Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / a85baf166b9d9aec6e662a0657d2d21bcfd3df28 / . / docs / hazmat / backends / openssl.rst
blob: b7133deb2643a1144dd75e1663ebf937e9b61c08 [file] [log] [blame]
Alex Gaynoraf82d5e2013-10-29 17:07:24 -0700[diff] [blame]1.. hazmat::
Alex Gaynor0f7f7812013-09-30 10:52:36 -0700[diff] [blame]2
Alex Gaynor8f42fe42013-12-24 13:15:52 -0800[diff] [blame]3OpenSSL Backend
4===============
Donald Stuffte51fb932013-10-27 17:26:17 -0400[diff] [blame]5
Alex Stapletonc368ac22013-12-31 13:43:38 +0000[diff] [blame]6The `OpenSSL`_ C library.
Alex Gaynor6d02e2d2013-09-30 10:37:22 -0700[diff] [blame]7
Alex Gaynorf8796b12013-12-13 20:28:55 -0800[diff] [blame]8.. data:: cryptography.hazmat.backends.openssl.backend
Alex Gaynor6d02e2d2013-09-30 10:37:22 -0700[diff] [blame]9
Paul Kehrer3f17c7c2014-01-20 16:32:26 -0600[diff] [blame]10 This is the exposed API for the OpenSSL backend.
Paul Kehrer2502ce52014-01-18 09:32:47 -0600[diff] [blame]11
Paul Kehrercfa2d622014-01-19 14:01:25 -0600[diff] [blame]12 .. attribute:: name
Paul Kehrer2502ce52014-01-18 09:32:47 -0600[diff] [blame]13
Paul Kehrercfa2d622014-01-19 14:01:25 -0600[diff] [blame]14 The string name of this backend: ``"openssl"``
Alex Gaynor6d02e2d2013-09-30 10:37:22 -0700[diff] [blame]15
Paul Kehrer3f17c7c2014-01-20 16:32:26 -0600[diff] [blame]16 .. method:: register_osrandom_engine()
17
18 Registers the OS random engine as default. This will effectively
19 disable OpenSSL's default CSPRNG.
20
21 .. method:: unregister_osrandom_engine()
22
23 Unregisters the OS random engine if it is default. This will restore
24 the default OpenSSL CSPRNG. If the OS random engine is not the default
25 engine (e.g. if another engine is set as default) nothing will be
26 changed.
27
28OS Random Engine
29----------------
30
Paul Kehrer136ff172014-01-29 21:23:11 -0600[diff] [blame]31OpenSSL uses a userspace CSPRNG that is seeded from system random (
32``/dev/urandom`` or ``CryptGenRandom``). This CSPRNG is not reseeded
33automatically when a process calls ``fork()``. This can result in situations
34where two different processes can return similar or identical keys and
35compromise the security of the system.
Paul Kehrer3f17c7c2014-01-20 16:32:26 -0600[diff] [blame]36
Paul Kehrer136ff172014-01-29 21:23:11 -0600[diff] [blame]37The approach this project has chosen to mitigate this vulnerability is to
38include an engine that replaces the OpenSSL default CSPRNG with one that sources
39its entropy from ``/dev/urandom`` on UNIX-like operating systems and uses
40``CryptGenRandom`` on Windows. This method of pulling from the system pool
41allows us to avoid potential issues with `initializing the RNG`_ as well as
42protecting us from the ``fork()`` weakness.
43
44This engine is **active** by default when importing the OpenSSL backend. It is
45added to the engine list but **not activated** if you only import the binding.
46If you wish to deactivate it call ``unregister_osrandom_engine()`` on the
47backend object.
Paul Kehrer3f17c7c2014-01-20 16:32:26 -0600[diff] [blame]48
Paul Kehrer9967bc52014-01-29 21:39:13 -0600[diff] [blame]49OS Random Sources
Paul Kehrer55809a12014-01-29 21:41:16 -0600[diff] [blame]50-----------------
Paul Kehrer9967bc52014-01-29 21:39:13 -0600[diff] [blame]51
52On OS X and FreeBSD ``/dev/urandom`` is an alias for ``/dev/random`` and
53utilizes the `Yarrow`_ algorithm.
54
55On Windows ``CryptGenRandom`` is backed by `Fortuna`_.
56
57Linux uses its own PRNG design. ``/dev/urandom`` is a non-blocking source seeded
58from the ``/dev/random`` pool.
59
60
Alex Gaynor6d02e2d2013-09-30 10:37:22 -0700[diff] [blame]61.. _`OpenSSL`: https://www.openssl.org/
Paul Kehrer136ff172014-01-29 21:23:11 -0600[diff] [blame]62.. _`initializing the RNG`: http://en.wikipedia.org/wiki/OpenSSL#Vulnerability_in_the_Debian_implementation
63.. _`Yarrow`: http://en.wikipedia.org/wiki/Yarrow_algorithm
64.. _`Fortuna`: http://en.wikipedia.org/wiki/Fortuna_(PRNG)