expose RAND_bytes() function of OpenSSL

[vstinner]

BPO	12049
Nosy	@pitrou, @vstinner
Files	ssl_rand_bytes.patch

^{Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.}

Show more details

GitHub fields:

assignee = None
closed_at = <Date 2011-05-24.10:05:38.379>
created_at = <Date 2011-05-10.08:10:02.159>
labels = ['library']
title = 'expose RAND_bytes() function of OpenSSL'
updated_at = <Date 2011-05-25.11:14:05.951>
user = 'https://github.com/vstinner'

bugs.python.org fields:

activity = <Date 2011-05-25.11:14:05.951>
actor = 'python-dev'
assignee = 'none'
closed = True
closed_date = <Date 2011-05-24.10:05:38.379>
closer = 'vstinner'
components = ['Library (Lib)']
creation = <Date 2011-05-10.08:10:02.159>
creator = 'vstinner'
dependencies = []
files = ['21974']
hgrepos = []
issue_num = 12049
keywords = ['patch']
message_count = 7.0
messages = ['135688', '135804', '136728', '136785', '136832', '136833', '136838']
nosy_count = 4.0
nosy_names = ['pitrou', 'vstinner', 'python-dev', 'jcon']
pr_nums = []
priority = 'normal'
resolution = 'fixed'
stage = None
status = 'closed'
superseder = None
type = None
url = 'https://bugs.python.org/issue12049'
versions = ['Python 3.3']

[vstinner]

The _ssl module has RAND_add() RAND_status() and RAND_egd() functions, but not RAND_bytes(). I would be nice to be able to generate random bytes using RAND_bytes().

And maybe also RAND_pseudo_bytes()?

I will work on a patch, it's just a reminder.

[vstinner]

ssl_rand.patch adds RAND_bytes() and RAND_pseudo_bytes() functions to the ssl module.

I moved /dev/urandom to /dev/urandom.xxx and /dev/random to /dev/random.xxx to test RAND_bytes() error path. In this case, RAND_pseudo_bytes() generates non-cryptographic pseudo-random bytes.

RAND_pseudo_bytes() returns a tuple (bytes, is_cryptographic).

In test_ssl, I used the assertion that RAND_pseudo_bytes() only generates cryptographic numbers if RAND_status() is 1. If the assertion is wrong, the test can be changed to just test the type of is_crytographic.

RAND_bytes() and RAND_pseudo_bytes() raise a SSLError on error using ERR_get_errno() as the error code, whereas other ssl functions uses a value of the py_ssl_error enum. I don't know if it is the good choise.

[python-dev]

New changeset 5c716437a83a by Victor Stinner in branch 'default':
Issue bpo-12049: Add RAND_bytes() and RAND_pseudo_bytes() functions to the ssl
http://hg.python.org/cpython/rev/5c716437a83a

[python-dev]

New changeset ca92fa2fe5c9 by Victor Stinner in branch 'default':
Issue bpo-12049: improve RAND_bytes() and RAND_pseudo_bytes() documentation
http://hg.python.org/cpython/rev/ca92fa2fe5c9

[python-dev]

New changeset 96a82c973224 by Victor Stinner in branch 'default':
Issue bpo-12049: test_ssl now checks also that RAND_bytes() raises an error if
http://hg.python.org/cpython/rev/96a82c973224

[python-dev]

New changeset 178d367c9733 by Victor Stinner in branch 'default':
Issue bpo-12049: Document errors cases of ssl.RAND_bytes() and
http://hg.python.org/cpython/rev/178d367c9733

[python-dev]

New changeset 195de3d10879 by Victor Stinner in branch 'default':
Issue bpo-12049: cleanup the warning in the random module doc
http://hg.python.org/cpython/rev/195de3d10879