classification
Title: os.urandom() should use getentropy() of OpenBSD 5.6
Type: security Stage:
Components: Versions: Python 3.5
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: 700eb415, alex, haypo, python-dev, rpointel
Priority: normal Keywords: patch

Created on 2014-10-09 09:26 by haypo, last changed 2015-03-30 09:20 by python-dev. This issue is now closed.

Files
File name Uploaded Description Edit
getentropy.patch haypo, 2014-11-28 22:59 review
Messages (6)
msg228846 - (view) Author: STINNER Victor (haypo) * (Python committer) Date: 2014-10-09 09:26
The future OpenBSD 5.6 (scheduled in november 2014) will have a new getentropy() syscall and a new getentropy() in their C library which avoid the need of a file descriptor:
http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/getentropy.2?query=getentropy&sec=2

Note: "The maximum buffer size permitted is 256 bytes. If buflen exceeds this, an error of EIO will be indicated."

The file descriptor of os.urandom() causes perfomance issues and surprising bugs: #18756, #21207.

For Python 2.7, see also the PEP 466 and the issue #21305.

See also issues:

- #22181: os.urandom() should use Linux 3.17 getrandom() syscall
- #22542: Use arc4random under OpenBSD for os.urandom() if /dev/urandom is not present
msg231837 - (view) Author: STINNER Victor (haypo) * (Python committer) Date: 2014-11-28 22:59
Here is a patch using getentropy() if available. I tested it on OpenBSD 5.6 (the only OS implementing this function...).

The patch prepares also random.c to support Linux getrandom(): issue #22181.
msg232986 - (view) Author: Roundup Robot (python-dev) Date: 2014-12-21 00:18
New changeset 75ede5bec8db by Victor Stinner in branch 'default':
Issue #22585: On OpenBSD 5.6 and newer, os.urandom() now calls getentropy(),
https://hg.python.org/cpython/rev/75ede5bec8db
msg233107 - (view) Author: Roundup Robot (python-dev) Date: 2014-12-26 17:09
New changeset f11f84902713 by Victor Stinner in branch '3.4':
Issue #22585: On OpenBSD 5.6 and newer, os.urandom() now calls getentropy(),
https://hg.python.org/cpython/rev/f11f84902713
msg238281 - (view) Author: Roundup Robot (python-dev) Date: 2015-03-17 11:36
New changeset 371deb4a5fd1 by Ned Deily in branch '3.4':
Issue #22585: make URandomFDTests test case actually run
https://hg.python.org/cpython/rev/371deb4a5fd1

New changeset c89f7c34e356 by Ned Deily in branch 'default':
Issue #22585: null merge
https://hg.python.org/cpython/rev/c89f7c34e356

New changeset 961efafe9497 by Ned Deily in branch '2.7':
Issue #22585, #23115: make URandomFDTests test case actually run
https://hg.python.org/cpython/rev/961efafe9497
msg239586 - (view) Author: Roundup Robot (python-dev) Date: 2015-03-30 09:20
New changeset 9d3013a383eb by Victor Stinner in branch '3.4':
Issue #22585: os.urandom() now releases the GIL when the getentropy() is used
https://hg.python.org/cpython/rev/9d3013a383eb

New changeset 7f1015e4277a by Victor Stinner in branch 'default':
(Merge 3.4) Issue #22585: os.urandom() now releases the GIL when the
https://hg.python.org/cpython/rev/7f1015e4277a
History
Date User Action Args
2015-03-30 09:20:16python-devsetmessages: + msg239586
2015-03-17 11:36:37python-devsetmessages: + msg238281
2014-12-26 17:09:12python-devsetmessages: + msg233107
2014-12-21 00:18:41hayposetstatus: open -> closed
resolution: fixed
2014-12-21 00:18:30python-devsetnosy: + python-dev
messages: + msg232986
2014-11-28 22:59:29hayposetfiles: + getentropy.patch
keywords: + patch
messages: + msg231837
2014-10-09 09:44:06hayposetnosy: + alex
2014-10-09 09:28:09hayposetnosy: + rpointel, 700eb415
2014-10-09 09:26:08haypocreate