[New-bugs-announce] [issue26970] Replace OpenSSL's CPRNG with system entropy source

Christian Heimes report at bugs.python.org
Fri May 6 05:10:27 EDT 2016

New submission from Christian Heimes:

The patch adds a new RAND engine for OpenSSL. The engine uses the system's entropy source (/dev/urandom, CryptGenRandom(), getentropy() ...). The engine is automatically installed with OpenSSL as default RAND engine. The new engine fixes the fork() bug once and for all (https://gist.github.com/tiran/a9ba8c51cc7d1b75d3bc1d3f24411b4c)

The engine is a reimplementation of https://cryptography.readthedocs.io/en/latest/hazmat/backends/openssl/?highlight=engine#os-random-engine and a new take on #18747.

I have added a couple of private helper methods to the _ssl module. I'm not sure if we should keep them, remove them or make them public.

components: Extension Modules
files: 0001-Add-new-CPRNG-ENGINE.patch
keywords: patch
messages: 264948
nosy: alex, christian.heimes, dstufft, giampaolo.rodola, haypo, janssen, pitrou
priority: normal
severity: normal
stage: patch review
status: open
title: Replace OpenSSL's CPRNG with system entropy source
type: security
versions: Python 3.6
Added file: http://bugs.python.org/file42747/0001-Add-new-CPRNG-ENGINE.patch

Python tracker <report at bugs.python.org>

More information about the New-bugs-announce mailing list