blob: f15bc282e509ce76cbf5e7702273b6f9c5406622 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
.. hazmat::
OpenSSL backend
===============
The `OpenSSL`_ C library. Cryptography supports version ``0.9.8e`` (present in
Red Hat Enterprise Linux 5) and greater. Earlier versions may work but are
**not tested or supported**.
.. data:: cryptography.hazmat.backends.openssl.backend
This is the exposed API for the OpenSSL backend.
It implements the following interfaces:
* :class:`~cryptography.hazmat.backends.interfaces.CipherBackend`
* :class:`~cryptography.hazmat.backends.interfaces.DSABackend`
* :class:`~cryptography.hazmat.backends.interfaces.HashBackend`
* :class:`~cryptography.hazmat.backends.interfaces.HMACBackend`
* :class:`~cryptography.hazmat.backends.interfaces.PBKDF2HMACBackend`
* :class:`~cryptography.hazmat.backends.interfaces.RSABackend`
It also exposes the following:
.. attribute:: name
The string name of this backend: ``"openssl"``
.. method:: activate_osrandom_engine()
Activates the OS random engine. This will effectively disable OpenSSL's
default CSPRNG.
.. method:: activate_builtin_random()
This will activate the default OpenSSL CSPRNG.
OS random engine
----------------
OpenSSL uses a user-space CSPRNG that is seeded from system random (
``/dev/urandom`` or ``CryptGenRandom``). This CSPRNG is not reseeded
automatically when a process calls ``fork()``. This can result in situations
where two different processes can return similar or identical keys and
compromise the security of the system.
The approach this project has chosen to mitigate this vulnerability is to
include an engine that replaces the OpenSSL default CSPRNG with one that sources
its entropy from ``/dev/urandom`` on UNIX-like operating systems and uses
``CryptGenRandom`` on Windows. This method of pulling from the system pool
allows us to avoid potential issues with `initializing the RNG`_ as well as
protecting us from the ``fork()`` weakness.
This engine is **active** by default when importing the OpenSSL backend. When
active this engine will be used to generate all the random data OpenSSL
requests.
When importing only the binding it is added to the engine list but
**not activated**.
OS random sources
-----------------
On OS X and FreeBSD ``/dev/urandom`` is an alias for ``/dev/random`` and
utilizes the `Yarrow`_ algorithm.
On Windows the implementation of ``CryptGenRandom`` depends on which version of
the operation system you are using. See the `Microsoft documentation`_ for more
details.
Linux uses its own PRNG design. ``/dev/urandom`` is a non-blocking source seeded
from the same pool as ``/dev/random``.
.. _`OpenSSL`: https://www.openssl.org/
.. _`initializing the RNG`: https://en.wikipedia.org/wiki/OpenSSL#Predictable_keys_.28Debian-specific.29
.. _`Yarrow`: http://en.wikipedia.org/wiki/Yarrow_algorithm
.. _`Microsoft documentation`: http://msdn.microsoft.com/en-us/library/windows/desktop/aa379942(v=vs.85).aspx
|
