Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / 1252dec0c85cd3cb9ea70dcb0ac2a4afc976f2ce / . / docs / hazmat / backends / openssl.rst
blob: 8bc7dac5490bd713755d98961f1e12d2ad25fdbc [file] [log] [blame]
Alex Gaynoraf82d5e2013-10-29 17:07:24 -0700[diff] [blame]1.. hazmat::
Alex Gaynor0f7f7812013-09-30 10:52:36 -0700[diff] [blame]2
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]3OpenSSL backend
Alex Gaynor8f42fe42013-12-24 13:15:52 -0800[diff] [blame]4===============
Donald Stuffte51fb932013-10-27 17:26:17 -0400[diff] [blame]5
Alex Gaynor1252dec2016-06-18 11:11:57 -0400[diff] [blame^]6The `OpenSSL`_ C library. Cryptography supports OpenSSL version ``1.0.0`` and
7greater.
Alex Gaynor6d02e2d2013-09-30 10:37:22 -0700[diff] [blame]8
Alex Gaynorf8796b12013-12-13 20:28:55 -0800[diff] [blame]9.. data:: cryptography.hazmat.backends.openssl.backend
Alex Gaynor6d02e2d2013-09-30 10:37:22 -0700[diff] [blame]10
Paul Kehrer3f17c7c2014-01-20 16:32:26 -0600[diff] [blame]11 This is the exposed API for the OpenSSL backend.
Paul Kehrer2502ce52014-01-18 09:32:47 -0600[diff] [blame]12
Alex Gaynor031c2cb2014-01-31 11:44:53 -0800[diff] [blame]13 It implements the following interfaces:
14
15 * :class:`~cryptography.hazmat.backends.interfaces.CipherBackend`
Paul Kehrer3d754292014-05-01 09:09:34 -0500[diff] [blame]16 * :class:`~cryptography.hazmat.backends.interfaces.CMACBackend`
Paul Kehrer99a249d2015-01-04 15:55:22 -0600[diff] [blame]17 * :class:`~cryptography.hazmat.backends.interfaces.DERSerializationBackend`
Mohammed Attia59edb612014-04-25 22:44:40 +0200[diff] [blame]18 * :class:`~cryptography.hazmat.backends.interfaces.DSABackend`
Terry Chia7b59df12014-12-28 20:46:26 +0800[diff] [blame]19 * :class:`~cryptography.hazmat.backends.interfaces.EllipticCurveBackend`
Alex Gaynor031c2cb2014-01-31 11:44:53 -0800[diff] [blame]20 * :class:`~cryptography.hazmat.backends.interfaces.HashBackend`
21 * :class:`~cryptography.hazmat.backends.interfaces.HMACBackend`
22 * :class:`~cryptography.hazmat.backends.interfaces.PBKDF2HMACBackend`
Alex Stapleton8f2250f2014-02-08 12:24:02 +0000[diff] [blame]23 * :class:`~cryptography.hazmat.backends.interfaces.RSABackend`
Terry Chia7b59df12014-12-28 20:46:26 +0800[diff] [blame]24 * :class:`~cryptography.hazmat.backends.interfaces.PEMSerializationBackend`
25 * :class:`~cryptography.hazmat.backends.interfaces.X509Backend`
Alex Gaynor031c2cb2014-01-31 11:44:53 -0800[diff] [blame]26
Paul Kehrere4acd5d2014-02-03 21:59:29 -0600[diff] [blame]27 It also exposes the following:
Paul Kehrer2502ce52014-01-18 09:32:47 -0600[diff] [blame]28
Paul Kehrercfa2d622014-01-19 14:01:25 -0600[diff] [blame]29 .. attribute:: name
Paul Kehrer2502ce52014-01-18 09:32:47 -0600[diff] [blame]30
Paul Kehrercfa2d622014-01-19 14:01:25 -0600[diff] [blame]31 The string name of this backend: ``"openssl"``
Alex Gaynor6d02e2d2013-09-30 10:37:22 -0700[diff] [blame]32
Paul Kehrerd52b89b2014-01-31 10:57:17 -0600[diff] [blame]33 .. method:: activate_osrandom_engine()
Paul Kehrer3f17c7c2014-01-20 16:32:26 -0600[diff] [blame]34
Paul Kehrerd52b89b2014-01-31 10:57:17 -0600[diff] [blame]35 Activates the OS random engine. This will effectively disable OpenSSL's
36 default CSPRNG.
