New submission from Christian Heimes: The patch adds a new RAND engine for OpenSSL. The engine uses the system's entropy source (/dev/urandom, CryptGenRandom(), getentropy() ...). The engine is automatically installed with OpenSSL as default RAND engine. The new engine fixes the fork() bug once and for all (https://gist.github.com/tiran/a9ba8c51cc7d1b75d3bc1d3f24411b4c)
The engine is a reimplementation of https://cryptography.readthedocs.io/en/latest/hazmat/backends/openssl/?highlight=engine#os-random-engine and a new take on #18747. I have added a couple of private helper methods to the _ssl module. I'm not sure if we should keep them, remove them or make them public. ---------- components: Extension Modules files: 0001-Add-new-CPRNG-ENGINE.patch keywords: patch messages: 264948 nosy: alex, christian.heimes, dstufft, giampaolo.rodola, haypo, janssen, pitrou priority: normal severity: normal stage: patch review status: open title: Replace OpenSSL's CPRNG with system entropy source type: security versions: Python 3.6 Added file: http://bugs.python.org/file42747/0001-Add-new-CPRNG-ENGINE.patch _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue26970> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com