[issue22181] os.urandom() should use Linux 3.17 getrandom() syscall

[STINNER Victor]

Changes by STINNER Victor :


--
resolution:  -> fixed
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue22181] os.urandom() should use Linux 3.17 getrandom() syscall

[Roundup Robot]

Roundup Robot added the comment:

New changeset 28b465d8c519 by Victor Stinner in branch 'default':
Issue #22181: os.urandom() now releases the GIL when the getrandom()
https://hg.python.org/cpython/rev/28b465d8c519

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue22181] os.urandom() should use Linux 3.17 getrandom() syscall

[Roundup Robot]

Roundup Robot added the comment:

New changeset b8ceb071159f by Victor Stinner in branch 'default':
Issue #22181: Run "aclocal; autoconf; autoheader" to regenerate configure
https://hg.python.org/cpython/rev/b8ceb071159f

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue22181] os.urandom() should use Linux 3.17 getrandom() syscall

[Arfrever Frehtes Taifersar Arahesis]

Arfrever Frehtes Taifersar Arahesis added the comment:

> New changeset 4491bdb6527b by Victor Stinner in branch 'default':
> Issue #22181: The availability of the getrandom() is now checked in configure,
> https://hg.python.org/cpython/rev/4491bdb6527b

You forgot to run aclocal, which resulted in PKG_PROG_PKG_CONFIG not being 
expanded in configure.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue22181] os.urandom() should use Linux 3.17 getrandom() syscall

[Roundup Robot]

Roundup Robot added the comment:

New changeset 8c73af0b3cd9 by Victor Stinner in branch 'default':
Issue #22181: Fix dev_urandom_noraise(), try calling py_getrandom() before
https://hg.python.org/cpython/rev/8c73af0b3cd9

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue22181] os.urandom() should use Linux 3.17 getrandom() syscall

[Roundup Robot]

Roundup Robot added the comment:

New changeset 4491bdb6527b by Victor Stinner in branch 'default':
Issue #22181: The availability of the getrandom() is now checked in configure,
https://hg.python.org/cpython/rev/4491bdb6527b

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue22181] os.urandom() should use Linux 3.17 getrandom() syscall

[STINNER Victor]

STINNER Victor added the comment:

Oh, test_os now fails on Linux because os.urandom() doesn't use a file 
descriptor anymore. The test should be skipped when getrandom() is used. The 
test is already skipped when getentropy() is used.

--
resolution: fixed -> 
status: closed -> open

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue22181] os.urandom() should use Linux 3.17 getrandom() syscall

[Arfrever Frehtes Taifersar Arahesis]

Changes by Arfrever Frehtes Taifersar Arahesis :


--
stage: needs patch -> resolved

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue22181] os.urandom() should use Linux 3.17 getrandom() syscall

[STINNER Victor]

Changes by STINNER Victor :


--
resolution:  -> fixed
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue22181] os.urandom() should use Linux 3.17 getrandom() syscall

[Roundup Robot]

Roundup Robot added the comment:

New changeset 1fc32bf069ff by Victor Stinner in branch 'default':
Issue #22181: On Linux, os.urandom() now uses the new getrandom() syscall if
https://hg.python.org/cpython/rev/1fc32bf069ff

--
nosy: +python-dev

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue22181] os.urandom() should use Linux 3.17 getrandom() syscall

[STINNER Victor]

STINNER Victor added the comment:

random-2.patch: updated patch (I don't understand why random.patch doesn't 
apply cleanly).

--
Added file: http://bugs.python.org/file38330/random-2.patch

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue22181] os.urandom() should use Linux 3.17 getrandom() syscall

[STINNER Victor]

STINNER Victor added the comment:

Commit in the Linux kernel:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c6e9d6f38894798696f23c8084ca7edbf16ee895

--

Here is a patch to use the new getrandom() syscall of Linux 3.17 in the Python 
function os.urandom().

