[Python-checkins] gh-94199: Remove ssl.RAND_pseudo_bytes() function (#94202)

vstinner webhook-mailer at python.org
Fri Jun 24 05:06:01 EDT 2022

• Previous message (by thread): [Python-checkins] gh-94169: Remove deprecated io.OpenWrapper (#94170)
• Next message (by thread): [Python-checkins] gh-94196: Remove gzip.GzipFile.filename attribute (#94197)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

https://github.com/python/cpython/commit/d435a18c537a62a89a70005885e6e09f58997d8a
commit: d435a18c537a62a89a70005885e6e09f58997d8a
branch: main
author: Victor Stinner <vstinner at python.org>
committer: vstinner <vstinner at python.org>
date: 2022年06月24日T11:05:53+02:00
summary:
gh-94199: Remove ssl.RAND_pseudo_bytes() function (#94202)
Remove the ssl.RAND_pseudo_bytes() function, deprecated in Python
3.6: use os.urandom() or ssl.RAND_bytes() instead.
files:
A Misc/NEWS.d/next/Library/2022-06-24-10-29-19.gh-issue-94199.pfehmz.rst
M Doc/library/ssl.rst
M Doc/whatsnew/3.12.rst
M Lib/ssl.py
M Lib/test/test_ssl.py
M Modules/_ssl.c
M Modules/clinic/_ssl.c.h
diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst
index 7e26e2ec6f19d..8df64ffa89afc 100644
--- a/Doc/library/ssl.rst
+++ b/Doc/library/ssl.rst
@@ -311,27 +311,6 @@ Random generation
 
 .. versionadded:: 3.3
 
-.. function:: RAND_pseudo_bytes(num)
-
- Return (bytes, is_cryptographic): bytes are *num* pseudo-random bytes,
- is_cryptographic is ``True`` if the bytes generated are cryptographically
- strong. Raises an :class:`SSLError` if the operation is not supported by the
- current RAND method.
-
- Generated pseudo-random byte sequences will be unique if they are of
- sufficient length, but are not necessarily unpredictable. They can be used
- for non-cryptographic purposes and for certain purposes in cryptographic
- protocols, but usually not for key generation etc.
-
- For almost all applications :func:`os.urandom` is preferable.
-
- .. versionadded:: 3.3
-
- .. deprecated:: 3.6
-
- OpenSSL has deprecated :func:`ssl.RAND_pseudo_bytes`, use
- :func:`ssl.RAND_bytes` instead.
-
 .. function:: RAND_status()
 
 Return ``True`` if the SSL pseudo-random number generator has been seeded
@@ -2717,8 +2696,8 @@ for example the :mod:`multiprocessing` or :mod:`concurrent.futures` modules),
 be aware that OpenSSL's internal random number generator does not properly
 handle forked processes. Applications must change the PRNG state of the
 parent process if they use any SSL feature with :func:`os.fork`. Any
-successful call of :func:`~ssl.RAND_add`, :func:`~ssl.RAND_bytes` or
-:func:`~ssl.RAND_pseudo_bytes` is sufficient.
+successful call of :func:`~ssl.RAND_add` or :func:`~ssl.RAND_bytes` is
+sufficient.
 
 
 .. _ssl-tlsv1_3:
diff --git a/Doc/whatsnew/3.12.rst b/Doc/whatsnew/3.12.rst
index 52e4d7e25b391..8526a130b3674 100644
--- a/Doc/whatsnew/3.12.rst
+++ b/Doc/whatsnew/3.12.rst
@@ -214,6 +214,10 @@ Removed
 also a static method.
 (Contributed by Victor Stinner in :gh:`94169`.)
 
+* Remove the :func:`ssl.RAND_pseudo_bytes` function, deprecated in Python 3.6:
+ use :func:`os.urandom` or :func:`ssl.RAND_bytes` instead.
+ (Contributed by Victor Stinner in :gh:`94199`.)
+
 
 Porting to Python 3.12
 ======================
diff --git a/Lib/ssl.py b/Lib/ssl.py
index ebac1d60d52de..7c990417c4a1f 100644
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -106,7 +106,7 @@
 SSLSyscallError, SSLEOFError, SSLCertVerificationError
 )
 from _ssl import txt2obj as _txt2obj, nid2obj as _nid2obj
-from _ssl import RAND_status, RAND_add, RAND_bytes, RAND_pseudo_bytes
+from _ssl import RAND_status, RAND_add, RAND_bytes
 try:
 from _ssl import RAND_egd
 except ImportError:
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index 3acafbdaa6ee4..0ba2d6b1efc72 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -382,10 +382,6 @@ def test_random(self):
 % (v, (v and "sufficient randomness") or
 "insufficient randomness"))
 
- with warnings_helper.check_warnings():
- data, is_cryptographic = ssl.RAND_pseudo_bytes(16)
- self.assertEqual(len(data), 16)
- self.assertEqual(is_cryptographic, v == 1)
 if v:
 data = ssl.RAND_bytes(16)
 self.assertEqual(len(data), 16)
@@ -394,8 +390,6 @@ def test_random(self):
 
