From ced2d04ecfedee4ac065b7cae1aa5a048c857849 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Mon, 20 Nov 2017 15:12:30 +0800
Subject: [PATCH 1/4] restore a subset of the rand module

---
 CHANGELOG.rst       |  6 ++---
 src/OpenSSL/rand.py | 59 +++++++++++++++++++++++++++++++++++++++++++++
 tests/test_rand.py  | 48 ++++++++++++++++++++++++++++++++++++
 3 files changed, 110 insertions(+), 3 deletions(-)
 create mode 100644 src/OpenSSL/rand.py
 create mode 100644 tests/test_rand.py

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 0eb7f815a..b0b2562d6 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -23,12 +23,12 @@ Deprecations:
 Changes:
 ^^^^^^^^
 
-
+- Re-added a subset of the ``OpenSSL.rand`` module.
+  This subset allows conscientious users to reseed the OpenSSL CSPRNG after fork.
+  `#708 <https://github.com/pyca/pyopenssl/pull/708>`_
 - Corrected a use-after-free when reusing an issuer or subject from an ``X509`` object after the underlying object has been mutated.
   `#709 <https://github.com/pyca/pyopenssl/pull/709>`_
 
-----
-
 
 17.3.0 (2017-09-14)
 -------------------
diff --git a/src/OpenSSL/rand.py b/src/OpenSSL/rand.py
new file mode 100644
index 000000000..ac2560ba3
--- /dev/null
+++ b/src/OpenSSL/rand.py
@@ -0,0 +1,59 @@
+"""
+PRNG management routines, thin wrappers.
+"""
+
+from OpenSSL._util import (
+    ffi as _ffi,
+    lib as _lib,
+    exception_from_error_queue as _exception_from_error_queue,
+    path_string as _path_string)
+
+
+_builtin_bytes = bytes
+
+
+def add(buffer, entropy):
+    """
+    Mix bytes from *string* into the PRNG state.
+
+    The *entropy* argument is (the lower bound of) an estimate of how much
+    randomness is contained in *string*, measured in bytes.
+
+    For more information, see e.g. :rfc:`1750`.
+
+    This function is only relevant if you are forking Python processes and
+    need to reseed the CSPRNG after fork.
+
+    :param buffer: Buffer with random data.
+    :param entropy: The entropy (in bytes) measurement of the buffer.
+
+    :return: :obj:`None`
+    """
+    if not isinstance(buffer, _builtin_bytes):
+        raise TypeError("buffer must be a byte string")
+
+    if not isinstance(entropy, int):
+        raise TypeError("entropy must be an integer")
+
+    _lib.RAND_add(buffer, len(buffer), entropy)
+
+
+def status():
+    """
+    Check whether the PRNG has been seeded with enough data.
+
+    :return: 1 if the PRNG is seeded enough, 0 otherwise.
+    """
+    return _lib.RAND_status()
+
+
+def cleanup():
+    """
+    Erase the memory used by the PRNG.
+
+    This is a wrapper for the C function ``RAND_cleanup``.
+
+    :return: :obj:`None`
+    """
+    # TODO Nothing tests this call actually being made, or made properly.
+    _lib.RAND_cleanup()
diff --git a/tests/test_rand.py b/tests/test_rand.py
new file mode 100644
index 000000000..bd61f47e6
--- /dev/null
+++ b/tests/test_rand.py
@@ -0,0 +1,48 @@
+# Copyright (c) Frederick Dean
+# See LICENSE for details.
+
+"""
+Unit tests for `OpenSSL.rand`.
+"""
+
+import pytest
+
+from OpenSSL import rand
+
+
+class TestRand(object):
+
+    @pytest.mark.parametrize('args', [
+        (b"foo", None),
+        (None, 3),
+    ])
+    def test_add_wrong_args(self, args):
+        """
+        `OpenSSL.rand.add` raises `TypeError` if called with arguments not of
+        type `str` and `int`.
+        """
+        with pytest.raises(TypeError):
+            rand.add(*args)
+
+    def test_add(self):
+        """
+        `OpenSSL.rand.add` adds entropy to the PRNG.
+        """
+        rand.add(b'hamburger', 3)
+
+    def test_status(self):
+        """
+        `OpenSSL.rand.status` returns `1` if the PRNG has sufficient entropy,
+        `0` otherwise.
+        """
+        # It's hard to know what it is actually going to return.  Different
+        # OpenSSL random engines decide differently whether they have enough
+        # entropy or not.
+        assert rand.status() in (0, 1)
+
+    def test_cleanup(self):
+        """
+        `OpenSSL.rand.cleanup` releases the memory used by the PRNG and
+        returns `None`.
+        """
+        assert rand.cleanup() is None