The function falls back to reading /dev/urandom if getrandom() is not supported 
(returns ENOSYS at runtime).

On my Linux 3.18, the EINTR path is never taken. But I was able to test it 
manually by setting flags to GRND_RANDOM (2) and injecting many signals using 
signal.setitimer(): see my http://bugs.python.org/issue23285#msg237100

--
keywords: +patch
Added file: http://bugs.python.org/file38310/random.patch

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue22181] os.urandom() should use Linux 3.17 getrandom() syscall

[STINNER Victor]

STINNER Victor added the comment:

> Since this is a Linux-specific issue (see the title), you should create a 
> separate issue for OpenBSD support.

700eb415 opened the issue #22542 for arc4random().

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue22181] os.urandom() should use Linux 3.17 getrandom() syscall

[STINNER Victor]

STINNER Victor added the comment:

This issue is specific to Linux: it depends on the Linux kernel version and we 
are waiting until the new syscall is available in the C library (especially the 
glibc). For these reasons, I prefer to open a new specific issue for OpenBSD, 
since they release the kernel and C library at the same time (different release 
process): issue #22585. OpenBSD 5.6 scheduled in one month will get the new 
getentropy() syscall and a new getentropy() function at the same time.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue22181] os.urandom() should use Linux 3.17 getrandom() syscall

[STINNER Victor]

Changes by STINNER Victor :


--
type: enhancement -> security

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue22181] os.urandom() should use Linux 3.17 getrandom() syscall

[Antoine Pitrou]

Antoine Pitrou added the comment:

Since this is a Linux-specific issue (see the title), you should create a 
separate issue for OpenBSD support. Bonus points if you want to submit a patch 
as well :-)

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue22181] os.urandom() should use Linux 3.17 getrandom() syscall

[700eb415]

700eb415 added the comment:

While I agree it may not be wise to use arc4random() globally, OpenBSD is 
unlikely to create a duplicate interface since it's already available.

Python is currently unusable in chroots on that platform without reducing the 
security of the host partition by removing the nodev mount flag.

I feel like there must be a good solution to this.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue22181] os.urandom() should use Linux 3.17 getrandom() syscall

[Alex Gaynor]

Alex Gaynor added the comment:

As I said on the other ticket, using arc4random() indiscriminately would be a 
very poor idea, on some platforms (such as OS X) arc4random() really does use 
ARC4, which means there are serious security concerns with it.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue22181] os.urandom() should use Linux 3.17 getrandom() syscall

[Antoine Pitrou]

Antoine Pitrou added the comment:

This issue is about Linux support. Does the glibc have arc4random? I can't find 
it on my Ubuntu 13.10 system.

--
nosy: +pitrou

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue22181] os.urandom() should use Linux 3.17 getrandom() syscall

[Arfrever Frehtes Taifersar Arahesis]

Changes by Arfrever Frehtes Taifersar Arahesis :


--
nosy: +Arfrever

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue22181] os.urandom() should use Linux 3.17 getrandom() syscall

[700eb415]

700eb415 added the comment:

OpenBSD already provides high quality pseudorandom numbers from arc4random(). I 
don't think this would make us "early adopters" since it has been around for 
some time on this platform.

It's also worth mentioning that getentropy() is not recommended in use for 
normal code as per stated in the man page. arc4random() is recommended, but 
there may be a reason the first poster has recommended getentropy()

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue22181] os.urandom() should use Linux 3.17 getrandom() syscall

[Christian Heimes]

Christian Heimes added the comment:

Let's not be early adopters here. I suggest we wait until glibc has a proper 
interface.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue22181] os.urandom() should use Linux 3.17 getrandom() syscall

[Jakub Wilk]

Changes by Jakub Wilk :


--
nosy: +jwilk

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue22181] os.urandom() should use Linux 3.17 getrandom() syscall

[STINNER Victor]

STINNER Victor added the comment:

