This issue tracker has been migrated to GitHub ,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2014年08月10日 23:32 by vstinner, last changed 2022年04月11日 14:58 by admin. This issue is now closed.
| Files | ||||
|---|---|---|---|---|
| File name | Uploaded | Description | Edit | |
| random.patch | vstinner, 2015年03月03日 02:04 | review | ||
| random-2.patch | vstinner, 2015年03月04日 16:38 | |||
| Messages (23) | |||
|---|---|---|---|
| msg225171 - (view) | Author: STINNER Victor (vstinner) * (Python committer) | Date: 2014年08月10日 23:32 | |
The future Linux kernel 3.17 will have a new getrandom() syscall which avoids the need of a file descriptor: http://lwn.net/Articles/606141/ The file descriptor of os.urandom() causes perfomance issues and surprising bugs: #18756, #21207. I don't know when the function will land in the libc. OpenBSD 5.6 (not released yet) will also have a new getentropy() syscall. For Python 2.7, see also the PEP 466 and the issue #21305. |
|||
| msg225363 - (view) | Author: STINNER Victor (vstinner) * (Python committer) | Date: 2014年08月15日 20:13 | |
Manual page of the OpenBSD getentropy() function: http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/getentropy.2 LibreSSL didn't wait for the libc, search for getentropy_getrandom(): http://openbsd.cs.toronto.edu/cgi-bin/cvsweb/src/lib/libcrypto/crypto/getentropy_linux.c?rev=1.32&content-type=text/x-cvsweb-markup The code is currently disabled with "#if 0". The syscall is directly used, the function doesn't handle the ENOSYS error. See also this issue of the cryptography project, "Use getentropy(2) and getrandom(2) syscalls when available 1299": https://github.com/pyca/cryptography/issues/1299 |
|||
| msg228250 - (view) | Author: (700eb415) | Date: 2014年10月02日 18:03 | |
It's worth noting that LibreSSL has now enabled the blocked code. If anyone is interested, I would be willing to help port it. |
|||
| msg228639 - (view) | Author: anand jeyahar (anand.jeyahar) | Date: 2014年10月06日 05:02 | |
Hi, This will need latest kernel to develop, fix and test. I (on Debian 7) couldn't find the latest kernel, but picked up ubuntu kernel from here http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.17-rc7-utopic/. I picked up the latest i.e: linux-image-3.17.0-031700rc7-generic_3.17.0-031700rc7.201409281835_amd64.deb and installed manually, but couldn't find the getrandom() function call either in stdlib.h or linux/random.h. Can anyone confirm it's availability in a kernel image (from some other distribution?). |
|||
| msg228645 - (view) | Author: Charles-François Natali (neologix) * (Python committer) | Date: 2014年10月06日 07:22 | |
Note that I'm not fussed about it: far from simplifying the code, it will make it more complex, thus more error-prone. |
|||
| msg228655 - (view) | Author: STINNER Victor (vstinner) * (Python committer) | Date: 2014年10月06日 10:24 | |
The Linux kernel 3.17 has been released with the new getrandom() syscall. glibc request to implement the function in the C library: https://sourceware.org/bugzilla/show_bug.cgi?id=17252 "Bug 17252 - getrandom and getentropy syscall" It looks like nobody asks for it on the libc-alpha mailing list yet. |
|||
| msg228785 - (view) | Author: Christian Heimes (christian.heimes) * (Python committer) | Date: 2014年10月08日 10:51 | |
Let's not be early adopters here. I suggest we wait until glibc has a proper interface. |
|||
| msg228790 - (view) | Author: (700eb415) | Date: 2014年10月08日 13:59 | |
OpenBSD already provides high quality pseudorandom numbers from arc4random(). I don't think this would make us "early adopters" since it has been around for some time on this platform. It's also worth mentioning that getentropy() is not recommended in use for normal code as per stated in the man page. arc4random() is recommended, but there may be a reason the first poster has recommended getentropy() |
|||
