT)
|
||||
from _ssl import txt2obj as _txt2obj, nid2obj as _nid2obj
|
||||
from _ssl import RAND_status, RAND_egd, RAND_add, RAND_bytes, RAND_pseudo_bytes
|
||||
from _ssl import RAND_status, RAND_add, RAND_bytes, RAND_pseudo_bytes
|
||||
try:
|
||||
from _ssl import RAND_egd
|
||||
except ImportError:
|
||||
# LibreSSL does not provide RAND_egd
|
||||
pass
|
||||
|
||||
def _import_symbols(prefix):
|
||||
for n in dir(_ssl):
|
||||
|
@ -154,6 +154,7 @@ class BasicSocketTests(unittest.TestCase):
|
||||
self.assertRaises(ValueError, ssl.RAND_bytes, -5)
|
||||
self.assertRaises(ValueError, ssl.RAND_pseudo_bytes, -5)
|
||||
|
||||
if hasattr(ssl, 'RAND_egd'):
|
||||
self.assertRaises(TypeError, ssl.RAND_egd, 1)
|
||||
self.assertRaises(TypeError, ssl.RAND_egd, 'foo', 1)
|
||||
ssl.RAND_add("this is a random string", 75.0)
|
||||
|
@ -44,6 +44,10 @@ Core and Builtins
|
||||
Library
|
||||
-------
|
||||
|
||||
- Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The
|
||||
availability of the function is checked during the compilation. Patch written
|
||||
by Bernard Spil.
|
||||
|
||||
- Issue #20896, #22935: The :func:`ssl.get_server_certificate` function now
|
||||
uses the :data:`~ssl.PROTOCOL_SSLv23` protocol by default, not
|
||||
:data:`~ssl.PROTOCOL_SSLv3`, for maximum compatibility and support platforms
|
||||
|
@ -3335,6 +3335,7 @@ Returns 1 if the OpenSSL PRNG has been seeded with enough data and 0 if not.\n\
|
||||
It is necessary to seed the PRNG with RAND_add() on some platforms before\n\
|
||||
using the ssl() function.");
|
||||
|
||||
#ifdef HAVE_RAND_EGD
|
||||
static PyObject *
|
||||
PySSL_RAND_egd(PyObject *self, PyObject *args)
|
||||
{
|
||||
@ -3362,6 +3363,7 @@ PyDoc_STRVAR(PySSL_RAND_egd_doc,
|
||||
Queries the entropy gather daemon (EGD) on the socket named by 'path'.\n\
|
||||
Returns number of bytes read. Raises SSLError if connection to EGD\n\
|
||||
fails or if it does not provide enough data to seed PRNG.");
|
||||
#endif /* HAVE_RAND_EGD */
|
||||
|
||||
#endif /* HAVE_OPENSSL_RAND */
|
||||
|
||||
@ -3757,8 +3759,10 @@ static PyMethodDef PySSL_methods[] = {
|
||||
PySSL_RAND_bytes_doc},
|
||||
{"RAND_pseudo_bytes", PySSL_RAND_pseudo_bytes, METH_VARARGS,
|
||||
PySSL_RAND_pseudo_bytes_doc},
|
||||
#ifdef HAVE_RAND_EGD
|
||||
{"RAND_egd", PySSL_RAND_egd, METH_VARARGS,
|
||||
PySSL_RAND_egd_doc},
|
||||
#endif
|
||||
{"RAND_status", (PyCFunction)PySSL_RAND_status, METH_NOARGS,
|
||||
PySSL_RAND_status_doc},
|
||||
#endif
|
||||
|
42
configure
vendored
42
configure
vendored
@ -8913,6 +8913,48 @@ _ACEOF
|
||||
|
||||
fi
|
||||
# Dynamic linking for HP-UX
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for RAND_egd in -lcrypto" >&5
|
||||
$as_echo_n "checking for RAND_egd in -lcrypto... " >&6; }
|
||||
if ${ac_cv_lib_crypto_RAND_egd+:} false; then :
|
||||
$as_echo_n "(cached) " >&6
|
||||
else
|
||||
ac_check_lib_save_LIBS=$LIBS
|
||||
LIBS="-lcrypto $LIBS"
|
||||
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||
/* end confdefs.h. */
|
||||
|
||||
/* Override any GCC internal prototype to avoid an error.
|
||||
Use char because int might match the return type of a GCC
|
||||
builtin and then its argument prototype would still apply. */
|
||||
#ifdef __cplusplus
|
||||
extern "C"
|
||||
#endif
|
||||
char RAND_egd ();
|
||||
int
|
||||
main ()
|
||||
{
|
||||
return RAND_egd ();
|
||||
;
|
||||
return 0;
|
||||
}
|
||||
_ACEOF
|
||||
if ac_fn_c_try_link "$LINENO"; then :
|
||||
ac_cv_lib_crypto_RAND_egd=yes
|
||||
else
|
||||
ac_cv_lib_crypto_RAND_egd=no
|
||||
fi
|
||||
rm -f core conftest.err conftest.$ac_objext \
|
||||
conftest$ac_exeext conftest.$ac_ext
|
||||
LIBS=$ac_check_lib_save_LIBS
|
||||
fi
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_RAND_egd" >&5
|
||||
$as_echo "$ac_cv_lib_crypto_RAND_egd" >&6; }
|
||||
if test "x$ac_cv_lib_crypto_RAND_egd" = xyes; then :
|
||||
|
||||
$as_echo "#define HAVE_RAND_EGD 1" >>confdefs.h
|
||||
|
||||
fi
|
||||
|
||||
|
||||
# only check for sem_init if thread support is requested
|
||||
if test "$with_threads" = "yes" -o -z "$with_threads"; then
|
||||
|
@ -2238,6 +2238,9 @@ AC_MSG_RESULT($SHLIBS)
|
||||
AC_CHECK_LIB(sendfile, sendfile)
|
||||
AC_CHECK_LIB(dl, dlopen) # Dynamic linking for SunOS/Solaris and SYSV
|
||||
AC_CHECK_LIB(dld, shl_load) # Dynamic linking for HP-UX
|
||||
AC_CHECK_LIB(crypto, RAND_egd,
|
||||
AC_DEFINE(HAVE_RAND_EGD, 1,
|
||||
[Define if the libcrypto has RAND_egd]))
|
||||
|
||||
# only check for sem_init if thread support is requested
|
||||
if test "$with_threads" = "yes" -o -z "$with_threads"; then
|
||||
|
@ -675,6 +675,9 @@
|
||||
/* Define to 1 if you have the `pwrite' function. */
|
||||
#undef HAVE_PWRITE
|
||||
|
||||
/* Define if the libcrypto has RAND_egd */
|
||||
#undef HAVE_RAND_EGD
|
||||
|
||||
/* Define to 1 if you have the `readlink' function. */
|
||||
#undef HAVE_READLINK
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user