[Python-Dev] [Python-checkins] cpython: Issue #12049: Add RAND_bytes() and RAND_pseudo_bytes() functions to the ssl

Victor Stinner victor.stinner at haypocalc.com
Wed May 25 11:29:17 CEST 2011

Le mercredi 25 mai 2011 à 15:09 +1000, Nick Coghlan a écrit :
> The RAND_bytes() documentation should probably make it clearer that
> unlike the random module and RAND_pseudo_bytes(), RAND_bytes() can
> *fail* (by raising SSLError) if it isn't in a position to provide the
> requested random data.

According to the doc, both functions can fail, but it is more likely
than RAND_bytes() fail. I disabled temporary Linux random devices to
test RAND_bytes() error code:

   mv /dev/random /dev/random.xxx
   mv /dev/urandom /dev/urandom.xxx

In this case, RAND_pseudo_bytes() generates non-cryptographic random
numbers: it returns (random_bytes, False). I don't know how to test
RAND_pseudo_bytes() error code.


I patched test_ssl to test that RAND_bytes() raises an SSLError if there
is not enough entropy, and I also improved the documentation to detail
the error cases.


More information about the Python-Dev mailing list