[issue25003] os.urandom() should call getrandom(2) not getentropy(2) on Solaris 11.3 and newer

STINNER Victor added the comment: Thanks! I close the issue, it's now fixed. -- resolution: -> fixed status: open -> closed ___ Python tracker ___ __

[issue25003] os.urandom() should call getrandom(2) not getentropy(2) on Solaris 11.3 and newer

John Beck added the comment: Confirmed that test_os runs cleanly on Solaris 12, for each of: * 2.7.10 (plus your patch from 98454:202c827f86df) * 3.4.3 (plus your patch from 98455:83dc79eeaf7f) * 3.5.0 (plus your patch from 98452:835085cc28cd) * 3.6 (tip) --

[issue25003] os.urandom() should call getrandom(2) not getentropy(2) on Solaris 11.3 and newer

STINNER Victor added the comment: Ok, I pushed fixes for Python 2.7, 3.4, 3.5 and 3.6. Summary for Solaris: - Python 2.7, 3.4: read from /dev/urandom (use a private file descriptor) - Python 3.5, 3.6: use the getrandom() function on Solaris 11.3 and newer (no file descriptor), or fallback on r

[issue25003] os.urandom() should call getrandom(2) not getentropy(2) on Solaris 11.3 and newer

Roundup Robot added the comment: New changeset 202c827f86df by Victor Stinner in branch '2.7': Issue #25003: os.urandom() doesn't use getentropy() on Solaris because https://hg.python.org/cpython/rev/202c827f86df New changeset 83dc79eeaf7f by Victor Stinner in branch '3.4': Issue #25003: os.uran

[issue25003] os.urandom() should call getrandom(2) not getentropy(2) on Solaris 11.3 and newer

Roundup Robot added the comment: New changeset 835085cc28cd by Victor Stinner in branch '3.5': Issue #25003: On Solaris 11.3 or newer, os.urandom() now uses the getrandom() https://hg.python.org/cpython/rev/835085cc28cd -- ___ Python tracker

[issue25003] os.urandom() should call getrandom(2) not getentropy(2) on Solaris 11.3 and newer

STINNER Victor added the comment: "I have tested your patch with 3.5, and it works fine, although I did have to make a minor change to get test_os to pass. In test_os.py you had: (...)" Oh right, I fixed test_os too. -- ___ Python tracker

[issue25003] os.urandom() should call getrandom(2) not getentropy(2) on Solaris 11.3 and newer

Roundup Robot added the comment: New changeset 221e09b89186 by Victor Stinner in branch 'default': Issue #25003: Skip test_os.URandomFDTests on Solaris 11.3 and newer https://hg.python.org/cpython/rev/221e09b89186 -- ___ Python tracker

[issue25003] os.urandom() should call getrandom(2) not getentropy(2) on Solaris 11.3 and newer

John Beck added the comment: I have tested your patch with 3.5, and it works fine, although I did have to make a minor change to get test_os to pass. In test_os.py you had: ... USE_GETENTROPY = ((sysconfig.get_config_var('HAVE_GETENTROPY') == 1) and not sys.platform.startswit

[issue25003] os.urandom() should call getrandom(2) not getentropy(2) on Solaris 11.3 and newer

STINNER Victor added the comment: Ok, I pushed a first fix for Python 3.6. The changeset 8b0c2c7cb4a7 keeps getentropy() on OpenBSD, but it explicitly excludes getentropy() on Solaris ("!defined(sun)"). It adds support for the getrandom() function. As the EINVAL error will be fixed in the fina

[issue25003] os.urandom() should call getrandom(2) not getentropy(2) on Solaris 11.3 and newer

Roundup Robot added the comment: New changeset 8b0c2c7cb4a7 by Victor Stinner in branch 'default': Issue #25003: On Solaris 11.3 or newer, os.urandom() now uses the getrandom() https://hg.python.org/cpython/rev/8b0c2c7cb4a7 -- nosy: +python-dev ___ Py

[issue25003] os.urandom() should call getrandom(2) not getentropy(2) on Solaris 11.3 and newer

John Beck added the comment: The owner of the Solaris kernel bug has confirmed that he plans to get the fix into both Solaris 12 and 11.3. -- ___ Python tracker ___ _

[issue25003] os.urandom() should call getrandom(2) not getentropy(2) on Solaris 11.3 and newer

John Beck added the comment: I have queried the engineer who owns the kernel bug and will post an update once I hear back from him. But as it is already almost midnight on Friday in his geo, it may well be Monday before I hear back. -- ___ Python t

[issue25003] os.urandom() should call getrandom(2) not getentropy(2) on Solaris 11.3 and newer

STINNER Victor added the comment: > While testing this, I found out why I had needed EINVAL earlier (and still > do, for now): there is a bug in the Solaris implementation of getrandom(2). > If flags are 0 and the buffer size > 1024, then it fails with EINVAL. That > is only supposed to hap

[issue25003] os.urandom() should call getrandom(2) not getentropy(2) on Solaris 11.3 and newer

John Beck added the comment: Yes, those patches work, with a caveat. While testing this, I found out why I had needed EINVAL earlier (and still do, for now): there is a bug in the Solaris implementation of getrandom(2). If flags are 0 and the buffer size > 1024, then it fails with EINVAL. T

[issue25003] os.urandom() should call getrandom(2) not getentropy(2) on Solaris 11.3 and newer

STINNER Victor added the comment: > But EINVAL should also be checked for to make sure the system call was > invoked with proper parameters. py_getrandom() calls Py_FatalError() or raises an OSError on EINVAL. The error is not silently ignored. > My builds of Python 3.5.0.X (don't recall whe

[issue25003] os.urandom() should call getrandom(2) not getentropy(2) on Solaris 11.3 and newer