| msg228791 - (view) | Author: Antoine Pitrou (pitrou) * (Python committer) | Date: 2014年10月08日 14:06 | |
This issue is about Linux support. Does the glibc have arc4random? I can't find it on my Ubuntu 13.10 system. |
|||
| msg228792 - (view) | Author: Alex Gaynor (alex) * (Python committer) | Date: 2014年10月08日 14:20 | |
As I said on the other ticket, using arc4random() indiscriminately would be a very poor idea, on some platforms (such as OS X) arc4random() really does use ARC4, which means there are serious security concerns with it. |
|||
| msg228794 - (view) | Author: (700eb415) | Date: 2014年10月08日 14:29 | |
While I agree it may not be wise to use arc4random() globally, OpenBSD is unlikely to create a duplicate interface since it's already available. Python is currently unusable in chroots on that platform without reducing the security of the host partition by removing the nodev mount flag. I feel like there must be a good solution to this. |
|||
| msg228795 - (view) | Author: Antoine Pitrou (pitrou) * (Python committer) | Date: 2014年10月08日 14:30 | |
Since this is a Linux-specific issue (see the title), you should create a separate issue for OpenBSD support. Bonus points if you want to submit a patch as well :-) |
|||
| msg228847 - (view) | Author: STINNER Victor (vstinner) * (Python committer) | Date: 2014年10月09日 09:27 | |
This issue is specific to Linux: it depends on the Linux kernel version and we are waiting until the new syscall is available in the C library (especially the glibc). For these reasons, I prefer to open a new specific issue for OpenBSD, since they release the kernel and C library at the same time (different release process): issue #22585. OpenBSD 5.6 scheduled in one month will get the new getentropy() syscall and a new getentropy() function at the same time. |
|||
| msg228850 - (view) | Author: STINNER Victor (vstinner) * (Python committer) | Date: 2014年10月09日 09:45 | |
> Since this is a Linux-specific issue (see the title), you should create a separate issue for OpenBSD support. 700eb415 opened the issue #22542 for arc4random(). |
|||
| msg237102 - (view) | Author: STINNER Victor (vstinner) * (Python committer) | Date: 2015年03月03日 02:04 | |
Commit in the Linux kernel: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c6e9d6f38894798696f23c8084ca7edbf16ee895 -- Here is a patch to use the new getrandom() syscall of Linux 3.17 in the Python function os.urandom(). The function falls back to reading /dev/urandom if getrandom() is not supported (returns ENOSYS at runtime). On my Linux 3.18, the EINTR path is never taken. But I was able to test it manually by setting flags to GRND_RANDOM (2) and injecting many signals using signal.setitimer(): see my http://bugs.python.org/issue23285#msg237100 |
|||
| msg237190 - (view) | Author: STINNER Victor (vstinner) * (Python committer) | Date: 2015年03月04日 16:38 | |
random-2.patch: updated patch (I don't understand why random.patch doesn't apply cleanly). |
|||
| msg238440 - (view) | Author: Roundup Robot (python-dev) (Python triager) | Date: 2015年03月18日 13:42 | |
New changeset 1fc32bf069ff by Victor Stinner in branch 'default': Issue #22181: On Linux, os.urandom() now uses the new getrandom() syscall if https://hg.python.org/cpython/rev/1fc32bf069ff |
|||
| msg238504 - (view) | Author: STINNER Victor (vstinner) * (Python committer) | Date: 2015年03月19日 12:43 | |
Oh, test_os now fails on Linux because os.urandom() doesn't use a file descriptor anymore. The test should be skipped when getrandom() is used. The test is already skipped when getentropy() is used. |
|||
| msg238559 - (view) | Author: Roundup Robot (python-dev) (Python triager) | Date: 2015年03月19日 21:23 | |
New changeset 4491bdb6527b by Victor Stinner in branch 'default': Issue #22181: The availability of the getrandom() is now checked in configure, https://hg.python.org/cpython/rev/4491bdb6527b |
|||
