Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The
availability of the function is checked during the compilation. Patch written
by Bernard Spil.
diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst
index ea3441e..62395f8 100644
--- a/Doc/library/ssl.rst
+++ b/Doc/library/ssl.rst
@@ -299,6 +299,8 @@
See http://egd.sourceforge.net/ or http://prngd.sourceforge.net/ for sources
of entropy-gathering daemons.
+ Availability: not available with LibreSSL.
+
.. function:: RAND_add(bytes, entropy)
Mixes the given *bytes* into the SSL pseudo-random number generator. The
diff --git a/Lib/socket.py b/Lib/socket.py
index aac04f6..614af29 100644
--- a/Lib/socket.py
+++ b/Lib/socket.py
@@ -67,7 +67,6 @@
from _ssl import SSLError as sslerror
from _ssl import \
RAND_add, \
- RAND_egd, \
RAND_status, \
SSL_ERROR_ZERO_RETURN, \
SSL_ERROR_WANT_READ, \
@@ -78,6 +77,11 @@
SSL_ERROR_WANT_CONNECT, \
SSL_ERROR_EOF, \
SSL_ERROR_INVALID_ERROR_CODE
+ try:
+ from _ssl import RAND_egd
+ except ImportError:
+ # LibreSSL does not provide RAND_egd
+ pass
import os, sys, warnings
diff --git a/Lib/ssl.py b/Lib/ssl.py
index 0f82227..0f8ee1c 100644
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -106,7 +106,12 @@
from _ssl import (VERIFY_DEFAULT, VERIFY_CRL_CHECK_LEAF, VERIFY_CRL_CHECK_CHAIN,
VERIFY_X509_STRICT)
from _ssl import txt2obj as _txt2obj, nid2obj as _nid2obj
-from _ssl import RAND_status, RAND_egd, RAND_add
+from _ssl import RAND_status, RAND_add
+try:
+ from _ssl import RAND_egd
+except ImportError:
+ # LibreSSL does not provide RAND_egd
+ pass
def _import_symbols(prefix):
for n in dir(_ssl):
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index 46342cc..4a6901c 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -169,8 +169,9 @@
sys.stdout.write("\n RAND_status is %d (%s)\n"
% (v, (v and "sufficient randomness") or
"insufficient randomness"))
- self.assertRaises(TypeError, ssl.RAND_egd, 1)
- self.assertRaises(TypeError, ssl.RAND_egd, 'foo', 1)
+ if hasattr(ssl, 'RAND_egd'):
+ self.assertRaises(TypeError, ssl.RAND_egd, 1)
+ self.assertRaises(TypeError, ssl.RAND_egd, 'foo', 1)
ssl.RAND_add("this is a random string", 75.0)
def test_parse_cert(self):
diff --git a/Misc/NEWS b/Misc/NEWS
index da3d602..be0bc87 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -15,6 +15,10 @@
Library
-------
+- Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The
+ availability of the function is checked during the compilation. Patch written
+ by Bernard Spil.
+
- Backport the context argument to ftplib.FTP_TLS.
- Issue #23111: Maximize compatibility in protocol versions of ftplib.FTP_TLS.
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 898d6c0..5758b86 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -3301,6 +3301,11 @@
It is necessary to seed the PRNG with RAND_add() on some platforms before\n\
using the ssl() function.");
+#endif /* HAVE_OPENSSL_RAND */
+
+
+#ifdef HAVE_RAND_EGD
+
static PyObject *
PySSL_RAND_egd(PyObject *self, PyObject *arg)
{
@@ -3327,7 +3332,7 @@
Returns number of bytes read. Raises SSLError if connection to EGD\n\
fails or if it does not provide enough data to seed PRNG.");
-#endif /* HAVE_OPENSSL_RAND */
+#endif /* HAVE_RAND_EGD */
PyDoc_STRVAR(PySSL_get_default_verify_paths_doc,
@@ -3720,11 +3725,13 @@
#ifdef HAVE_OPENSSL_RAND
{"RAND_add", PySSL_RAND_add, METH_VARARGS,
PySSL_RAND_add_doc},
- {"RAND_egd", PySSL_RAND_egd, METH_VARARGS,
- PySSL_RAND_egd_doc},
{"RAND_status", (PyCFunction)PySSL_RAND_status, METH_NOARGS,
PySSL_RAND_status_doc},
#endif
+#ifdef HAVE_RAND_EGD
+ {"RAND_egd", PySSL_RAND_egd, METH_VARARGS,
+ PySSL_RAND_egd_doc},
+#endif
{"get_default_verify_paths", (PyCFunction)PySSL_get_default_verify_paths,
METH_NOARGS, PySSL_get_default_verify_paths_doc},
#ifdef _MSC_VER
diff --git a/configure b/configure
index 133c88b..1ba985f 100755
--- a/configure
+++ b/configure
@@ -8551,6 +8551,48 @@
fi
# Dynamic linking for HP-UX
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for RAND_egd in -lcrypto" >&5
+$as_echo_n "checking for RAND_egd in -lcrypto... " >&6; }
+if ${ac_cv_lib_crypto_RAND_egd+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lcrypto $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char RAND_egd ();
+int
+main ()
+{
+return RAND_egd ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_crypto_RAND_egd=yes
+else
+ ac_cv_lib_crypto_RAND_egd=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_RAND_egd" >&5
+$as_echo "$ac_cv_lib_crypto_RAND_egd" >&6; }
+if test "x$ac_cv_lib_crypto_RAND_egd" = xyes; then :
+
+$as_echo "#define HAVE_RAND_EGD 1" >>confdefs.h
+
+fi
+
# only check for sem_init if thread support is requested
if test "$with_threads" = "yes" -o -z "$with_threads"; then
diff --git a/configure.ac b/configure.ac
index 75486f4..d33df2a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2221,6 +2221,9 @@
# checks for libraries
AC_CHECK_LIB(dl, dlopen) # Dynamic linking for SunOS/Solaris and SYSV
AC_CHECK_LIB(dld, shl_load) # Dynamic linking for HP-UX
+AC_CHECK_LIB(crypto, RAND_egd,
+ AC_DEFINE(HAVE_RAND_EGD, 1,
+ [Define if the libcrypto has RAND_egd]))
# only check for sem_init if thread support is requested
if test "$with_threads" = "yes" -o -z "$with_threads"; then
diff --git a/pyconfig.h.in b/pyconfig.h.in
index cb962a4..8e810da 100644
--- a/pyconfig.h.in
+++ b/pyconfig.h.in
@@ -547,6 +547,9 @@
/* Define to 1 if you have the `putenv' function. */
#undef HAVE_PUTENV
+/* Define if the libcrypto has RAND_egd */
+#undef HAVE_RAND_EGD
+
/* Define to 1 if you have the `readlink' function. */
#undef HAVE_READLINK