See http://egd.sourceforge.net/ or http://prngd.sourceforge.net/ for sources
of entropy-gathering daemons.
+ Availability: not available with LibreSSL.
+
.. function:: RAND_add(bytes, entropy)
Mixes the given *bytes* into the SSL pseudo-random number generator. The
from _ssl import SSLError as sslerror
from _ssl import \
RAND_add, \
- RAND_egd, \
RAND_status, \
SSL_ERROR_ZERO_RETURN, \
SSL_ERROR_WANT_READ, \
SSL_ERROR_WANT_CONNECT, \
SSL_ERROR_EOF, \
SSL_ERROR_INVALID_ERROR_CODE
+ try:
+ from _ssl import RAND_egd
+ except ImportError:
+ # LibreSSL does not provide RAND_egd
+ pass
import os, sys, warnings
from _ssl import (VERIFY_DEFAULT, VERIFY_CRL_CHECK_LEAF, VERIFY_CRL_CHECK_CHAIN,
VERIFY_X509_STRICT)
from _ssl import txt2obj as _txt2obj, nid2obj as _nid2obj
-from _ssl import RAND_status, RAND_egd, RAND_add
+from _ssl import RAND_status, RAND_add
+try:
+ from _ssl import RAND_egd
+except ImportError:
+ # LibreSSL does not provide RAND_egd
+ pass
def _import_symbols(prefix):
for n in dir(_ssl):
sys.stdout.write("\n RAND_status is %d (%s)\n"
% (v, (v and "sufficient randomness") or
"insufficient randomness"))
- self.assertRaises(TypeError, ssl.RAND_egd, 1)
- self.assertRaises(TypeError, ssl.RAND_egd, 'foo', 1)
+ if hasattr(ssl, 'RAND_egd'):
+ self.assertRaises(TypeError, ssl.RAND_egd, 1)
+ self.assertRaises(TypeError, ssl.RAND_egd, 'foo', 1)
ssl.RAND_add("this is a random string", 75.0)
def test_parse_cert(self):
Library
-------
+- Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The
+ availability of the function is checked during the compilation. Patch written
+ by Bernard Spil.
+
- Backport the context argument to ftplib.FTP_TLS.
- Issue #23111: Maximize compatibility in protocol versions of ftplib.FTP_TLS.
It is necessary to seed the PRNG with RAND_add() on some platforms before\n\
using the ssl() function.");
+#endif /* HAVE_OPENSSL_RAND */
+
+
+#ifdef HAVE_RAND_EGD
+
static PyObject *
PySSL_RAND_egd(PyObject *self, PyObject *arg)
{
Returns number of bytes read. Raises SSLError if connection to EGD\n\
fails or if it does not provide enough data to seed PRNG.");
-#endif /* HAVE_OPENSSL_RAND */
+#endif /* HAVE_RAND_EGD */
PyDoc_STRVAR(PySSL_get_default_verify_paths_doc,
#ifdef HAVE_OPENSSL_RAND
{"RAND_add", PySSL_RAND_add, METH_VARARGS,
PySSL_RAND_add_doc},
- {"RAND_egd", PySSL_RAND_egd, METH_VARARGS,
- PySSL_RAND_egd_doc},
{"RAND_status", (PyCFunction)PySSL_RAND_status, METH_NOARGS,
PySSL_RAND_status_doc},
+#endif
+#ifdef HAVE_RAND_EGD
+ {"RAND_egd", PySSL_RAND_egd, METH_VARARGS,
+ PySSL_RAND_egd_doc},
#endif
{"get_default_verify_paths", (PyCFunction)PySSL_get_default_verify_paths,
METH_NOARGS, PySSL_get_default_verify_paths_doc},
fi
# Dynamic linking for HP-UX
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for RAND_egd in -lcrypto" >&5
+$as_echo_n "checking for RAND_egd in -lcrypto... " >&6; }
+if ${ac_cv_lib_crypto_RAND_egd+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lcrypto $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char RAND_egd ();
+int
+main ()
+{
+return RAND_egd ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_crypto_RAND_egd=yes
+else
+ ac_cv_lib_crypto_RAND_egd=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_RAND_egd" >&5
+$as_echo "$ac_cv_lib_crypto_RAND_egd" >&6; }
+if test "x$ac_cv_lib_crypto_RAND_egd" = xyes; then :
+
+$as_echo "#define HAVE_RAND_EGD 1" >>confdefs.h
+
+fi
+
# only check for sem_init if thread support is requested
if test "$with_threads" = "yes" -o -z "$with_threads"; then
# checks for libraries
AC_CHECK_LIB(dl, dlopen) # Dynamic linking for SunOS/Solaris and SYSV
AC_CHECK_LIB(dld, shl_load) # Dynamic linking for HP-UX
+AC_CHECK_LIB(crypto, RAND_egd,
+ AC_DEFINE(HAVE_RAND_EGD, 1,
+ [Define if the libcrypto has RAND_egd]))
# only check for sem_init if thread support is requested
if test "$with_threads" = "yes" -o -z "$with_threads"; then
/* Define to 1 if you have the `putenv' function. */
#undef HAVE_PUTENV
+/* Define if the libcrypto has RAND_egd */
+#undef HAVE_RAND_EGD
+
/* Define to 1 if you have the `readlink' function. */
#undef HAVE_READLINK
projects / python / commitdiff