diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst
index 7e26e2ec6f19d1..8df64ffa89afce 100644
--- a/Doc/library/ssl.rst
+++ b/Doc/library/ssl.rst
@@ -311,27 +311,6 @@ Random generation
.. versionadded:: 3.3
-.. function:: RAND_pseudo_bytes(num)
-
- Return (bytes, is_cryptographic): bytes are *num* pseudo-random bytes,
- is_cryptographic is ``True`` if the bytes generated are cryptographically
- strong. Raises an :class:`SSLError` if the operation is not supported by the
- current RAND method.
-
- Generated pseudo-random byte sequences will be unique if they are of
- sufficient length, but are not necessarily unpredictable. They can be used
- for non-cryptographic purposes and for certain purposes in cryptographic
- protocols, but usually not for key generation etc.
-
- For almost all applications :func:`os.urandom` is preferable.
-
- .. versionadded:: 3.3
-
- .. deprecated:: 3.6
-
- OpenSSL has deprecated :func:`ssl.RAND_pseudo_bytes`, use
- :func:`ssl.RAND_bytes` instead.
-
.. function:: RAND_status()
Return ``True`` if the SSL pseudo-random number generator has been seeded
@@ -2717,8 +2696,8 @@ for example the :mod:`multiprocessing` or :mod:`concurrent.futures` modules),
be aware that OpenSSL's internal random number generator does not properly
handle forked processes. Applications must change the PRNG state of the
parent process if they use any SSL feature with :func:`os.fork`. Any
-successful call of :func:`~ssl.RAND_add`, :func:`~ssl.RAND_bytes` or
-:func:`~ssl.RAND_pseudo_bytes` is sufficient.
+successful call of :func:`~ssl.RAND_add` or :func:`~ssl.RAND_bytes` is
+sufficient.
.. _ssl-tlsv1_3:
diff --git a/Doc/whatsnew/3.12.rst b/Doc/whatsnew/3.12.rst
index 52e4d7e25b3916..8526a130b3674d 100644
--- a/Doc/whatsnew/3.12.rst
+++ b/Doc/whatsnew/3.12.rst
@@ -214,6 +214,10 @@ Removed
also a static method.
(Contributed by Victor Stinner in :gh:`94169`.)
+* Remove the :func:`ssl.RAND_pseudo_bytes` function, deprecated in Python 3.6:
+ use :func:`os.urandom` or :func:`ssl.RAND_bytes` instead.
+ (Contributed by Victor Stinner in :gh:`94199`.)
+
Porting to Python 3.12
======================
diff --git a/Lib/ssl.py b/Lib/ssl.py
index ebac1d60d52de7..7c990417c4a1fb 100644
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -106,7 +106,7 @@
SSLSyscallError, SSLEOFError, SSLCertVerificationError
)
from _ssl import txt2obj as _txt2obj, nid2obj as _nid2obj
-from _ssl import RAND_status, RAND_add, RAND_bytes, RAND_pseudo_bytes
+from _ssl import RAND_status, RAND_add, RAND_bytes
try:
from _ssl import RAND_egd
except ImportError:
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index 3acafbdaa6ee4b..0ba2d6b1efc723 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -382,10 +382,6 @@ def test_random(self):
% (v, (v and "sufficient randomness") or
"insufficient randomness"))
- with warnings_helper.check_warnings():
- data, is_cryptographic = ssl.RAND_pseudo_bytes(16)
- self.assertEqual(len(data), 16)
- self.assertEqual(is_cryptographic, v == 1)
if v:
data = ssl.RAND_bytes(16)
self.assertEqual(len(data), 16)
@@ -394,8 +390,6 @@ def test_random(self):
# negative num is invalid
self.assertRaises(ValueError, ssl.RAND_bytes, -5)
- with warnings_helper.check_warnings():
- self.assertRaises(ValueError, ssl.RAND_pseudo_bytes, -5)
ssl.RAND_add("this is a random string", 75.0)
ssl.RAND_add(b"this is a random bytes object", 75.0)
diff --git a/Misc/NEWS.d/next/Library/2022-06-24-10-29-19.gh-issue-94199.pfehmz.rst b/Misc/NEWS.d/next/Library/2022-06-24-10-29-19.gh-issue-94199.pfehmz.rst
new file mode 100644
index 00000000000000..ed325c0f6886f5
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2022-06-24-10-29-19.gh-issue-94199.pfehmz.rst
@@ -0,0 +1,3 @@
+Remove the :func:`ssl.RAND_pseudo_bytes` function, deprecated in Python 3.6:
+use :func:`os.urandom` or :func:`ssl.RAND_bytes` instead. Patch by Victor
+Stinner.
