Issue 26970: Replace OpenSSL's CPRNG with system entropy source (original) (raw)

Created on 2016-05-06 09:10 by christian.heimes, last changed 2022-04-11 14:58 by admin. This issue is now closed.

Files
File name	Uploaded	Description	Edit
0001-Add-new-CPRNG-ENGINE.patch	christian.heimes,2016-05-06 09:10	review

Messages (10)
msg264948 - (view)	Author: Christian Heimes (christian.heimes) *	Date: 2016-05-06 09:10
The patch adds a new RAND engine for OpenSSL. The engine uses the system's entropy source (/dev/urandom, CryptGenRandom(), getentropy() ...). The engine is automatically installed with OpenSSL as default RAND engine. The new engine fixes the fork() bug once and for all (https://gist.github.com/tiran/a9ba8c51cc7d1b75d3bc1d3f24411b4c) The engine is a reimplementation of https://cryptography.readthedocs.io/en/latest/hazmat/backends/openssl/?highlight=engine#os-random-engine and a new take on #18747. I have added a couple of private helper methods to the _ssl module. I'm not sure if we should keep them, remove them or make them public.
msg264951 - (view)	Author: Antoine Pitrou (pitrou) *	Date: 2016-05-06 09:24
What are the helper methods good for? I don't think we want to expose them for now.
msg264952 - (view)	Author: Christian Heimes (christian.heimes) *	Date: 2016-05-06 09:28
I have used the helper methods during development. They are also used in unit tests.
msg264953 - (view)	Author: Antoine Pitrou (pitrou) *	Date: 2016-05-06 09:30
Then I'd say just keep them private.
msg265431 - (view)	Author: Christian Heimes (christian.heimes) *	Date: 2016-05-12 22:47
I have to replace _PyOS_URandom with a variant that doesn't need the GIL, https://mail.python.org/pipermail/cryptography-dev/2016-May/000595.html
msg265551 - (view)	Author: STINNER Victor (vstinner) *	Date: 2016-05-14 22:57
> I have to replace _PyOS_URandom with a variant that doesn't need the GIL Please don't replace it, but add a new function which report errors differently. Which kind of granularity do you expect for the error reporting? Just a boolean (success or failure)? Most implementations of _PyOS_URandom() already has a private "int raise" parameter to specify how errors are reported: raise an exception or call Py_FatalError().
msg265935 - (view)	Author: Christian Heimes (christian.heimes) *	Date: 2016-05-20 11:42
My remark was ambiguous. I meant that I have to create an second implementation of _PyOS_URandom and use it in _ssl_osrandom_bytes. Let's discuss the details on IRC after PyCon. I'm busy with preparations.
msg274750 - (view)	Author: Alyssa Coghlan (ncoghlan) *	Date: 2016-09-07 04:18
Christian, is this still a change you'd like to make for 3.6? (I don't recall seeing it in your list of pending ssl modules patches)
msg274781 - (view)	Author: Christian Heimes (christian.heimes) *	Date: 2016-09-07 09:06
No, it won't make it into 3.6. My patch is far from ready.
msg288301 - (view)	Author: Christian Heimes (christian.heimes) *	Date: 2017-02-21 14:36
Let's not overcomplicate Python's ssl module any more. I was part of an effort to provide an osrandom engine for PyCA cryptography. I'm going to port the engine to OpenSSL.

History
Date	User	Action	Args
2022-04-11 14:58:30	admin	set	github: 71157
2017-02-21 14:36:13	christian.heimes	set	status: open -> closedresolution: wont fixmessages: + stage: patch review -> resolved
2016-09-15 07:55:25	christian.heimes	set	assignee: christian.heimescomponents: + SSL
2016-09-07 09:06:07	christian.heimes	set	messages: + versions: + Python 3.7, - Python 3.6
2016-09-07 04🔞27	ncoghlan	set	nosy: + ncoghlanmessages: +
2016-05-20 11:42:05	christian.heimes	set	messages: +
2016-05-14 22:57:13	vstinner	set	messages: +
2016-05-12 22:47:58	christian.heimes	set	messages: +
2016-05-06 09:30:46	pitrou	set	messages: +
2016-05-06 09:28:06	christian.heimes	set	messages: +
2016-05-06 09:24:58	pitrou	set	messages: +
2016-05-06 09:13:09	Lukasa	set	nosy: + Lukasa
2016-05-06 09:10:27	christian.heimes	create