| msg238568 - (view) | Author: Roundup Robot (python-dev) (Python triager) | Date: 2015年03月19日 22:30 | |
New changeset 8c73af0b3cd9 by Victor Stinner in branch 'default': Issue #22181: Fix dev_urandom_noraise(), try calling py_getrandom() before https://hg.python.org/cpython/rev/8c73af0b3cd9 |
|||
| msg238676 - (view) | Author: Arfrever Frehtes Taifersar Arahesis (Arfrever) * (Python triager) | Date: 2015年03月20日 14:07 | |
> New changeset 4491bdb6527b by Victor Stinner in branch 'default': > Issue #22181: The availability of the getrandom() is now checked in configure, > https://hg.python.org/cpython/rev/4491bdb6527b You forgot to run aclocal, which resulted in PKG_PROG_PKG_CONFIG not being expanded in configure. |
|||
| msg238688 - (view) | Author: Roundup Robot (python-dev) (Python triager) | Date: 2015年03月20日 15:03 | |
New changeset b8ceb071159f by Victor Stinner in branch 'default': Issue #22181: Run "aclocal; autoconf; autoheader" to regenerate configure https://hg.python.org/cpython/rev/b8ceb071159f |
|||
| msg239585 - (view) | Author: Roundup Robot (python-dev) (Python triager) | Date: 2015年03月30日 09:20 | |
New changeset 28b465d8c519 by Victor Stinner in branch 'default': Issue #22181: os.urandom() now releases the GIL when the getrandom() https://hg.python.org/cpython/rev/28b465d8c519 |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022年04月11日 14:58:06 | admin | set | github: 66377 |
| 2015年03月30日 11:42:45 | vstinner | set | status: open -> closed resolution: fixed |
| 2015年03月30日 09:20:16 | python-dev | set | messages: + msg239585 |
| 2015年03月20日 15:03:32 | python-dev | set | messages: + msg238688 |
| 2015年03月20日 14:07:42 | Arfrever | set | messages: + msg238676 |
| 2015年03月19日 22:30:20 | python-dev | set | messages: + msg238568 |
| 2015年03月19日 21:23:01 | python-dev | set | messages: + msg238559 |
| 2015年03月19日 12:43:17 | vstinner | set | status: closed -> open resolution: fixed -> (no value) messages: + msg238504 |
| 2015年03月19日 10:56:32 | Arfrever | set | stage: needs patch -> resolved |
| 2015年03月18日 13:42:55 | vstinner | set | status: open -> closed resolution: fixed |
| 2015年03月18日 13:42:37 | python-dev | set | nosy:
+ python-dev messages: + msg238440 |
| 2015年03月04日 16:38:32 | vstinner | set | files:
+ random-2.patch messages: + msg237190 |
| 2015年03月03日 02:04:17 | vstinner | set | files:
+ random.patch keywords: + patch messages: + msg237102 |
| 2014年10月09日 09:45:14 | vstinner | set | messages: + msg228850 |
| 2014年10月09日 09:27:57 | vstinner | set | messages: + msg228847 |
| 2014年10月09日 09:23:14 | vstinner | set | type: enhancement -> security |
| 2014年10月08日 14:30:54 | pitrou | set | messages: + msg228795 |
| 2014年10月08日 14:29:56 | 700eb415 | set | messages: + msg228794 |
| 2014年10月08日 14:20:22 | alex | set | messages: + msg228792 |
| 2014年10月08日 14:06:54 | pitrou | set | nosy:
+ pitrou messages: + msg228791 |
| 2014年10月08日 14:04:05 | Arfrever | set | nosy:
+ Arfrever |
| 2014年10月08日 13:59:57 | 700eb415 | set | messages: + msg228790 |
| 2014年10月08日 10:51:20 | christian.heimes | set | messages: + msg228785 |
| 2014年10月06日 11:46:04 | jwilk | set | nosy:
+ jwilk |
| 2014年10月06日 10:24:01 | vstinner | set | messages: + msg228655 |
| 2014年10月06日 07:22:32 | neologix | set | messages: + msg228645 |
| 2014年10月06日 05:02:37 | anand.jeyahar | set | nosy:
+ anand.jeyahar messages: + msg228639 |
| 2014年10月02日 18:03:18 | 700eb415 | set | nosy:
+ 700eb415 messages: + msg228250 |
| 2014年08月18日 00:22:24 | josh.r | set | nosy:
+ josh.r |
| 2014年08月15日 20:13:55 | vstinner | set | messages: + msg225363 |
| 2014年08月11日 09:12:26 | christian.heimes | set | nosy:
+ christian.heimes |
| 2014年08月10日 23:42:57 | pitrou | set | type: enhancement stage: needs patch |
| 2014年08月10日 23:42:25 | pitrou | set | nosy:
+ neologix |
| 2014年08月10日 23:34:42 | alex | set | nosy:
+ alex |
| 2014年08月10日 23:32:43 | vstinner | create | |