Paul Kehrer3f17c7c2014-01-20 16:32:26 -0600[diff] [blame]37
Paul Kehrerd2582222014-02-05 16:21:19 -0600[diff] [blame]38 .. method:: activate_builtin_random()
Paul Kehrer3f17c7c2014-01-20 16:32:26 -0600[diff] [blame]39
Paul Kehrerd2582222014-02-05 16:21:19 -0600[diff] [blame]40 This will activate the default OpenSSL CSPRNG.
Paul Kehrer3f17c7c2014-01-20 16:32:26 -0600[diff] [blame]41
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]42OS random engine
Paul Kehrer3f17c7c2014-01-20 16:32:26 -0600[diff] [blame]43----------------
44
Alex Gaynor01c634c2016-04-21 18:47:54 -0400[diff] [blame]45By default OpenSSL uses a user-space CSPRNG that is seeded from system random (
Paul Kehrer136ff172014-01-29 21:23:11 -0600[diff] [blame]46``/dev/urandom`` or ``CryptGenRandom``). This CSPRNG is not reseeded
47automatically when a process calls ``fork()``. This can result in situations
48where two different processes can return similar or identical keys and
49compromise the security of the system.
Paul Kehrer3f17c7c2014-01-20 16:32:26 -0600[diff] [blame]50
Paul Kehrer136ff172014-01-29 21:23:11 -0600[diff] [blame]51The approach this project has chosen to mitigate this vulnerability is to
Alex Gaynor969f18e2014-05-17 20:07:35 -0700[diff] [blame]52include an engine that replaces the OpenSSL default CSPRNG with one that
53sources its entropy from ``/dev/urandom`` on UNIX-like operating systems and
54uses ``CryptGenRandom`` on Windows. This method of pulling from the system pool
Paul Kehrer136ff172014-01-29 21:23:11 -0600[diff] [blame]55allows us to avoid potential issues with `initializing the RNG`_ as well as
56protecting us from the ``fork()`` weakness.
57
Paul Kehrer8042b292014-01-31 10:44:36 -0600[diff] [blame]58This engine is **active** by default when importing the OpenSSL backend. When
59active this engine will be used to generate all the random data OpenSSL
60requests.
61
Paul Kehrer8042b292014-01-31 10:44:36 -0600[diff] [blame]62When importing only the binding it is added to the engine list but
63**not activated**.
64
Paul Kehrer3f17c7c2014-01-20 16:32:26 -0600[diff] [blame]65
Alex Stapletonc5fffd32014-03-18 15:29:00 +0000[diff] [blame]66OS random sources
Paul Kehrer55809a12014-01-29 21:41:16 -0600[diff] [blame]67-----------------
Paul Kehrer9967bc52014-01-29 21:39:13 -0600[diff] [blame]68
69On OS X and FreeBSD ``/dev/urandom`` is an alias for ``/dev/random`` and
70utilizes the `Yarrow`_ algorithm.
71
Paul Kehrer012bfbc2014-02-11 23:37:51 -0600[diff] [blame]72On Windows the implementation of ``CryptGenRandom`` depends on which version of
Paul Kehrer039b4782014-02-11 23:50:56 -0600[diff] [blame]73the operation system you are using. See the `Microsoft documentation`_ for more
Paul Kehrer012bfbc2014-02-11 23:37:51 -0600[diff] [blame]74details.
Paul Kehrer9967bc52014-01-29 21:39:13 -0600[diff] [blame]75
Alex Gaynor969f18e2014-05-17 20:07:35 -0700[diff] [blame]76Linux uses its own PRNG design. ``/dev/urandom`` is a non-blocking source
77seeded from the same pool as ``/dev/random``.
Paul Kehrer9967bc52014-01-29 21:39:13 -0600[diff] [blame]78
79
Alex Gaynor6d02e2d2013-09-30 10:37:22 -0700[diff] [blame]80.. _`OpenSSL`: https://www.openssl.org/
Alex Gaynor677c5312015-06-20 20:53:50 -0400[diff] [blame]81.. _`initializing the RNG`: https://en.wikipedia.org/wiki/OpenSSL#Predictable_private_keys_.28Debian-specific.29
Alex Gaynore9df2942014-12-12 10:56:26 -0800[diff] [blame]82.. _`Yarrow`: https://en.wikipedia.org/wiki/Yarrow_algorithm
Alex Gaynor3fad1902015-02-18 12:48:29 -0800[diff] [blame]83.. _`Microsoft documentation`: https://msdn.microsoft.com/en-us/library/windows/desktop/aa379942(v=vs.85).aspx