Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / d9702f9f324cd7b51d50bfb85370d8cf1034f332 / . / docs / hazmat / backends / openssl.rst
blob: d6351c9c48c14dfbeac75ebc554b7adfb507f773 [file] [log] [blame]
Alex Gaynoraf82d5e2013-10-29 17:07:24 -0700[diff] [blame]1.. hazmat::
Alex Gaynor0f7f7812013-09-30 10:52:36 -0700[diff] [blame]2
Alex Gaynor8f42fe42013-12-24 13:15:52 -0800[diff] [blame]3OpenSSL Backend
4===============
Donald Stuffte51fb932013-10-27 17:26:17 -0400[diff] [blame]5
Alex Stapletonc368ac22013-12-31 13:43:38 +0000[diff] [blame]6The `OpenSSL`_ C library.
Alex Gaynor6d02e2d2013-09-30 10:37:22 -0700[diff] [blame]7
Alex Gaynorf8796b12013-12-13 20:28:55 -0800[diff] [blame]8.. data:: cryptography.hazmat.backends.openssl.backend
Alex Gaynor6d02e2d2013-09-30 10:37:22 -0700[diff] [blame]9
Paul Kehrer3f17c7c2014-01-20 16:32:26 -0600[diff] [blame]10 This is the exposed API for the OpenSSL backend.
Paul Kehrer2502ce52014-01-18 09:32:47 -0600[diff] [blame]11
Alex Gaynor031c2cb2014-01-31 11:44:53 -0800[diff] [blame]12 It implements the following interfaces:
13
14 * :class:`~cryptography.hazmat.backends.interfaces.CipherBackend`
15 * :class:`~cryptography.hazmat.backends.interfaces.HashBackend`
16 * :class:`~cryptography.hazmat.backends.interfaces.HMACBackend`
17 * :class:`~cryptography.hazmat.backends.interfaces.PBKDF2HMACBackend`
Alex Stapleton8f2250f2014-02-08 12:24:02 +0000[diff] [blame]18 * :class:`~cryptography.hazmat.backends.interfaces.RSABackend`
Alex Gaynor031c2cb2014-01-31 11:44:53 -0800[diff] [blame]19
Paul Kehrere4acd5d2014-02-03 21:59:29 -0600[diff] [blame]20 It also exposes the following:
Paul Kehrer2502ce52014-01-18 09:32:47 -0600[diff] [blame]21
Paul Kehrercfa2d622014-01-19 14:01:25 -0600[diff] [blame]22 .. attribute:: name
Paul Kehrer2502ce52014-01-18 09:32:47 -0600[diff] [blame]23
Paul Kehrercfa2d622014-01-19 14:01:25 -0600[diff] [blame]24 The string name of this backend: ``"openssl"``
Alex Gaynor6d02e2d2013-09-30 10:37:22 -0700[diff] [blame]25
Paul Kehrerd52b89b2014-01-31 10:57:17 -0600[diff] [blame]26 .. method:: activate_osrandom_engine()
Paul Kehrer3f17c7c2014-01-20 16:32:26 -0600[diff] [blame]27
Paul Kehrerd52b89b2014-01-31 10:57:17 -0600[diff] [blame]28 Activates the OS random engine. This will effectively disable OpenSSL's
29 default CSPRNG.
Paul Kehrer3f17c7c2014-01-20 16:32:26 -0600[diff] [blame]30
Paul Kehrerd2582222014-02-05 16:21:19 -0600[diff] [blame]31 .. method:: activate_builtin_random()
Paul Kehrer3f17c7c2014-01-20 16:32:26 -0600[diff] [blame]32
Paul Kehrerd2582222014-02-05 16:21:19 -0600[diff] [blame]33 This will activate the default OpenSSL CSPRNG.
Paul Kehrer3f17c7c2014-01-20 16:32:26 -0600[diff] [blame]34
35OS Random Engine
36----------------
37
Paul Kehrerae2138a2014-01-29 22:19:47 -0600[diff] [blame]38OpenSSL uses a user-space CSPRNG that is seeded from system random (
Paul Kehrer136ff172014-01-29 21:23:11 -0600[diff] [blame]39``/dev/urandom`` or ``CryptGenRandom``). This CSPRNG is not reseeded
40automatically when a process calls ``fork()``. This can result in situations
41where two different processes can return similar or identical keys and
42compromise the security of the system.
Paul Kehrer3f17c7c2014-01-20 16:32:26 -0600[diff] [blame]43
Paul Kehrer136ff172014-01-29 21:23:11 -0600[diff] [blame]44The approach this project has chosen to mitigate this vulnerability is to
45include an engine that replaces the OpenSSL default CSPRNG with one that sources
46its entropy from ``/dev/urandom`` on UNIX-like operating systems and uses
47``CryptGenRandom`` on Windows. This method of pulling from the system pool
48allows us to avoid potential issues with `initializing the RNG`_ as well as
49protecting us from the ``fork()`` weakness.
50
Paul Kehrer8042b292014-01-31 10:44:36 -0600[diff] [blame]51This engine is **active** by default when importing the OpenSSL backend. When
52active this engine will be used to generate all the random data OpenSSL
53requests.
54
Paul Kehrer8042b292014-01-31 10:44:36 -0600[diff] [blame]55When importing only the binding it is added to the engine list but
56**not activated**.
57
Paul Kehrer3f17c7c2014-01-20 16:32:26 -0600[diff] [blame]58
Paul Kehrer9967bc52014-01-29 21:39:13 -0600[diff] [blame]59OS Random Sources
Paul Kehrer55809a12014-01-29 21:41:16 -0600[diff] [blame]60-----------------
Paul Kehrer9967bc52014-01-29 21:39:13 -0600[diff] [blame]61
62On OS X and FreeBSD ``/dev/urandom`` is an alias for ``/dev/random`` and
63utilizes the `Yarrow`_ algorithm.
64
Paul Kehrer012bfbc2014-02-11 23:37:51 -0600[diff] [blame]65On Windows the implementation of ``CryptGenRandom`` depends on which version of
Paul Kehrer039b4782014-02-11 23:50:56 -0600[diff] [blame]66the operation system you are using. See the `Microsoft documentation`_ for more
Paul Kehrer012bfbc2014-02-11 23:37:51 -0600[diff] [blame]67details.
Paul Kehrer9967bc52014-01-29 21:39:13 -0600[diff] [blame]68
69Linux uses its own PRNG design. ``/dev/urandom`` is a non-blocking source seeded
Paul Kehrer16e5e4d2014-01-30 09:43:30 -0600[diff] [blame]70from the same pool as ``/dev/random``.
Paul Kehrer9967bc52014-01-29 21:39:13 -0600[diff] [blame]71
72
Alex Gaynor6d02e2d2013-09-30 10:37:22 -0700[diff] [blame]73.. _`OpenSSL`: https://www.openssl.org/
Paul Kehrer136ff172014-01-29 21:23:11 -0600[diff] [blame]74.. _`initializing the RNG`: http://en.wikipedia.org/wiki/OpenSSL#Vulnerability_in_the_Debian_implementation
75.. _`Yarrow`: http://en.wikipedia.org/wiki/Yarrow_algorithm
Paul Kehrerb4f7d882014-02-11 23:29:51 -0600[diff] [blame]76.. _`Microsoft documentation`: http://msdn.microsoft.com/en-us/library/windows/desktop/aa379942(v=vs.85).aspx