gh-149017: Upgrade bundled Expat to 2.8.0#149020
gh-149017: Upgrade bundled Expat to 2.8.0#149020StanFromIreland wants to merge 5 commits intopython:mainfrom
Conversation
StanFromIreland
added
needs backport to 3.10
StanFromIreland
requested review from
AA-Turner,
emmatyping and
erlend-aasland
as code owners
|
@StanFromIreland I think I should note that CPython defines |
This reverts commit 9aa2874.
| // bpo-30947: Python uses best available entropy sources to | ||
| // call XML_SetHashSalt(), expat entropy sources are not needed | ||
| #define XML_POOR_ENTROPY 1 | ||
| #undef HAVE_ARC4RANDOM |
There was a problem hiding this comment.
So we actually are using a poor entropy source and later we will use the entropy source defined by Expat? The BPO issue seems also unsure on whether we wanted this for the C accelerated module. If we still want a poor entropy, I wonder why we need to undef those HAVE_* constants.
Because we would hit (in xmlparse.c):
#if ! defined(HAVE_ARC4RANDOM_BUF) && ! defined(HAVE_ARC4RANDOM)
on Windows I think? I'm confused here about (1) why we want poor entropy (2) why we undef those macros.
There was a problem hiding this comment.
So we actually are using a poor entropy source and later we will use the entropy source defined by Expat?
IIUC, not exactly. We skip all the "good" Expat entropy sources as we override it anyway with XML_SetHashSalt.
Because we would hit (in xmlparse.c):
It only uses gettimeofday/GetSystemTimeAsFileTime which are in the respective system libraries.
There was a problem hiding this comment.
But XML_SetHashSalt has poor entropy according to #149018 and we need to use the new interface, which uses the non-poor sources?
There was a problem hiding this comment.
XML_SetHashSalt16Bytes doesn’t use the new sources? It is just a setter.
There was a problem hiding this comment.
Oh ok! so we produce the entropy and set it afterwards, om makes sense.
3 participants
Uh oh!
There was an error while loading. Please reload this page.