Skip to content

Commit

Permalink
Better test coverage, documentation, LICENSE
Browse files Browse the repository at this point in the history
Signed-off-by: Christian Heimes <[email protected]>
  • Loading branch information
tiran committed Nov 14, 2016
1 parent afbe241 commit 075de30
Show file tree
Hide file tree
Showing 5 changed files with 39 additions and 8 deletions.
5 changes: 3 additions & 2 deletions LICENSE
Original file line number Diff line number Diff line change
Expand Up @@ -2,5 +2,6 @@ This software is made available under the terms of *either* of the licenses
found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made
under the terms of *both* these licenses.

The code used in the OpenSSL locking callback is derived from the same in
Python itself, and is licensed under the terms of the PSF License Agreement.
The code used in the OpenSSL locking callback and OS random engine is derived
from the same in Python itself, and is licensed under the terms of the PSF
License Agreement.
21 changes: 21 additions & 0 deletions docs/hazmat/backends/openssl.rst
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,10 @@ greater.
Activates the OS random engine. This will effectively disable OpenSSL's
default CSPRNG.

.. method:: osrandom_engine_implementation()

Returns the implementation of OS random engine.

.. method:: activate_builtin_random()

This will activate the default OpenSSL CSPRNG.
Expand Down Expand Up @@ -81,6 +85,23 @@ details.
Linux uses its own PRNG design. ``/dev/urandom`` is a non-blocking source
seeded from the same pool as ``/dev/random``.

+------------------------------------------+------------------------------+
| Windows | ``CryptGenRandom()`` |
+------------------------------------------+------------------------------+
| Linux >= 3.4.17 with working | ``getrandom(GRND_NONBLOCK)`` |
| ``SYS_getrandom`` syscall | |
+------------------------------------------+------------------------------+
| OSX >= 10.10 | ``CCRandomGenerateBytes()`` |
+------------------------------------------+------------------------------+
| OpenBSD >= 5.6 | ``getentropy()`` |
+------------------------------------------+------------------------------+
| BSD family with | ``getentropy()`` |
| ``SYS_getentropy`` in ``sys/syscall.h`` | |
+------------------------------------------+------------------------------+
| fallback | ``/dev/urandom`` with |
| | cached file descriptor |
+------------------------------------------+------------------------------+


.. _`OpenSSL`: https://www.openssl.org/
.. _`initializing the RNG`: https://en.wikipedia.org/wiki/OpenSSL#Predictable_private_keys_.28Debian-specific.29
Expand Down
3 changes: 3 additions & 0 deletions docs/spelling_wordlist.txt
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ Django
Docstrings
El
Encodings
fallback
Fernet
fernet
FIPS
Expand All @@ -58,6 +59,7 @@ nonces
online
paddings
Parallelization
personalization
pickleable
plaintext
pre
Expand All @@ -74,6 +76,7 @@ serializer
Serializers
SHA
Solaris
syscall
Tanja
testability
tunable
Expand Down
9 changes: 6 additions & 3 deletions src/_cffi_src/openssl/src/osrandom_engine.c
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,10 @@
* Linux 3.4.17+ getrandom() with fallback to /dev/urandom
* other /dev/urandom with cached fd
*
* The code is largely inspired by Python/random.c, written by Antoine Pitrou
* and Victor Stinner.
* The /dev/urandom, getrandom and getentropy code is derived from Python's
* Python/random.c, written by Antoine Pitrou and Victor Stinner.
*
* Copyright 2001-2016 Python Software Foundation; All Rights Reserved.
*/

static const char *Cryptography_osrandom_engine_id = "osrandom";
Expand Down Expand Up @@ -401,13 +403,14 @@ static int osrandom_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))

switch (cmd) {
case CRYPTOGRAPHY_OSRANDOM_GET_IMPLEMENTATION:
/* i: buffer size, p: char* buffer */
name = osurandom_get_implementation();
len = strlen(name);
if ((p == NULL) && (i == 0)) {
/* return required buffer len */
return len;
}
if ((p == NULL) || ((size_t)i <= len)) {
if ((p == NULL) || i < 0 || ((size_t)i <= len)) {
/* no buffer or buffer too small */
ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_INVALID_ARGUMENT);
return 0;
Expand Down
9 changes: 6 additions & 3 deletions tests/hazmat/backends/test_openssl.py
Original file line number Diff line number Diff line change
Expand Up @@ -271,11 +271,14 @@ def test_activate_builtin_random_already_active(self):

def test_osrandom_engine_implementation(self):
name = backend.osrandom_engine_implementation()
assert name
assert name in ['/dev/urandom', 'CCRandomGenerateBytes',
'CryptGenRandom', 'getentropy', 'getrandom']
if sys.platform.startswith('linux'):
assert name in ['getrandom', '/dev/urandom']
elif sys.platform == 'win32':
assert name == 'CryptGenRandom'
elif sys.platform == 'darwin':
assert name in ['CCRandomGenerateBytes', '/dev/urandom']
elif 'bsd' in sys.platform:
assert name in ['getentropy', '/dev/urandom']

def test_activate_osrandom_already_default(self):
e = backend._lib.ENGINE_get_default_RAND()
Expand Down

0 comments on commit 075de30

Please sign in to comment.