1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
|
From eed8d3b553e00e04c1f97c87ea02723630fb15a4 Mon Sep 17 00:00:00 2001
From: hasufell <hasufell@gentoo.org>
Date: Sun, 20 Sep 2015 14:25:43 +0200
Subject: [PATCH] Backport upstream libressl patches to python-3.3
https://hg.python.org/cpython/raw-rev/7f82f50fdad0
https://hg.python.org/cpython/raw-rev/4dac45f88d45
---
Lib/ssl.py | 7 ++++++-
Lib/test/test_ssl.py | 21 +++++++++++++--------
Modules/_ssl.c | 4 ++++
configure | 42 ++++++++++++++++++++++++++++++++++++++++++
configure.ac | 3 +++
pyconfig.h.in | 3 +++
6 files changed, 71 insertions(+), 9 deletions(-)
diff --git a/Lib/ssl.py b/Lib/ssl.py
index cd8d6b4..445ae87 100644
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -78,7 +78,12 @@ try:
from _ssl import OP_SINGLE_ECDH_USE
except ImportError:
pass
-from _ssl import RAND_status, RAND_egd, RAND_add, RAND_bytes, RAND_pseudo_bytes
+from _ssl import RAND_status, RAND_add, RAND_bytes, RAND_pseudo_bytes
+try:
+ from _ssl import RAND_egd
+except ImportError:
+ # LibreSSL does not provide RAND_egd
+ pass
from _ssl import (
SSL_ERROR_ZERO_RETURN,
SSL_ERROR_WANT_READ,
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index 9fc6027..879f791 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -130,8 +130,9 @@ class BasicSocketTests(unittest.TestCase):
self.assertRaises(ValueError, ssl.RAND_bytes, -5)
self.assertRaises(ValueError, ssl.RAND_pseudo_bytes, -5)
- self.assertRaises(TypeError, ssl.RAND_egd, 1)
- self.assertRaises(TypeError, ssl.RAND_egd, 'foo', 1)
+ if hasattr(ssl, 'RAND_egd'):
+ self.assertRaises(TypeError, ssl.RAND_egd, 1)
+ self.assertRaises(TypeError, ssl.RAND_egd, 'foo', 1)
ssl.RAND_add("this is a random string", 75.0)
@unittest.skipUnless(os.name == 'posix', 'requires posix')
@@ -250,11 +251,11 @@ class BasicSocketTests(unittest.TestCase):
# Some sanity checks follow
# >= 0.9
self.assertGreaterEqual(n, 0x900000)
- # < 2.0
- self.assertLess(n, 0x20000000)
+ # < 3.0
+ self.assertLess(n, 0x30000000)
major, minor, fix, patch, status = t
self.assertGreaterEqual(major, 0)
- self.assertLess(major, 2)
+ self.assertLess(major, 3)
self.assertGreaterEqual(minor, 0)
self.assertLess(minor, 256)
self.assertGreaterEqual(fix, 0)
@@ -263,9 +264,13 @@ class BasicSocketTests(unittest.TestCase):
self.assertLessEqual(patch, 26)
self.assertGreaterEqual(status, 0)
self.assertLessEqual(status, 15)
- # Version string as returned by OpenSSL, the format might change
- self.assertTrue(s.startswith("OpenSSL {:d}.{:d}.{:d}".format(major, minor, fix)),
- (s, t))
+ # Version string as returned by {Open,Libre}SSL, the format might change
+ if "LibreSSL" in s:
+ self.assertTrue(s.startswith("LibreSSL {:d}.{:d}".format(major, minor)),
+ (s, t))
+ else:
+ self.assertTrue(s.startswith("OpenSSL {:d}.{:d}.{:d}".format(major, minor, fix)),
+ (s, t))
@support.cpython_only
def test_refcycle(self):
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 499e8ba..cb151ba 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -2559,6 +2559,7 @@ Returns 1 if the OpenSSL PRNG has been seeded with enough data and 0 if not.\n\
It is necessary to seed the PRNG with RAND_add() on some platforms before\n\
using the ssl() function.");
+#ifdef HAVE_RAND_EGD
static PyObject *
PySSL_RAND_egd(PyObject *self, PyObject *args)
{
@@ -2586,6 +2587,7 @@ PyDoc_STRVAR(PySSL_RAND_egd_doc,
Queries the entropy gather daemon (EGD) on the socket named by 'path'.\n\
Returns number of bytes read. Raises SSLError if connection to EGD\n\
fails or if it does not provide enough data to seed PRNG.");
+#endif /* HAVE_RAND_EGD */
#endif /* HAVE_OPENSSL_RAND */
@@ -2604,8 +2606,10 @@ static PyMethodDef PySSL_methods[] = {
PySSL_RAND_bytes_doc},
{"RAND_pseudo_bytes", PySSL_RAND_pseudo_bytes, METH_VARARGS,
PySSL_RAND_pseudo_bytes_doc},
+#ifdef HAVE_RAND_EGD
{"RAND_egd", PySSL_RAND_egd, METH_VARARGS,
PySSL_RAND_egd_doc},
+#endif
{"RAND_status", (PyCFunction)PySSL_RAND_status, METH_NOARGS,
PySSL_RAND_status_doc},
#endif
diff --git a/configure b/configure
index 6be41f5..5b5a2a0 100755
--- a/configure
+++ b/configure
@@ -8823,6 +8823,48 @@ _ACEOF
fi
# Dynamic linking for HP-UX
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for RAND_egd in -lcrypto" >&5
+$as_echo_n "checking for RAND_egd in -lcrypto... " >&6; }
+if ${ac_cv_lib_crypto_RAND_egd+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lcrypto $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char RAND_egd ();
+int
+main ()
+{
+return RAND_egd ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_crypto_RAND_egd=yes
+else
+ ac_cv_lib_crypto_RAND_egd=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_RAND_egd" >&5
+$as_echo "$ac_cv_lib_crypto_RAND_egd" >&6; }
+if test "x$ac_cv_lib_crypto_RAND_egd" = xyes; then :
+
+$as_echo "#define HAVE_RAND_EGD 1" >>confdefs.h
+
+fi
+
# only check for sem_init if thread support is requested
if test "$with_threads" = "yes" -o -z "$with_threads"; then
diff --git a/configure.ac b/configure.ac
index 6a64bff..90f315a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2181,6 +2181,9 @@ AC_MSG_RESULT($SHLIBS)
AC_CHECK_LIB(sendfile, sendfile)
AC_CHECK_LIB(dl, dlopen) # Dynamic linking for SunOS/Solaris and SYSV
AC_CHECK_LIB(dld, shl_load) # Dynamic linking for HP-UX
+AC_CHECK_LIB(crypto, RAND_egd,
+ AC_DEFINE(HAVE_RAND_EGD, 1,
+ [Define if the libcrypto has RAND_egd]))
# only check for sem_init if thread support is requested
if test "$with_threads" = "yes" -o -z "$with_threads"; then
diff --git a/pyconfig.h.in b/pyconfig.h.in
index 0020300..0d37f67 100644
--- a/pyconfig.h.in
+++ b/pyconfig.h.in
@@ -660,6 +660,9 @@
/* Define to 1 if you have the `pwrite' function. */
#undef HAVE_PWRITE
+/* Define if the libcrypto has RAND_egd */
+#undef HAVE_RAND_EGD
+
/* Define to 1 if you have the `readlink' function. */
#undef HAVE_READLINK
--
2.5.2
|
