classification
Title: Replace OpenSSL's CPRNG with system entropy source
Type: security Stage: resolved
Components: Extension Modules, SSL Versions: Python 3.7
process
Status: closed Resolution: wont fix
Dependencies: Superseder:
Assigned To: christian.heimes Nosy List: Lukasa, alex, christian.heimes, dstufft, giampaolo.rodola, janssen, ncoghlan, pitrou, vstinner
Priority: normal Keywords: patch

Created on 2016-05-06 09:10 by christian.heimes, last changed 2017-02-21 14:36 by christian.heimes. This issue is now closed.

Files
File name Uploaded Description Edit
0001-Add-new-CPRNG-ENGINE.patch christian.heimes, 2016-05-06 09:10 review
Messages (10)
msg264948 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2016-05-06 09:10
The patch adds a new RAND engine for OpenSSL. The engine uses the system's entropy source (/dev/urandom, CryptGenRandom(), getentropy() ...). The engine is automatically installed with OpenSSL as default RAND engine. The new engine fixes the fork() bug once and for all (https://gist.github.com/tiran/a9ba8c51cc7d1b75d3bc1d3f24411b4c)

The engine is a reimplementation of https://cryptography.readthedocs.io/en/latest/hazmat/backends/openssl/?highlight=engine#os-random-engine and a new take on #18747.

I have added a couple of private helper methods to the _ssl module. I'm not sure if we should keep them, remove them or make them public.
msg264951 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2016-05-06 09:24
What are the helper methods good for? I don't think we want to expose them for now.
msg264952 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2016-05-06 09:28
I have used the helper methods during development. They are also used in unit tests.
msg264953 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2016-05-06 09:30
Then I'd say just keep them private.
msg265431 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2016-05-12 22:47
I have to replace _PyOS_URandom with a variant that doesn't need the GIL, https://mail.python.org/pipermail/cryptography-dev/2016-May/000595.html
msg265551 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2016-05-14 22:57
> I have to replace _PyOS_URandom with a variant that doesn't need the GIL

Please don't replace it, but add a new function which report errors differently. Which kind of granularity do you expect for the error reporting? Just a boolean (success or failure)?

Most implementations of _PyOS_URandom() already has a private "int raise" parameter to specify how errors are reported: raise an exception or call Py_FatalError().
msg265935 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2016-05-20 11:42
My remark was ambiguous. I meant that I have to create an second implementation of _PyOS_URandom and use it in _ssl_osrandom_bytes.

Let's discuss the details on IRC after PyCon. I'm busy with preparations.
msg274750 - (view) Author: Nick Coghlan (ncoghlan) * (Python committer) Date: 2016-09-07 04:18
Christian, is this still a change you'd like to make for 3.6?

(I don't recall seeing it in your list of pending ssl modules patches)
msg274781 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2016-09-07 09:06
No, it won't make it into 3.6. My patch is far from ready.
msg288301 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2017-02-21 14:36
Let's not overcomplicate Python's ssl module any more.

I was part of an effort to provide an osrandom engine for PyCA cryptography. I'm going to port the engine to OpenSSL.
History
Date User Action Args
2017-02-21 14:36:13christian.heimessetstatus: open -> closed
resolution: wont fix
messages: + msg288301

stage: patch review -> resolved
2016-09-15 07:55:25christian.heimessetassignee: christian.heimes
components: + SSL
2016-09-07 09:06:07christian.heimessetmessages: + msg274781
versions: + Python 3.7, - Python 3.6
2016-09-07 04:18:27ncoghlansetnosy: + ncoghlan
messages: + msg274750
2016-05-20 11:42:05christian.heimessetmessages: + msg265935
2016-05-14 22:57:13vstinnersetmessages: + msg265551
2016-05-12 22:47:58christian.heimessetmessages: + msg265431
2016-05-06 09:30:46pitrousetmessages: + msg264953
2016-05-06 09:28:06christian.heimessetmessages: + msg264952
2016-05-06 09:24:58pitrousetmessages: + msg264951
2016-05-06 09:13:09Lukasasetnosy: + Lukasa
2016-05-06 09:10:27christian.heimescreate