Issue #20025: ssl.RAND_bytes() and ssl.RAND_pseudo_bytes() now raise a
ValueError if num is negative (instead of raising a SystemError).
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index f235daf..f3b5695 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -126,6 +126,10 @@
else:
self.assertRaises(ssl.SSLError, ssl.RAND_bytes, 16)
+ # negative num is invalid
+ self.assertRaises(ValueError, ssl.RAND_bytes, -5)
+ self.assertRaises(ValueError, ssl.RAND_pseudo_bytes, -5)
+
self.assertRaises(TypeError, ssl.RAND_egd, 1)
self.assertRaises(TypeError, ssl.RAND_egd, 'foo', 1)
ssl.RAND_add("this is a random string", 75.0)
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 374d930..4b02d8d 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -2486,6 +2486,11 @@
const char *errstr;
PyObject *v;
+ if (len < 0) {
+ PyErr_SetString(PyExc_ValueError, "num must be positive");
+ return NULL;
+ }
+
bytes = PyBytes_FromStringAndSize(NULL, len);
if (bytes == NULL)
return NULL;