[Patches] [ python-Patches-405101 ] Add Random Seeding to OpenSSL
nobody
nobody@sourceforge.net
Thu, 01 Mar 2001 03:40:59 -0800
Patches #405101, was updated on 2001-03-01 02:55
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=305470&aid=405101&group_id=5470
Category: Modules
Group: None
Status: Open
Priority: 5
Submitted By: Moshe Zadka
Assigned to: A.M. Kuchling
Summary: Add Random Seeding to OpenSSL
Initial Comment:
On systems without /dev/urandom, OpenSSL does not
work unless explicitly seeded. This patch gives
an option to seed it either from EGD, or from the
C rng
----------------------------------------------------------------------
Comment By: Moshe Zadka
Date: 2001-03-01 03:40
Message:
Logged In: YES
user_id=11645
New version of the patch: now warning when using the
insecure srand/rand (version at
http://www.lerner.co.il/~moshez/ssl_seed also updated)
Index: Modules/socketmodule.c
===================================================================
RCS file:
/cvsroot/python/python/dist/src/Modules/socketmodule.c,v
retrieving revision 1.137
diff -c -r1.137 socketmodule.c
*** Modules/socketmodule.c 2001/02/07 20:41:17
1.137
--- Modules/socketmodule.c 2001/03/01 11:37:12
***************
*** 176,181 ****
--- 176,182 ----
#include "openssl/pem.h"
#include "openssl/ssl.h"
#include "openssl/err.h"
+ #include "openssl/rand.h"
#endif /* USE_SSL */
#if defined(MS_WINDOWS) || defined(__BEOS__)
***************
*** 2473,2478 ****
--- 2474,2505 ----
if (PyDict_SetItemString(d, "SSLType",
(PyObject *)&SSL_Type) !=
0)
return;
+ if (RAND_status() == 0) {
+ #ifdef USE_EGD
+ char random_device[MAXPATHLEN+1];
+ if (!RAND_file_name (random_device,
MAXPATHLEN + 1)) {
+ PyErr_SetObject(SSLErrorObject,
+
PyString_FromString("RAND_file_name error"));
+ return;
+ }
+ if (RAND_egd (random_device) == -1) {
+ PyErr_SetObject(SSLErrorObject,
+
PyString_FromString("RAND_egd error"));
+ return;
+ }
+ #else /* USE_EGD not defined */
+ char random_string[32];
+ int i;
+
+ PyErr_Warn(PyExc_RuntimeWarning,
+ "using insecure method to
generate random numbers");
+ srand(time(NULL));
+ for(i=0; i<sizeof(random_string); i++) {
+ random_string[i] = rand();
+ }
+ RAND_seed(random_string,
sizeof(random_string));
+ #endif /* USE_EGD */
+ }
#endif /* USE_SSL */
PyDict_SetItemString(d, "error", PySocket_Error);
PySocketSock_Type.ob_type = &PyType_Type;
----------------------------------------------------------------------
Comment By: Moshe Zadka
Date: 2001-03-01 03:01
Message:
Logged In: YES
user_id=11645
Note: the patch survived remarkably well:
The only broken lines are the one that goes:
(PyObject *)&SSL_Type) !=
And the one that goes:
RAND_seed(random_string,
----------------------------------------------------------------------
Comment By: Moshe Zadka
Date: 2001-03-01 02:58
Message:
Logged In: YES
user_id=11645
Well, as usual, the attachment did not work.
Available as http://www.lerner.co.il/~moshez/ssl_seed
Also put here for reference purposes:
Index: Modules/socketmodule.c
===================================================================
RCS file:
/cvsroot/python/python/dist/src/Modules/socketmodule.c,v
retrieving revision 1.137
diff -c -r1.137 socketmodule.c
*** Modules/socketmodule.c 2001/02/07 20:41:17
1.137
--- Modules/socketmodule.c 2001/03/01 10:38:45
***************
*** 176,181 ****
--- 176,182 ----
#include "openssl/pem.h"
#include "openssl/ssl.h"
#include "openssl/err.h"
+ #include "openssl/rand.h"
#endif /* USE_SSL */
#if defined(MS_WINDOWS) || defined(__BEOS__)
***************
*** 2473,2478 ****
--- 2474,2503 ----
if (PyDict_SetItemString(d, "SSLType",
(PyObject *)&SSL_Type) !=
0)
return;
+ if (RAND_status() == 0) {
+ #ifdef USE_EGD
+ char random_device[MAXPATHLEN+1];
+ if (!RAND_file_name (random_device,
MAXPATHLEN + 1)) {
+ PyErr_SetObject(SSLErrorObject,
+
PyString_FromString("RAND_file_name error"));
+ return;
+ }
+ if (RAND_egd (random_device) == -1) {
+ PyErr_SetObject(SSLErrorObject,
+
PyString_FromString("RAND_egd error"));
+ return;
+ }
+ #else /* USE_EGD not defined */
+ char random_string[32];
+ int i;
+
+ srand(time(NULL));
+ for(i=0; i<sizeof(random_string); i++) {
+ random_string[i] = rand();
+ }
+ RAND_seed(random_string,
sizeof(random_string));
+ #end+ }
#endif /* USE_SSL */
PyDict_SetItemString(d, "error", PySocket_Error);
PySocketSock_Type.ob_type = &PyType_Type;
if /* USE_EGD */
----------------------------------------------------------------------
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=305470&aid=405101&group_id=5470