Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New osrandom_engine in C #3229

Merged
merged 12 commits into from Dec 9, 2016
5 changes: 3 additions & 2 deletions LICENSE
Expand Up @@ -2,5 +2,6 @@ This software is made available under the terms of *either* of the licenses
found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made
under the terms of *both* these licenses.

The code used in the OpenSSL locking callback is derived from the same in
Python itself, and is licensed under the terms of the PSF License Agreement.
The code used in the OpenSSL locking callback and OS random engine is derived
from the same in CPython itself, and is licensed under the terms of the PSF
License Agreement.
21 changes: 21 additions & 0 deletions docs/hazmat/backends/openssl.rst
Expand Up @@ -40,6 +40,12 @@ greater.
Activates the OS random engine. This will effectively disable OpenSSL's
default CSPRNG.

.. method:: osrandom_engine_implementation()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

.. versionadded:: 1.7 please

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed


.. versionadded:: 1.7

Returns the implementation of OS random engine.

.. method:: activate_builtin_random()

This will activate the default OpenSSL CSPRNG.
Expand Down Expand Up @@ -81,6 +87,21 @@ details.
Linux uses its own PRNG design. ``/dev/urandom`` is a non-blocking source
seeded from the same pool as ``/dev/random``.

+------------------------------------------+------------------------------+
| Windows | ``CryptGenRandom()`` |
+------------------------------------------+------------------------------+
| Linux >= 3.4.17 with working | ``getrandom(GRND_NONBLOCK)`` |
| ``SYS_getrandom`` syscall | |
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can drop the leading SYS here.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unless you really insist, I'd rather keep SYS_getrandom because that is what the random engine actually uses. It's going to make it easier to distinguish between platforms with the syscall and platforms with a glibc wrapper later.

+------------------------------------------+------------------------------+
| OpenBSD >= 5.6 | ``getentropy()`` |
+------------------------------------------+------------------------------+
| BSD family (including macOS 10.12+) with | ``getentropy()`` |
| ``SYS_getentropy`` in ``sys/syscall.h`` | |
+------------------------------------------+------------------------------+
| fallback | ``/dev/urandom`` with |
| | cached file descriptor |
+------------------------------------------+------------------------------+


.. _`OpenSSL`: https://www.openssl.org/
.. _`initializing the RNG`: https://en.wikipedia.org/wiki/OpenSSL#Predictable_private_keys_.28Debian-specific.29
Expand Down
4 changes: 4 additions & 0 deletions docs/spelling_wordlist.txt
Expand Up @@ -33,6 +33,7 @@ Docstrings
El
Encodings
endian
fallback
Fernet
fernet
FIPS
Expand All @@ -53,12 +54,14 @@ Mozilla
multi
namespace
namespaces
macOS
naïve
Nonces
nonces
online
paddings
Parallelization
personalization
pickleable
plaintext
pre
Expand All @@ -75,6 +78,7 @@ serializer
Serializers
SHA
Solaris
syscall
Tanja
testability
tunable
Expand Down
1 change: 1 addition & 0 deletions src/_cffi_src/build_openssl.py
Expand Up @@ -68,6 +68,7 @@ def _osx_libraries(build_static):
"objects",
"ocsp",
"opensslv",
"osrandom_engine",
"pem",
"pkcs12",
"rand",
Expand Down
29 changes: 29 additions & 0 deletions src/_cffi_src/openssl/osrandom_engine.py
@@ -0,0 +1,29 @@
# This file is dual licensed under the terms of the Apache License, Version
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
# for complete details.

from __future__ import absolute_import, division, print_function

import os

HERE = os.path.dirname(os.path.abspath(__file__))

with open(os.path.join(HERE, "src/osrandom_engine.h")) as f:
INCLUDES = f.read()

TYPES = """
static const char *const Cryptography_osrandom_engine_name;
static const char *const Cryptography_osrandom_engine_id;
"""

FUNCTIONS = """
int Cryptography_add_osrandom_engine(void);
"""

MACROS = """
"""

with open(os.path.join(HERE, "src/osrandom_engine.c")) as f:
CUSTOMIZATIONS = f.read()

CONDITIONAL_NAMES = {}