On 30 July 2016 at 00:21, Victor Stinner <victor.stin...@gmail.com> wrote: > The implementation of os.getrandom() must respect the PEP 475 (retry > syscall on EINTR), so maybe we should implement the loop at the C > level.
This was my thought when reading the PEP - I'd be very surprised if I got a short read from os.getrandom() without the GRNG_RANDOM flag. > Ok, but imagine that you use the "expensive" GRNG_RANDOM (/dev/random > rather than /dev/urandom). A first call returns 4000 bytes of "high > quality" random bytes, but user requested 4096 bytes and the second > call fails. I'd say in the non-EINTR case with GRNG_RANDOM it would be reasonable to return a short read. So folks using that flag would need a Python-level loop, but folks using the kernel's CSPRNG wouldn't. Regards, Nick. -- Nick Coghlan | ncogh...@gmail.com | Brisbane, Australia _______________________________________________ Security-SIG mailing list Security-SIG@python.org https://mail.python.org/mailman/listinfo/security-sig