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 08596577086ac4..f19ee6815af394 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -5158,24 +5158,6 @@ _ssl_RAND_bytes_impl(PyObject *module, int n)
return PySSL_RAND(module, n, 0);
}
-/*[clinic input]
-_ssl.RAND_pseudo_bytes
- n: int
- /
-
-Generate n pseudo-random bytes.
-
-Return a pair (bytes, is_cryptographic). is_cryptographic is True
-if the bytes generated are cryptographically strong.
-[clinic start generated code]*/
-
-static PyObject *
-_ssl_RAND_pseudo_bytes_impl(PyObject *module, int n)
-/*[clinic end generated code: output=b1509e937000e52d input=58312bd53f9bbdd0]*/
-{
- PY_SSL_DEPRECATED("ssl.RAND_pseudo_bytes() is deprecated", 1, NULL);
- return PySSL_RAND(module, n, 1);
-}
/*[clinic input]
_ssl.RAND_status
@@ -5634,7 +5616,6 @@ static PyMethodDef PySSL_methods[] = {
_SSL__TEST_DECODE_CERT_METHODDEF
_SSL_RAND_ADD_METHODDEF
_SSL_RAND_BYTES_METHODDEF
- _SSL_RAND_PSEUDO_BYTES_METHODDEF
_SSL_RAND_STATUS_METHODDEF
_SSL_GET_DEFAULT_VERIFY_PATHS_METHODDEF
_SSL_ENUM_CERTIFICATES_METHODDEF
diff --git a/Modules/clinic/_ssl.c.h b/Modules/clinic/_ssl.c.h
index 67b125f3d76167..24604dd43687c5 100644
--- a/Modules/clinic/_ssl.c.h
+++ b/Modules/clinic/_ssl.c.h
@@ -1090,37 +1090,6 @@ _ssl_RAND_bytes(PyObject *module, PyObject *arg)
return return_value;
}
-PyDoc_STRVAR(_ssl_RAND_pseudo_bytes__doc__,
-"RAND_pseudo_bytes($module, n, /)\n"
-"--\n"
-"\n"
-"Generate n pseudo-random bytes.\n"
-"\n"
-"Return a pair (bytes, is_cryptographic). is_cryptographic is True\n"
-"if the bytes generated are cryptographically strong.");
-
-#define _SSL_RAND_PSEUDO_BYTES_METHODDEF \
- {"RAND_pseudo_bytes", (PyCFunction)_ssl_RAND_pseudo_bytes, METH_O, _ssl_RAND_pseudo_bytes__doc__},
-
-static PyObject *
-_ssl_RAND_pseudo_bytes_impl(PyObject *module, int n);
-
-static PyObject *
-_ssl_RAND_pseudo_bytes(PyObject *module, PyObject *arg)
-{
- PyObject *return_value = NULL;
- int n;
-
- n = _PyLong_AsInt(arg);
- if (n == -1 && PyErr_Occurred()) {
- goto exit;
- }
- return_value = _ssl_RAND_pseudo_bytes_impl(module, n);
-
-exit:
- return return_value;
-}
-
PyDoc_STRVAR(_ssl_RAND_status__doc__,
"RAND_status($module, /)\n"
"--\n"
@@ -1361,4 +1330,4 @@ _ssl_enum_crls(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObje
#ifndef _SSL_ENUM_CRLS_METHODDEF
#define _SSL_ENUM_CRLS_METHODDEF
#endif /* !defined(_SSL_ENUM_CRLS_METHODDEF) */
-/*[clinic end generated code: output=2a488dd0cbc777df input=a9049054013a1b77]*/
+/*[clinic end generated code: output=9d806f8ff4a06ed3 input=a9049054013a1b77]*/
pFad - Phonifier reborn
Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy