Better test coverage, documentation, LICENSE

Signed-off-by: Christian Heimes <christian@python.org>
pyca · Nov 14, 2016 · 952ebe9 · 952ebe9
1 parent afbe241
commit 952ebe9
Show file tree

Hide file tree

Showing 5 changed files with 34 additions and 8 deletions.
diff --git a/LICENSE b/LICENSE
@@ -2,5 +2,6 @@ This software is made available under the terms of *either* of the licenses
 found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made
 under the terms of *both* these licenses.
 
-The code used in the OpenSSL locking callback is derived from the same in
-Python itself, and is licensed under the terms of the PSF License Agreement.
+The code used in the OpenSSL locking callback and OS random engine is derived
+from the same in Python itself, and is licensed under the terms of the PSF
+License Agreement.
diff --git a/docs/hazmat/backends/openssl.rst b/docs/hazmat/backends/openssl.rst
@@ -40,6 +40,10 @@ greater.
         Activates the OS random engine. This will effectively disable OpenSSL's
         default CSPRNG.
 
+    .. method:: osrandom_engine_implementation()
+
+        Returns the implementation of OS random engine.
+
     .. method:: activate_builtin_random()
 
         This will activate the default OpenSSL CSPRNG.
@@ -81,6 +85,20 @@ details.
 Linux uses its own PRNG design. ``/dev/urandom`` is a non-blocking source
 seeded from the same pool as ``/dev/random``.
 
++----------------------------------------------------------+----------------------------------------------+
+| Windows                                                  | ``CryptGenRandom()``                         |
++----------------------------------------------------------+----------------------------------------------+
+| Linux >= 3.4.17 with working ``SYS_getrandom`` syscall   | ``getrandom(GRND_NONBLOCK)``                 |
++----------------------------------------------------------+----------------------------------------------+
+| OSX >= 10.10                                             | ``CCRandomGenerateBytes()``                  |
++----------------------------------------------------------+----------------------------------------------+
+| OpenBSD >= 5.6                                           | ``getentropy()``                             |
++----------------------------------------------------------+----------------------------------------------+
+| BSD family with ``SYS_getentropy`` in ``sys/syscall.h``  | ``getentropy()``                             |
++----------------------------------------------------------+----------------------------------------------+
+| fallback                                                 | ``/dev/urandom`` with cached file descriptor |
++----------------------------------------------------------+----------------------------------------------+
+
 
 .. _`OpenSSL`: https://www.openssl.org/
 .. _`initializing the RNG`: https://en.wikipedia.org/wiki/OpenSSL#Predictable_private_keys_.28Debian-specific.29

diff --git a/docs/spelling_wordlist.txt b/docs/spelling_wordlist.txt
@@ -74,6 +74,7 @@ serializer
 Serializers
 SHA
 Solaris
+syscall
 Tanja
 testability
 tunable

diff --git a/src/_cffi_src/openssl/src/osrandom_engine.c b/src/_cffi_src/openssl/src/osrandom_engine.c
@@ -7,8 +7,10 @@
  * Linux 3.4.17+   getrandom() with fallback to /dev/urandom
  * other           /dev/urandom with cached fd
  *
- * The code is largely inspired by Python/random.c, written by Antoine Pitrou
- * and Victor Stinner.
+ * The /dev/urandom, getrandom and getentropy code is derived from Python's
+ * Python/random.c, written by Antoine Pitrou and Victor Stinner.
+ *
+ * Copyright 2001-2016 Python Software Foundation; All Rights Reserved.
  */
 
 static const char *Cryptography_osrandom_engine_id = "osrandom";
@@ -401,13 +403,14 @@ static int osrandom_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
 
     switch (cmd) {
     case CRYPTOGRAPHY_OSRANDOM_GET_IMPLEMENTATION:
+        /* i: buffer size, p: char* buffer */
         name = osurandom_get_implementation();
         len = strlen(name);
         if ((p == NULL) && (i == 0)) {
             /* return required buffer len */
             return len;
         }
-        if ((p == NULL) || ((size_t)i <= len)) {
+        if ((p == NULL) || i < 0 || ((size_t)i <= len)) {
             /* no buffer or buffer too small */
             ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_INVALID_ARGUMENT);
             return 0;

diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
@@ -271,11 +271,14 @@ def test_activate_builtin_random_already_active(self):
 
     def test_osrandom_engine_implementation(self):
         name = backend.osrandom_engine_implementation()
-        assert name
+        assert name in ['/dev/urandom', 'CCRandomGenerateBytes',
+                        'CryptGenRandom', 'getentropy', 'getrandom']
         if sys.platform.startswith('linux'):
             assert name in ['getrandom', '/dev/urandom']
-        elif sys.platform == 'win32':
-            assert name == 'CryptGenRandom'
+        elif sys.platform == 'darwin':
+            assert name in ['CCRandomGenerateBytes', '/dev/urandom']
+        elif 'bsd' in sys.platform:
+            assert name in ['getentropy', '/dev/urandom']
 
     def test_activate_osrandom_already_default(self):
         e = backend._lib.ENGINE_get_default_RAND()