 # negative num is invalid
 self.assertRaises(ValueError, ssl.RAND_bytes, -5)
- with warnings_helper.check_warnings():
- self.assertRaises(ValueError, ssl.RAND_pseudo_bytes, -5)
 
 ssl.RAND_add("this is a random string", 75.0)
 ssl.RAND_add(b"this is a random bytes object", 75.0)
diff --git a/Misc/NEWS.d/next/Library/2022-06-24-10-29-19.gh-issue-94199.pfehmz.rst b/Misc/NEWS.d/next/Library/2022-06-24-10-29-19.gh-issue-94199.pfehmz.rst
new file mode 100644
index 0000000000000..ed325c0f6886f
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2022-06-24-10-29-19.gh-issue-94199.pfehmz.rst
@@ -0,0 +1,3 @@
+Remove the :func:`ssl.RAND_pseudo_bytes` function, deprecated in Python 3.6:
+use :func:`os.urandom` or :func:`ssl.RAND_bytes` instead. Patch by Victor
+Stinner.
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 08596577086ac..f19ee6815af39 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -5158,24 +5158,6 @@ _ssl_RAND_bytes_impl(PyObject *module, int n)
 return PySSL_RAND(module, n, 0);
 }
 
-/*[clinic input]
-_ssl.RAND_pseudo_bytes
- n: int
- /
-
-Generate n pseudo-random bytes.
-
-Return a pair (bytes, is_cryptographic). is_cryptographic is True
-if the bytes generated are cryptographically strong.
-[clinic start generated code]*/
-
-static PyObject *
-_ssl_RAND_pseudo_bytes_impl(PyObject *module, int n)
-/*[clinic end generated code: output=b1509e937000e52d input=58312bd53f9bbdd0]*/
-{
- PY_SSL_DEPRECATED("ssl.RAND_pseudo_bytes() is deprecated", 1, NULL);
- return PySSL_RAND(module, n, 1);
-}
 
 /*[clinic input]
 _ssl.RAND_status
@@ -5634,7 +5616,6 @@ static PyMethodDef PySSL_methods[] = {
 _SSL__TEST_DECODE_CERT_METHODDEF
 _SSL_RAND_ADD_METHODDEF
 _SSL_RAND_BYTES_METHODDEF
- _SSL_RAND_PSEUDO_BYTES_METHODDEF
 _SSL_RAND_STATUS_METHODDEF
 _SSL_GET_DEFAULT_VERIFY_PATHS_METHODDEF
 _SSL_ENUM_CERTIFICATES_METHODDEF
diff --git a/Modules/clinic/_ssl.c.h b/Modules/clinic/_ssl.c.h
index 67b125f3d7616..24604dd43687c 100644
--- a/Modules/clinic/_ssl.c.h
+++ b/Modules/clinic/_ssl.c.h
@@ -1090,37 +1090,6 @@ _ssl_RAND_bytes(PyObject *module, PyObject *arg)
 return return_value;
 }
 
-PyDoc_STRVAR(_ssl_RAND_pseudo_bytes__doc__,
-"RAND_pseudo_bytes($module, n, /)\n"
-"--\n"
-"\n"
-"Generate n pseudo-random bytes.\n"
-"\n"
-"Return a pair (bytes, is_cryptographic). is_cryptographic is True\n"
-"if the bytes generated are cryptographically strong.");
-
-#define _SSL_RAND_PSEUDO_BYTES_METHODDEF \
- {"RAND_pseudo_bytes", (PyCFunction)_ssl_RAND_pseudo_bytes, METH_O, _ssl_RAND_pseudo_bytes__doc__},
-
-static PyObject *
-_ssl_RAND_pseudo_bytes_impl(PyObject *module, int n);
-
-static PyObject *
-_ssl_RAND_pseudo_bytes(PyObject *module, PyObject *arg)
-{
- PyObject *return_value = NULL;
- int n;
-
- n = _PyLong_AsInt(arg);
- if (n == -1 && PyErr_Occurred()) {
- goto exit;
- }
- return_value = _ssl_RAND_pseudo_bytes_impl(module, n);
-
-exit:
- return return_value;
-}
-
 PyDoc_STRVAR(_ssl_RAND_status__doc__,
 "RAND_status($module, /)\n"
 "--\n"
@@ -1361,4 +1330,4 @@ _ssl_enum_crls(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObje
 #ifndef _SSL_ENUM_CRLS_METHODDEF
 #define _SSL_ENUM_CRLS_METHODDEF
 #endif /* !defined(_SSL_ENUM_CRLS_METHODDEF) */
-/*[clinic end generated code: output=2a488dd0cbc777df input=a9049054013a1b77]*/
+/*[clinic end generated code: output=9d806f8ff4a06ed3 input=a9049054013a1b77]*/

---

• Previous message (by thread): [Python-checkins] gh-94169: Remove deprecated io.OpenWrapper (#94170)
• Next message (by thread): [Python-checkins] gh-94196: Remove gzip.GzipFile.filename attribute (#94197)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

More information about the Python-checkins mailing list