[issue26970] Replace OpenSSL's CPRNG with system entropy source
Christian Heimes
report at bugs.python.org
Fri May 6 05:10:28 EDT 2016
New submission from Christian Heimes:
The patch adds a new RAND engine for OpenSSL. The engine uses the system's entropy source (/dev/urandom, CryptGenRandom(), getentropy() ...). The engine is automatically installed with OpenSSL as default RAND engine. The new engine fixes the fork() bug once and for all (https://gist.github.com/tiran/a9ba8c51cc7d1b75d3bc1d3f24411b4c)
The engine is a reimplementation of https://cryptography.readthedocs.io/en/latest/hazmat/backends/openssl/?highlight=engine#os-random-engine and a new take on #18747.
I have added a couple of private helper methods to the _ssl module. I'm not sure if we should keep them, remove them or make them public.
----------
components: Extension Modules
files: 0001-Add-new-CPRNG-ENGINE.patch
keywords: patch
messages: 264948
nosy: alex, christian.heimes, dstufft, giampaolo.rodola, haypo, janssen, pitrou
priority: normal
severity: normal
stage: patch review
status: open
title: Replace OpenSSL's CPRNG with system entropy source
type: security
versions: Python 3.6
Added file: http://bugs.python.org/file42747/0001-Add-new-CPRNG-ENGINE.patch
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue26970>
_______________________________________
More information about the Python-bugs-list
mailing list