The Linux kernel 3.17 has been released with the new getrandom() syscall.

glibc request to implement the function in the C library:
https://sourceware.org/bugzilla/show_bug.cgi?id=17252
"Bug 17252 - getrandom and getentropy syscall"

It looks like nobody asks for it on the libc-alpha mailing list yet.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue22181] os.urandom() should use Linux 3.17 getrandom() syscall

[Charles-François Natali]

Charles-François Natali added the comment:

Note that I'm not fussed about it: far from simplifying the code, it
will make it more complex, thus more error-prone.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue22181] os.urandom() should use Linux 3.17 getrandom() syscall

[anand jeyahar]

anand jeyahar added the comment:

Hi, 
   This will need latest kernel to develop, fix and test. I (on Debian 7) 
couldn't find the latest kernel, but picked up ubuntu kernel from here 
http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.17-rc7-utopic/. I picked up 
the latest i.e: 
linux-image-3.17.0-031700rc7-generic_3.17.0-031700rc7.201409281835_amd64.deb 
and installed manually, but couldn't find the getrandom() function call either 
in stdlib.h or linux/random.h. 

Can anyone confirm it's availability in a kernel image (from some other 
distribution?).

--
nosy: +anand.jeyahar

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue22181] os.urandom() should use Linux 3.17 getrandom() syscall

[700eb415]

700eb415 added the comment:

It's worth noting that LibreSSL has now enabled the blocked code. If anyone is 
interested, I would be willing to help port it.

--
nosy: +700eb415

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue22181] os.urandom() should use Linux 3.17 getrandom() syscall

[Josh Rosenberg]

Changes by Josh Rosenberg :


--
nosy: +josh.rosenberg

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue22181] os.urandom() should use Linux 3.17 getrandom() syscall

[STINNER Victor]

STINNER Victor added the comment:

Manual page of the OpenBSD getentropy() function:
http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/getentropy.2

LibreSSL didn't wait for the libc, search for getentropy_getrandom():
http://openbsd.cs.toronto.edu/cgi-bin/cvsweb/src/lib/libcrypto/crypto/getentropy_linux.c?rev=1.32&content-type=text/x-cvsweb-markup

The code is currently disabled with "#if 0". The syscall is directly used, the 
function doesn't handle the ENOSYS error.

See also this issue of the cryptography project, "Use getentropy(2) and 
getrandom(2) syscalls when available 1299":
https://github.com/pyca/cryptography/issues/1299

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue22181] os.urandom() should use Linux 3.17 getrandom() syscall

[Christian Heimes]

Changes by Christian Heimes :


--
nosy: +christian.heimes

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue22181] os.urandom() should use Linux 3.17 getrandom() syscall

[Antoine Pitrou]

Changes by Antoine Pitrou :


--
nosy: +neologix

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue22181] os.urandom() should use Linux 3.17 getrandom() syscall

[Antoine Pitrou]

Changes by Antoine Pitrou :


--
stage:  -> needs patch
type:  -> enhancement

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue22181] os.urandom() should use Linux 3.17 getrandom() syscall

[Alex Gaynor]

Changes by Alex Gaynor :


--
nosy: +alex

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue22181] os.urandom() should use Linux 3.17 getrandom() syscall

[STINNER Victor]

New submission from STINNER Victor:

The future Linux kernel 3.17 will have a new getrandom() syscall which avoids 
the need of a file descriptor:
http://lwn.net/Articles/606141/

The file descriptor of os.urandom() causes perfomance issues and surprising 
bugs: #18756, #21207.

I don't know when the function will land in the libc.

OpenBSD 5.6 (not released yet) will also have a new getentropy() syscall.

For Python 2.7, see also the PEP 466 and the issue #21305.

--
messages: 225171
nosy: haypo
priority: normal
severity: normal
status: open
title: os.urandom() should use Linux 3.17 getrandom() syscall
versions: Python 3.5

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com