blob: 81361f5abd005c3646b70c74c9742fe0d5ce7e1e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
.. hazmat::
OpenSSL Backend
===============
The `OpenSSL`_ C library.
.. data:: cryptography.hazmat.backends.openssl.backend
This is the exposed API for the OpenSSL backend.
.. attribute:: name
The string name of this backend: ``"openssl"``
.. method:: register_osrandom_engine()
Registers the OS random engine as default. This will effectively
disable OpenSSL's default CSPRNG.
.. method:: unregister_osrandom_engine()
Unregisters the OS random engine if it is default. This will restore
the default OpenSSL CSPRNG. If the OS random engine is not the default
engine (e.g. if another engine is set as default) nothing will be
changed.
OS Random Engine
----------------
OpenSSL uses a user-space CSPRNG that is seeded from system random (
``/dev/urandom`` or ``CryptGenRandom``). This CSPRNG is not reseeded
automatically when a process calls ``fork()``. This can result in situations
where two different processes can return similar or identical keys and
compromise the security of the system.
The approach this project has chosen to mitigate this vulnerability is to
include an engine that replaces the OpenSSL default CSPRNG with one that sources
its entropy from ``/dev/urandom`` on UNIX-like operating systems and uses
``CryptGenRandom`` on Windows. This method of pulling from the system pool
allows us to avoid potential issues with `initializing the RNG`_ as well as
protecting us from the ``fork()`` weakness.
This engine is **active** by default when importing the OpenSSL backend. When
active this engine will be used to generate all the random data OpenSSL
requests.
If you wish to deactivate the engine you may call
``unregister_osrandom_engine()`` on the backend object.
When importing only the binding it is added to the engine list but
**not activated**.
OS Random Sources
-----------------
On OS X and FreeBSD ``/dev/urandom`` is an alias for ``/dev/random`` and
utilizes the `Yarrow`_ algorithm.
On Windows ``CryptGenRandom`` is backed by `Fortuna`_.
Linux uses its own PRNG design. ``/dev/urandom`` is a non-blocking source seeded
from the same pool as ``/dev/random``.
.. _`OpenSSL`: https://www.openssl.org/
.. _`initializing the RNG`: http://en.wikipedia.org/wiki/OpenSSL#Vulnerability_in_the_Debian_implementation
.. _`Yarrow`: http://en.wikipedia.org/wiki/Yarrow_algorithm
.. _`Fortuna`: http://en.wikipedia.org/wiki/Fortuna_(PRNG)
|
