Issue 9123: insecure os.urandom on VMS (original) (raw)

Created on 2010-06-30 03:48 by zooko, last changed 2022-04-11 14:57 by admin. This issue is now closed.

Messages (6)
msg108963 - (view) Author: Zooko O'Whielacronx (zooko) Date: 2010-06-30 03:48
os.urandom() on VMS invokes OpenSSL's RAND_pseudo_bytes(). That is documented on: http://www.openssl.org/docs/crypto/RAND_bytes.html as being predictable and therefore unsuitable for many cryptographic purposes. This is inconsistent with the documentation of os.urandom(): """ urandom(n) -> str\n\n\ Return a string of n random bytes suitable for cryptographic use. """ This probably means that users of Python on VMS are vulnerable to attack based on the predictability of the results they get from os.urandom(). Honestly, I would have guessed that there *were* no users of Python on VMS when I started this bug report, but look--apparently there are: http://www.vmspython.org To fix this, change the call from RAND_pseudo_bytes() to RAND_bytes(). It has the same type signature and actually does what os.urandom() needs.
msg108964 - (view) Author: Zooko O'Whielacronx (zooko) Date: 2010-06-30 03:49
HACK Zooko-Ofsimplegeos-MacBook-Pro:~/playground/python/release27-trunk$ svn diff Index: Modules/posixmodule.c =================================================================== --- Modules/posixmodule.c (revision 82382) +++ Modules/posixmodule.c (working copy) @@ -8481,7 +8481,7 @@ result = PyString_FromStringAndSize(NULL, howMany); if (result != NULL) { /* Get random data */ - if (RAND_pseudo_bytes((unsigned char*) + if (RAND_bytes((unsigned char*) PyString_AS_STRING(result), howMany) < 0) { Py_DECREF(result);
msg108965 - (view) Author: Zooko O'Whielacronx (zooko) Date: 2010-06-30 03:49
This issue is a security vulnerability.
msg158203 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2012-04-13 09:58
> This issue is a security vulnerability. I disagree, it's just an issue of a comment in the C code. The Python documentation doesn't guarantee that os.urandom() is cryptographic. Use ssl.RAND_bytes(), added to Python 3.3, if you need cryptographic random numbers. By the way, VMS is no more supported in Python 3.3, see the PEP 11: Name: VMS Unsupported in: Python 3.3 Code removed in: Python 3.4
msg158204 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2012-04-13 10:00
- if (RAND_pseudo_bytes((unsigned char*) + if (RAND_bytes((unsigned char*) This is not a good idea: RAND_bytes() is blocking, whereas os.urandom() doesn't block on other platforms. os.urandom() is similar to /dev/urandom (non blocking), whereas /dev/random is blocking. With this patch, Python may block at startup if there is not enough entropy.
msg159777 - (view) Author: Martin v. Löwis (loewis) * (Python committer) Date: 2012-05-02 06:31
I'm closing this as "won't fix". Unless somebody is able to report that they actually tested the proposed change successfully, there is no point in adding it. Most likely, Python won't even build on VMS, in which case this is not a security issue at all.
History
Date User Action Args
2022-04-11 14:57:03 admin set github: 53369
2012-05-02 06:31:08 loewis set status: open -> closedresolution: wont fixmessages: +
2012-04-13 10:00:14 vstinner set messages: +
2012-04-13 09:58:31 vstinner set messages: +
2012-04-13 09:43:25 pitrou set nosy: + vstinnerstage: patch reviewversions: + Python 3.3
2012-04-12 22:02:13 adiroiban set nosy: + adiroiban
2010-06-30 09:47:06 pitrou set nosy: + loewistype: securitycomponents: + Library (Lib)versions: + Python 2.6, Python 3.1, Python 2.7, Python 3.2
2010-06-30 03:49:55 zooko set messages: +
2010-06-30 03:49:26 zooko set messages: +
2010-06-30 03:48:33 zooko create