Author vstinner
Recipients christian.heimes, ncoghlan, vstinner
Date 2017-01-05.10:51:59
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1483613520.21.0.0781858278922.issue29157@psf.upfronthosting.co.za>
In-reply-to
Content
New patch (version 2), much larger: it refactors the code, not only fix this specific issue (prefer getrandom() over getentropy()). Changes since getentropy.patch:

* Add a lot of comments to explain in depth how each function is implemented, which errors are handled, etc. It should help to audit the code: this code is very critical for security and so should be, IMHO, well documented.

* handle also EPERM and EINTR errors in getentropy(): retry on EINTR, fallback on /dev/urandom on EPERM -- sadly, I don't have access to a system with getentropy() to test this part of the code.

* call py_getrandom() and py_getentropy() in pyurandom() to make dev_urandom() simpler and so easy to review: dev_urandom() looses its blocking parameter

* Document the cached file descriptor, and cached st_dev+st_ino in dev_urandom().

* Document explicitly that functions are retried on EINTR error. Document that only getrandom() supports non-blocking mode. Document why we prefer an entropy source over others.

I'm not sure that getentropy() can fail with EPERM or EINTR in practice, but it shouldn't harm to handle correctly these errors :-) At least, getentropy() can fail with these errors on Linux since the glibc implements the getentropy() function using the getrandom() syscall (and it's known that getrandom() can fail with these errors). But on Linux, the code now prefers getrandom() over getentropy().

Should we use the new shiny code on all Python versions? Or only fix the reported issue on all Python issues, and use the refactored code in Python default?

Note: Python 2.7 still supports VMS. VMS is unsupported in Python 3.3 and the VMS code was removed in Python 3.4 (issue 16136): see the PEP 11.

I suggest to use the same code on all maintained Python versions to ease maintenance.
History
Date User Action Args
2017-01-05 10:52:00vstinnersetrecipients: + vstinner, ncoghlan, christian.heimes
2017-01-05 10:52:00vstinnersetmessageid: <1483613520.21.0.0781858278922.issue29157@psf.upfronthosting.co.za>
2017-01-05 10:52:00vstinnerlinkissue29157 messages
2017-01-05 10:52:00vstinnercreate