Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

os.urandom() should use getentropy() of OpenBSD 5.6 #66775

Closed
vstinner opened this issue Oct 9, 2014 · 6 comments
Closed

os.urandom() should use getentropy() of OpenBSD 5.6 #66775

vstinner opened this issue Oct 9, 2014 · 6 comments
Labels
type-security A security issue

Comments

@vstinner
Copy link
Member

vstinner commented Oct 9, 2014

BPO 22585
Nosy @vstinner, @alex
Files
  • getentropy.patch
    		•

    Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = None
closed_at = <Date 2014-12-21.00:18:41.617>
created_at = <Date 2014-10-09.09:26:08.769>
labels = ['type-security']
title = 'os.urandom() should use getentropy() of OpenBSD 5.6'
updated_at = <Date 2015-03-30.09:20:16.729>
user = 'https://github.com/vstinner'

    bugs.python.org fields:

    activity = <Date 2015-03-30.09:20:16.729>
actor = 'python-dev'
assignee = 'none'
closed = True
closed_date = <Date 2014-12-21.00:18:41.617>
closer = 'vstinner'
components = []
creation = <Date 2014-10-09.09:26:08.769>
creator = 'vstinner'
dependencies = []
files = ['37311']
hgrepos = []
issue_num = 22585
keywords = ['patch']
message_count = 6.0
messages = ['228846', '231837', '232986', '233107', '238281', '239586']
nosy_count = 5.0
nosy_names = ['vstinner', 'alex', 'python-dev', 'rpointel', '700eb415']
pr_nums = []
priority = 'normal'
resolution = 'fixed'
stage = None
status = 'closed'
superseder = None
type = 'security'
url = 'https://bugs.python.org/issue22585'
versions = ['Python 3.5']
    @vstinner
    Copy link
    Member Author

    vstinner commented Oct 9, 2014

    The future OpenBSD 5.6 (scheduled in november 2014) will have a new getentropy() syscall and a new getentropy() in their C library which avoid the need of a file descriptor:
    http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/getentropy.2?query=getentropy&sec=2

    Note: "The maximum buffer size permitted is 256 bytes. If buflen exceeds this, an error of EIO will be indicated."

    The file descriptor of os.urandom() causes perfomance issues and surprising bugs: bpo-18756, bpo-21207.

    For Python 2.7, see also the PEP-466 and the issue bpo-21305.

    See also issues:

    • bpo-22181: os.urandom() should use Linux 3.17 getrandom() syscall
    • bpo-22542: Use arc4random under OpenBSD for os.urandom() if /dev/urandom is not present

    @vstinner vstinner added the type-security A security issue label Oct 9, 2014
    @vstinner
    Copy link
    Member Author

    Here is a patch using getentropy() if available. I tested it on OpenBSD 5.6 (the only OS implementing this function...).

    The patch prepares also random.c to support Linux getrandom(): issue bpo-22181.

    @python-dev
    Copy link
    Mannequin

    python-dev mannequin commented Dec 21, 2014

    New changeset 75ede5bec8db by Victor Stinner in branch 'default':
    Issue bpo-22585: On OpenBSD 5.6 and newer, os.urandom() now calls getentropy(),
    https://hg.python.org/cpython/rev/75ede5bec8db

    @python-dev
    Copy link
    Mannequin

    python-dev mannequin commented Dec 26, 2014

    New changeset f11f84902713 by Victor Stinner in branch '3.4':
    Issue bpo-22585: On OpenBSD 5.6 and newer, os.urandom() now calls getentropy(),
    https://hg.python.org/cpython/rev/f11f84902713

    @python-dev
    Copy link
    Mannequin

    python-dev mannequin commented Mar 17, 2015

    New changeset 371deb4a5fd1 by Ned Deily in branch '3.4':
    Issue bpo-22585: make URandomFDTests test case actually run
    https://hg.python.org/cpython/rev/371deb4a5fd1

    New changeset c89f7c34e356 by Ned Deily in branch 'default':
    Issue bpo-22585: null merge
    https://hg.python.org/cpython/rev/c89f7c34e356

    New changeset 961efafe9497 by Ned Deily in branch '2.7':
    Issue bpo-22585, bpo-23115: make URandomFDTests test case actually run
    https://hg.python.org/cpython/rev/961efafe9497

    @python-dev
    Copy link
    Mannequin

    python-dev mannequin commented Mar 30, 2015

    New changeset 9d3013a383eb by Victor Stinner in branch '3.4':
    Issue bpo-22585: os.urandom() now releases the GIL when the getentropy() is used
    https://hg.python.org/cpython/rev/9d3013a383eb

    New changeset 7f1015e4277a by Victor Stinner in branch 'default':
    (Merge 3.4) Issue bpo-22585: os.urandom() now releases the GIL when the
    https://hg.python.org/cpython/rev/7f1015e4277a

    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Assignees
    No one assigned
    Labels
    type-security A security issue
    Projects
    None yet
    Milestone
    No milestone
    Development

    No branches or pull requests
    1 participant
    @vstinner