This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author vstinner
Recipients christian.heimes, neologix, pitrou, sbt, vstinner
Date 2013-08-17.21:54:28
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <CAMpsgwYCBf5G_QbYok90UMRgUMM8kZ0ti32XaRs-FWZ2SoPamQ@mail.gmail.com>
In-reply-to <CAH_1eM2=_xoFQPE2SrVjYbM9AGki7aRSyA_yFsDkMtpBRb8xNg@mail.gmail.com>
Content
openssl_prng_atfork3.patch: Why not using seconds (only micro or
nanoseconds) in the seed? Add a few more bits should not reduce the
entropy. OpenSSL does hash all these bytes anyway.

+#if 1
+    fprintf(stderr, "PySSL_RAND_atfork_child() seeds %i bytes in %i\n",
+            (int)sizeof(seed), seed.pid);
+#endif

This should be removed from the final patch ;-)

The patch is specific to pthread. Do we need something similar on
Windows. Windows has no fork, but I don't know if OpenSSL CPRNG state
can be inherited somehow? Does Python support other platforms (other
than pthread or Windows)?

Instead of using pthread_atfork(), we can add an hook in the Python
binding of OpenSSL checking the pid. I don't know which functions
should be modified. ssl.RAND_bytes() is probably not enough :-)
History
Date User Action Args
2013-08-17 21:54:28vstinnersetrecipients: + vstinner, pitrou, christian.heimes, neologix, sbt
2013-08-17 21:54:28vstinnerlinkissue18747 messages
2013-08-17 21:54:28vstinnercreate