John Beck added the comment: Sorry, let me try to clarify. ENOSYS is the correct errno value to check for, for the situation (e.g., Solaris < 11.3) of a non-existent system call. But EINVAL should also be checked for to make sure the system call was invoked with proper parameters. My builds

[issue25003] os.urandom() should call getrandom(2) not getentropy(2) on Solaris

Changes by STINNER Victor : -- title: os.urandom() should call getrandom(2) not getentropy(2) -> os.urandom() should call getrandom(2) not getentropy(2) on Solaris ___ Python tracker __

[issue25003] os.urandom() should call getrandom(2) not getentropy(2)

STINNER Victor added the comment: > Yes, the syscall was failing with EINVAL. Sorry, I don't understand. Do you mean that calling a non-existant syscall on Solaris fails with EINVAL? Calling the getrandom() syscall on Solaris < 11.3 fails with EINVAL? -- _

[issue25003] os.urandom() should call getrandom(2) not getentropy(2) on Solaris 11.3 and newer

Changes by STINNER Victor : -- title: os.urandom() should call getrandom(2) not getentropy(2) on Solaris -> os.urandom() should call getrandom(2) not getentropy(2) on Solaris 11.3 and newer ___ Python tracker ___

[issue25003] os.urandom() should call getrandom(2) not getentropy(2)

John Beck added the comment: Yes, the syscall was failing with EINVAL. -- ___ Python tracker ___ ___ Python-bugs-list mailing list Uns

[issue25003] os.urandom() should call getrandom(2) not getentropy(2)

STINNER Victor added the comment: > Prior to applying this patch, I had needed to tweak py_getrandom() to > recognize EINVAL in addition to ENOSYS as sufficient reason to turn off > getrandom_works. In which case getrandom() fails with EINVAL? -- _

[issue25003] os.urandom() should call getrandom(2) not getentropy(2)

John Beck added the comment: @haypo: Yes, that patch works (applied to 3.5.0rc3; proxy problems are preventing me from updating my clone of the default branch at the moment) i.e., pyconfig.h shows: #define HAVE_GETRANDOM_SYSCALL 1 To answer your other questions: * Calling syscall(SYS_getrando

[issue25003] os.urandom() should call getrandom(2) not getentropy(2)

STINNER Victor added the comment: > Perhaps the getentropy() check can explicitly rule out Solaris (either at the > autoconf level or in the random.c source code) if you prefer to keep the > getentropy() call on OpenBSD. Ok, here is a patch implementing this option. It keeps getentropy() on Op

[issue25003] os.urandom() should call getrandom(2) not getentropy(2)

STINNER Victor added the comment: Thread on python-dev: https://mail.python.org/pipermail/python-dev/2015-September/141439.html -- ___ Python tracker ___ ___

[issue25003] os.urandom() should call getrandom(2) not getentropy(2)

Changes by Guido van Rossum : -- nosy: -gvanrossum ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mai

[issue25003] os.urandom() should call getrandom(2) not getentropy(2)

Donald Stufft added the comment: Oh yea, and (A)RC4 is broken and shouldn't be used for anything anymore, ChaCha is much better and is pretty great. -- ___ Python tracker ___ __

[issue25003] os.urandom() should call getrandom(2) not getentropy(2)

Donald Stufft added the comment: (A)RC4 and ChaCha are just two stream ciphers that let you encrypt some data, they work by essentially producing a psuedo-random stream of data in a deterministic manner based off of a key, and than that is XOR'd with the data you want to encrypt. arc4random (a

[issue25003] os.urandom() should call getrandom(2) not getentropy(2)

Guido van Rossum added the comment: To Theo it's probably inconceivable that anyone would be using random numbers for anything besides crypto security. :-) His favorite is arc4random() (but he notes it's not based on RC4 anymore, but uses chacha -- I have no idea what any of that means :-). He

[issue25003] os.urandom() should call getrandom(2) not getentropy(2)

Tim Peters added the comment: Guido, you're clearly talking with someone who knows too much ;-) If we're using the Twister for _anything_ related to crypto-level randomness, then I'd appalled - it was utterly unsuitable for any such purpose from day 1. But as a general-purpose generator for

[issue25003] os.urandom() should call getrandom(2) not getentropy(2)

Guido van Rossum added the comment: Also, Theo believes that our Mersenne Twister is outdated and os.urandom() is the only reasonable alternative. So we might as well keep it fast. -- ___ Python tracker __

[issue25003] os.urandom() should call getrandom(2) not getentropy(2)

Guido van Rossum added the comment: I got several long private emails from Theo De Raadt about this issue. I think the gist of it all is that most likely (a) the app most likely shouldn't be calling os.urandom() that often, and (b) Solaris getentropy() is apparently stunningly slow. Theo also

[issue25003] os.urandom() should call getrandom(2) not getentropy(2)

STINNER Victor added the comment: Attached patch (for Python 3.4) removes code to use getentropy() in os.urandom(). -- keywords: +patch Added file: http://bugs.python.org/file40397/remove_get_entropy.patch ___ Python tracker

[issue25003] os.urandom() should call getrandom(2) not getentropy(2)

Changes by Raymond Hettinger : -- assignee: -> haypo ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://m

[issue25003] os.urandom() should call getrandom(2) not getentropy(2)

Changes by R. David Murray : -- nosy: +haypo stage: -> needs patch type: -> security ___ Python tracker ___ ___ Python-bugs-list mai

[issue25003] os.urandom() should call getrandom(2) not getentropy(2)

New submission from John Beck: A recent Solaris build upgrade resulted in a massive slowdown of a package operation (our package client is written in Python). Some DTrace revealed this was because os.urandom() calls had slowed down by a factor of over 300. This turned out to be caused by an