[issue26970] Replace OpenSSL's CPRNG with system entropy source

2017-02-21 Thread Christian Heimes
Christian Heimes added the comment: Let's not overcomplicate Python's ssl module any more. I was part of an effort to provide an osrandom engine for PyCA cryptography. I'm going to port the engine to OpenSSL. -- resolution: -> wont fix stage: patch review -> resolved status: open ->

[issue26970] Replace OpenSSL's CPRNG with system entropy source

2016-09-15 Thread Christian Heimes
Changes by Christian Heimes : -- assignee: -> christian.heimes components: +SSL ___ Python tracker ___

[issue26970] Replace OpenSSL's CPRNG with system entropy source

2016-09-07 Thread Christian Heimes
Christian Heimes added the comment: No, it won't make it into 3.6. My patch is far from ready. -- versions: +Python 3.7 -Python 3.6 ___ Python tracker

[issue26970] Replace OpenSSL's CPRNG with system entropy source

2016-09-06 Thread Nick Coghlan
Nick Coghlan added the comment: Christian, is this still a change you'd like to make for 3.6? (I don't recall seeing it in your list of pending ssl modules patches) -- nosy: +ncoghlan ___ Python tracker

[issue26970] Replace OpenSSL's CPRNG with system entropy source

2016-05-20 Thread Christian Heimes
Christian Heimes added the comment: My remark was ambiguous. I meant that I have to create an second implementation of _PyOS_URandom and use it in _ssl_osrandom_bytes. Let's discuss the details on IRC after PyCon. I'm busy with preparations. -- ___

[issue26970] Replace OpenSSL's CPRNG with system entropy source

2016-05-14 Thread STINNER Victor
STINNER Victor added the comment: > I have to replace _PyOS_URandom with a variant that doesn't need the GIL Please don't replace it, but add a new function which report errors differently. Which kind of granularity do you expect for the error reporting? Just a boolean (success or failure)?

[issue26970] Replace OpenSSL's CPRNG with system entropy source

2016-05-12 Thread Christian Heimes
Christian Heimes added the comment: I have to replace _PyOS_URandom with a variant that doesn't need the GIL, https://mail.python.org/pipermail/cryptography-dev/2016-May/000595.html -- ___ Python tracker

[issue26970] Replace OpenSSL's CPRNG with system entropy source

2016-05-06 Thread Antoine Pitrou
Antoine Pitrou added the comment: Then I'd say just keep them private. -- ___ Python tracker ___ ___

[issue26970] Replace OpenSSL's CPRNG with system entropy source

2016-05-06 Thread Christian Heimes
Christian Heimes added the comment: I have used the helper methods during development. They are also used in unit tests. -- ___ Python tracker ___

[issue26970] Replace OpenSSL's CPRNG with system entropy source

2016-05-06 Thread Antoine Pitrou
Antoine Pitrou added the comment: What are the helper methods good for? I don't think we want to expose them for now. -- ___ Python tracker ___

[issue26970] Replace OpenSSL's CPRNG with system entropy source

2016-05-06 Thread Christian Heimes
New submission from Christian Heimes: The patch adds a new RAND engine for OpenSSL. The engine uses the system's entropy source (/dev/urandom, CryptGenRandom(), getentropy() ...). The engine is automatically installed with OpenSSL as default RAND engine. The new engine fixes the fork() bug

[issue26970] Replace OpenSSL's CPRNG with system entropy source

2016-05-06 Thread Cory Benfield
Changes by Cory Benfield : -- nosy: +Lukasa ___ Python tracker ___ ___ Python-bugs-list