The _ssl module has RAND_add() RAND_status() and RAND_egd() functions, but not RAND_bytes(). I would be nice to be able to generate random bytes using RAND_bytes().

And maybe also RAND_pseudo_bytes()?

I will work on a patch, it's just a reminder.

ssl_rand.patch adds RAND_bytes() and RAND_pseudo_bytes() functions to the ssl module.

I moved /dev/urandom to /dev/urandom.xxx and /dev/random to /dev/random.xxx to test RAND_bytes() error path. In this case, RAND_pseudo_bytes() generates non-cryptographic pseudo-random bytes.

RAND_pseudo_bytes() returns a tuple (bytes, is_cryptographic).

In test_ssl, I used the assertion that RAND_pseudo_bytes() only generates cryptographic numbers if RAND_status() is 1. If the assertion is wrong, the test can be changed to just test the type of is_crytographic.

RAND_bytes() and RAND_pseudo_bytes() raise a SSLError on error using ERR_get_errno() as the error code, whereas other ssl functions uses a value of the py_ssl_error enum. I don't know if it is the good choise.

New changeset 5c716437a83a by Victor Stinner in branch 'default':
Issue #12049: Add RAND_bytes() and RAND_pseudo_bytes() functions to the ssl
http://hg.python.org/cpython/rev/5c716437a83a

New changeset ca92fa2fe5c9 by Victor Stinner in branch 'default':
Issue #12049: improve RAND_bytes() and RAND_pseudo_bytes() documentation
http://hg.python.org/cpython/rev/ca92fa2fe5c9

New changeset 96a82c973224 by Victor Stinner in branch 'default':
Issue #12049: test_ssl now checks also that RAND_bytes() raises an error if
http://hg.python.org/cpython/rev/96a82c973224

New changeset 178d367c9733 by Victor Stinner in branch 'default':
Issue #12049: Document errors cases of ssl.RAND_bytes() and
http://hg.python.org/cpython/rev/178d367c9733

New changeset 195de3d10879 by Victor Stinner in branch 'default':
Issue #12049: cleanup the warning in the random module doc
http://hg.python.org/cpython/rev/195de3d10879