From 121f4e5fee5e8d35429b22ba6113689ff4884c3e Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Mon, 20 Nov 2017 21:33:11 +0800
Subject: [PATCH 2/4] flake

---
 src/OpenSSL/rand.py | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/src/OpenSSL/rand.py b/src/OpenSSL/rand.py
index ac2560ba3..969f5b1d8 100644
--- a/src/OpenSSL/rand.py
+++ b/src/OpenSSL/rand.py
@@ -2,11 +2,7 @@
 PRNG management routines, thin wrappers.
 """
 
-from OpenSSL._util import (
-    ffi as _ffi,
-    lib as _lib,
-    exception_from_error_queue as _exception_from_error_queue,
-    path_string as _path_string)
+from OpenSSL._util import lib as _lib
 
 
 _builtin_bytes = bytes

From 909aa27d54541593d895a95cf88b5db90172321c Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Mon, 20 Nov 2017 21:41:46 +0800
Subject: [PATCH 3/4] remove cleanup, go ahead and assume status will always be
 1

---
 src/OpenSSL/rand.py | 12 ------------
 tests/test_rand.py  | 12 +-----------
 2 files changed, 1 insertion(+), 23 deletions(-)

diff --git a/src/OpenSSL/rand.py b/src/OpenSSL/rand.py
index 969f5b1d8..72c678c97 100644
--- a/src/OpenSSL/rand.py
+++ b/src/OpenSSL/rand.py
@@ -41,15 +41,3 @@ def status():
     :return: 1 if the PRNG is seeded enough, 0 otherwise.
     """
     return _lib.RAND_status()
-
-
-def cleanup():
-    """
-    Erase the memory used by the PRNG.
-
-    This is a wrapper for the C function ``RAND_cleanup``.
-
-    :return: :obj:`None`
-    """
-    # TODO Nothing tests this call actually being made, or made properly.
-    _lib.RAND_cleanup()
diff --git a/tests/test_rand.py b/tests/test_rand.py
index bd61f47e6..e04a24cc2 100644
--- a/tests/test_rand.py
+++ b/tests/test_rand.py
@@ -35,14 +35,4 @@ def test_status(self):
         `OpenSSL.rand.status` returns `1` if the PRNG has sufficient entropy,
         `0` otherwise.
         """
-        # It's hard to know what it is actually going to return.  Different
-        # OpenSSL random engines decide differently whether they have enough
-        # entropy or not.
-        assert rand.status() in (0, 1)
-
-    def test_cleanup(self):
-        """
-        `OpenSSL.rand.cleanup` releases the memory used by the PRNG and
-        returns `None`.
-        """
-        assert rand.cleanup() is None
+        assert rand.status() == 1

From 6afda823d8ce3a3c5b9764bff6556bcf070b96a2 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Mon, 20 Nov 2017 21:45:09 +0800
Subject: [PATCH 4/4] lighten and add power

---
 CHANGELOG.rst       | 3 +++
 src/OpenSSL/rand.py | 5 +----
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index b0b2562d6..0f7e89067 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -23,12 +23,15 @@ Deprecations:
 Changes:
 ^^^^^^^^
 
+
 - Re-added a subset of the ``OpenSSL.rand`` module.
   This subset allows conscientious users to reseed the OpenSSL CSPRNG after fork.
   `#708 <https://github.com/pyca/pyopenssl/pull/708>`_
 - Corrected a use-after-free when reusing an issuer or subject from an ``X509`` object after the underlying object has been mutated.
   `#709 <https://github.com/pyca/pyopenssl/pull/709>`_
 
+----
+
 
 17.3.0 (2017-09-14)
 -------------------
diff --git a/src/OpenSSL/rand.py b/src/OpenSSL/rand.py
index 72c678c97..d2c17673e 100644
--- a/src/OpenSSL/rand.py
+++ b/src/OpenSSL/rand.py
@@ -5,9 +5,6 @@
 from OpenSSL._util import lib as _lib
 
 
-_builtin_bytes = bytes
-
-
 def add(buffer, entropy):
     """
     Mix bytes from *string* into the PRNG state.
@@ -25,7 +22,7 @@ def add(buffer, entropy):
 
     :return: :obj:`None`
     """
-    if not isinstance(buffer, _builtin_bytes):
+    if not isinstance(buffer, bytes):
         raise TypeError("buffer must be a byte string")
 
     if not isinstance(entropy, int):