Created on 2010-06-30 03:48 by zooko, last changed 2012-05-02 06:31 by loewis. This issue is now closed.
| Messages (6) | |||
|---|---|---|---|
| msg108963 - (view) | Author: Zooko O'Whielacronx (zooko) | Date: 2010-06-30 03:48 | |
os.urandom() on VMS invokes OpenSSL's RAND_pseudo_bytes(). That is documented on: http://www.openssl.org/docs/crypto/RAND_bytes.html as being predictable and therefore unsuitable for many cryptographic purposes. This is inconsistent with the documentation of os.urandom(): """ urandom(n) -> str\n\n\ Return a string of n random bytes suitable for cryptographic use. """ This probably means that users of Python on VMS are vulnerable to attack based on the predictability of the results they get from os.urandom(). Honestly, I would have guessed that there *were* no users of Python on VMS when I started this bug report, but look--apparently there are: http://www.vmspython.org To fix this, change the call from RAND_pseudo_bytes() to RAND_bytes(). It has the same type signature and actually does what os.urandom() needs. |
|||
| msg108964 - (view) | Author: Zooko O'Whielacronx (zooko) | Date: 2010-06-30 03:49 | |
HACK Zooko-Ofsimplegeos-MacBook-Pro:~/playground/python/release27-trunk$ svn diff Index: Modules/posixmodule.c =================================================================== --- Modules/posixmodule.c (revision 82382) +++ Modules/posixmodule.c (working copy) @@ -8481,7 +8481,7 @@ result = PyString_FromStringAndSize(NULL, howMany); if (result != NULL) { /* Get random data */ - if (RAND_pseudo_bytes((unsigned char*) + if (RAND_bytes((unsigned char*) PyString_AS_STRING(result), howMany) < 0) { Py_DECREF(result); |
|||
| msg108965 - (view) | Author: Zooko O'Whielacronx (zooko) | Date: 2010-06-30 03:49 | |
This issue is a security vulnerability. |
|||
| msg158203 - (view) | Author: STINNER Victor (haypo) *  |
Date: 2012-04-13 09:58 | |
> This issue is a security vulnerability. I disagree, it's just an issue of a comment in the C code. The Python documentation doesn't guarantee that os.urandom() is cryptographic. Use ssl.RAND_bytes(), added to Python 3.3, if you need cryptographic random numbers. By the way, VMS is no more supported in Python 3.3, see the PEP 11: Name: VMS Unsupported in: Python 3.3 Code removed in: Python 3.4 |
|||
| msg158204 - (view) | Author: STINNER Victor (haypo) * |
Date: 2012-04-13 10:00 | |
- if (RAND_pseudo_bytes((unsigned char*) + if (RAND_bytes((unsigned char*) This is not a good idea: RAND_bytes() is blocking, whereas os.urandom() doesn't block on other platforms. os.urandom() is similar to /dev/urandom (non blocking), whereas /dev/random is blocking. With this patch, Python may block at startup if there is not enough entropy. |
|||
| msg159777 - (view) | Author: Martin v. Löwis (loewis) * |
Date: 2012-05-02 06:31 | |
I'm closing this as "won't fix". Unless somebody is able to report that they actually tested the proposed change successfully, there is no point in adding it. Most likely, Python won't even build on VMS, in which case this is not a security issue at all. |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2012-05-02 06:31:08 | loewis | set | status: open -> closed resolution: wont fix messages: + msg159777 |
| 2012-04-13 10:00:14 | haypo | set | messages: + msg158204 |
| 2012-04-13 09:58:31 | haypo | set | messages: + msg158203 |
| 2012-04-13 09:43:25 | pitrou | set | nosy:
+ haypo stage: patch review versions: + Python 3.3 |
| 2012-04-12 22:02:13 | adiroiban | set | nosy:
+ adiroiban |
| 2010-06-30 09:47:06 | pitrou | set | nosy:
+ loewis type: security components: + Library (Lib) versions: + Python 2.6, Python 3.1, Python 2.7, Python 3.2 |
| 2010-06-30 03:49:55 | zooko | set | messages: + msg108965 |
| 2010-06-30 03:49:26 | zooko | set | messages: + msg108964 |
| 2010-06-30 03:48:33 | zooko | create | |