classification
Title: expose RAND_bytes() function of OpenSSL
Type: Stage:
Components: Library (Lib) Versions: Python 3.3
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: haypo, jcon, pitrou, python-dev
Priority: normal Keywords: patch

Created on 2011-05-10 08:10 by haypo, last changed 2011-05-25 11:14 by python-dev. This issue is now closed.

Files
File name Uploaded Description Edit
ssl_rand_bytes.patch haypo, 2011-05-11 20:52 review
Messages (7)
msg135688 - (view) Author: STINNER Victor (haypo) * (Python committer) Date: 2011-05-10 08:10
The _ssl module has RAND_add() RAND_status() and RAND_egd() functions, but not RAND_bytes(). I would be nice to be able to generate random bytes using RAND_bytes().

And maybe also RAND_pseudo_bytes()?

I will work on a patch, it's just a reminder.
msg135804 - (view) Author: STINNER Victor (haypo) * (Python committer) Date: 2011-05-11 20:52
ssl_rand.patch adds RAND_bytes() and RAND_pseudo_bytes() functions to the ssl module.

I moved /dev/urandom to /dev/urandom.xxx and /dev/random to /dev/random.xxx to test RAND_bytes() error path. In this case, RAND_pseudo_bytes() generates non-cryptographic pseudo-random bytes.

RAND_pseudo_bytes() returns a tuple (bytes, is_cryptographic).

In test_ssl, I used the assertion that RAND_pseudo_bytes() only generates cryptographic numbers if RAND_status() is 1. If the assertion is wrong, the test can be changed to just test the type of is_crytographic.

RAND_bytes() and RAND_pseudo_bytes() raise a SSLError on error using ERR_get_errno() as the error code, whereas other ssl functions uses a value of the py_ssl_error enum. I don't know if it is the good choise.
msg136728 - (view) Author: Roundup Robot (python-dev) Date: 2011-05-24 10:05
New changeset 5c716437a83a by Victor Stinner in branch 'default':
Issue #12049: Add RAND_bytes() and RAND_pseudo_bytes() functions to the ssl
http://hg.python.org/cpython/rev/5c716437a83a
msg136785 - (view) Author: Roundup Robot (python-dev) Date: 2011-05-24 19:32
New changeset ca92fa2fe5c9 by Victor Stinner in branch 'default':
Issue #12049: improve RAND_bytes() and RAND_pseudo_bytes() documentation
http://hg.python.org/cpython/rev/ca92fa2fe5c9
msg136832 - (view) Author: Roundup Robot (python-dev) Date: 2011-05-25 09:15
New changeset 96a82c973224 by Victor Stinner in branch 'default':
Issue #12049: test_ssl now checks also that RAND_bytes() raises an error if
http://hg.python.org/cpython/rev/96a82c973224
msg136833 - (view) Author: Roundup Robot (python-dev) Date: 2011-05-25 09:27
New changeset 178d367c9733 by Victor Stinner in branch 'default':
Issue #12049: Document errors cases of ssl.RAND_bytes() and
http://hg.python.org/cpython/rev/178d367c9733
msg136838 - (view) Author: Roundup Robot (python-dev) Date: 2011-05-25 11:14
New changeset 195de3d10879 by Victor Stinner in branch 'default':
Issue #12049: cleanup the warning in the random module doc
http://hg.python.org/cpython/rev/195de3d10879
History
Date User Action Args
2011-05-25 11:14:05python-devsetmessages: + msg136838
2011-05-25 09:27:43python-devsetmessages: + msg136833
2011-05-25 09:15:22python-devsetmessages: + msg136832
2011-05-24 19:32:50python-devsetmessages: + msg136785
2011-05-24 10:05:38hayposetstatus: open -> closed
resolution: fixed
2011-05-24 10:05:20python-devsetnosy: + python-dev
messages: + msg136728
2011-05-11 20:52:03hayposetfiles: + ssl_rand_bytes.patch
keywords: + patch
messages: + msg135804
2011-05-10 19:41:08jconsetnosy: + jcon
2011-05-10 08:10:02haypocreate