restore a subset of the rand module (#708)

reaperhulk · alex · commit acbd662b62a2 · 2017-11-20T09:25:18.000-05:00
* restore a subset of the rand module

* flake

* remove cleanup, go ahead and assume status will always be 1

* lighten and add power
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -24,6 +24,9 @@ Changes:
 ^^^^^^^^
 
 
+- Re-added a subset of the ``OpenSSL.rand`` module.
+  This subset allows conscientious users to reseed the OpenSSL CSPRNG after fork.
+  `#708 <https://github.com/pyca/pyopenssl/pull/708>`_
 - Corrected a use-after-free when reusing an issuer or subject from an ``X509`` object after the underlying object has been mutated.
   `#709 <https://github.com/pyca/pyopenssl/pull/709>`_
 
diff --git a/src/OpenSSL/rand.py b/src/OpenSSL/rand.py
@@ -0,0 +1,40 @@
+"""
+PRNG management routines, thin wrappers.
+"""
+
+from OpenSSL._util import lib as _lib
+
+
+def add(buffer, entropy):
+    """
+    Mix bytes from *string* into the PRNG state.
+
+    The *entropy* argument is (the lower bound of) an estimate of how much
+    randomness is contained in *string*, measured in bytes.
+
+    For more information, see e.g. :rfc:`1750`.
+
+    This function is only relevant if you are forking Python processes and
+    need to reseed the CSPRNG after fork.
+
+    :param buffer: Buffer with random data.
+    :param entropy: The entropy (in bytes) measurement of the buffer.
+
+    :return: :obj:`None`
+    """
+    if not isinstance(buffer, bytes):
+        raise TypeError("buffer must be a byte string")
+
+    if not isinstance(entropy, int):
+        raise TypeError("entropy must be an integer")
+
+    _lib.RAND_add(buffer, len(buffer), entropy)
+
+
+def status():
+    """
+    Check whether the PRNG has been seeded with enough data.
+
+    :return: 1 if the PRNG is seeded enough, 0 otherwise.
+    """
+    return _lib.RAND_status()
diff --git a/tests/test_rand.py b/tests/test_rand.py
@@ -0,0 +1,38 @@
+# Copyright (c) Frederick Dean
+# See LICENSE for details.
+
+"""
+Unit tests for `OpenSSL.rand`.
+"""
+
+import pytest
+
+from OpenSSL import rand
+
+
+class TestRand(object):
+
+    @pytest.mark.parametrize('args', [
+        (b"foo", None),
+        (None, 3),
+    ])
+    def test_add_wrong_args(self, args):
+        """
+        `OpenSSL.rand.add` raises `TypeError` if called with arguments not of
+        type `str` and `int`.
+        """
+        with pytest.raises(TypeError):
+            rand.add(*args)
+
+    def test_add(self):
+        """
+        `OpenSSL.rand.add` adds entropy to the PRNG.
+        """
+        rand.add(b'hamburger', 3)
+
+    def test_status(self):
+        """
+        `OpenSSL.rand.status` returns `1` if the PRNG has sufficient entropy,
+        `0` otherwise.
+        """
+        assert rand.status() == 1
