diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2019-07-27 16:44:53 -0500 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2019-07-27 17:44:53 -0400 |
| commit | 85d6043f21bbc8bc3f97f8a8be25581f8bc7f376 (patch) | |
| tree | 8db6493d467dbbd71ba3f26d470d678a2464a487 /src | |
| parent | 25efc646152c3b9e3e4d2ffcd81ccb52055782f3 (diff) | |
| download | cryptography-85d6043f21bbc8bc3f97f8a8be25581f8bc7f376.tar.gz cryptography-85d6043f21bbc8bc3f97f8a8be25581f8bc7f376.tar.bz2 cryptography-85d6043f21bbc8bc3f97f8a8be25581f8bc7f376.zip | |
fix osrandom/builtin switching methods for 1.1.0+ (#4955)
* fix osrandom/builtin switching methods for 1.1.0+
In 1.1.0 RAND_cleanup became a no-op. This broke changing to the builtin
random engine via activate_builtin_random(). Fixed by directly calling
RAND_set_rand_method. This works on 1.0.x and 1.1.x
* missed an assert
Diffstat (limited to 'src')
| -rw-r--r-- | src/_cffi_src/openssl/rand.py | 6 | ||||
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/backend.py | 10 |
2 files changed, 9 insertions, 7 deletions
diff --git a/src/_cffi_src/openssl/rand.py b/src/_cffi_src/openssl/rand.py index 68653927..c0cd6836 100644 --- a/src/_cffi_src/openssl/rand.py +++ b/src/_cffi_src/openssl/rand.py @@ -9,10 +9,13 @@ INCLUDES = """ """ TYPES = """ +typedef ... RAND_METHOD; + static const long Cryptography_HAS_EGD; """ FUNCTIONS = """ +int RAND_set_rand_method(const RAND_METHOD *); void RAND_add(const void *, int, double); int RAND_status(void); int RAND_bytes(unsigned char *, int); @@ -21,9 +24,6 @@ int RAND_bytes(unsigned char *, int); 1 we'll just lie about the signature to preserve compatibility for pyOpenSSL (which calls this in its rand.py as of mid-2016) */ void ERR_load_RAND_strings(void); - -/* RAND_cleanup became a macro in 1.1.0 */ -void RAND_cleanup(void); """ CUSTOMIZATIONS = """ diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index c24d334a..ca8b1b62 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -133,8 +133,9 @@ class Backend(object): e = self._lib.ENGINE_get_default_RAND() if e != self._ffi.NULL: self._lib.ENGINE_unregister_RAND(e) - # Reset the RNG to use the new engine. - self._lib.RAND_cleanup() + # Reset the RNG to use the built-in. + res = self._lib.RAND_set_rand_method(self._ffi.NULL) + self.openssl_assert(res == 1) # decrement the structural reference from get_default_RAND res = self._lib.ENGINE_finish(e) self.openssl_assert(res == 1) @@ -167,8 +168,9 @@ class Backend(object): # Set the engine as the default RAND provider. res = self._lib.ENGINE_set_default_RAND(e) self.openssl_assert(res == 1) - # Reset the RNG to use the new engine. - self._lib.RAND_cleanup() + # Reset the RNG to use the engine + res = self._lib.RAND_set_rand_method(self._ffi.NULL) + self.openssl_assert(res == 1) def osrandom_engine_implementation(self): buf = self._ffi.new("char[]", 64) |