Blame - Python/random.c - platform/external/python/cpython3

2012-02-20 19:54:16 +0100

[diff] [blame]

1

#include "Python.h"

2

#ifdef MS_WINDOWS

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

3

# include <windows.h>

Martin Panter

d2f8747

2016-07-29 04:00:44 +0000

[diff] [blame]

4

/* All sample MSDN wincrypt programs include the header below. It is at least

5

* required with Min GW. */

6

# include <wincrypt.h>

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

7

#else

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

8

# include <fcntl.h>

9

# ifdef HAVE_SYS_STAT_H

10

# include <sys/stat.h>

11

# endif

Victor Stinner

2016-06-07 11:21:42 +0200

[diff] [blame]

12

# ifdef HAVE_LINUX_RANDOM_H

13

# include <linux/random.h>

14

# endif

Victor Stinner

2015-10-01 09:47:30 +0200

[diff] [blame]

15

# ifdef HAVE_GETRANDOM

16

# include <sys/random.h>

17

# elif defined(HAVE_GETRANDOM_SYSCALL)

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

18

# include <sys/syscall.h>

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

19

# endif

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

20

#endif

21

Benjamin Peterson

2012-02-21 11:08:50 -0500

[diff] [blame]

22

#ifdef Py_DEBUG

23

int _Py_HashSecret_Initialized = 0;

24

#else

25

static int _Py_HashSecret_Initialized = 0;

26

#endif

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

27

28

#ifdef MS_WINDOWS

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

29

static HCRYPTPROV hCryptProv = 0;

30

31

static int

32

win32_urandom_init(int raise)

33

{

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

34

/* Acquire context */

Martin v. Löwis

3f50bf6

2013-01-25 14:06:18 +0100

[diff] [blame]

35

if (!CryptAcquireContext(&hCryptProv, NULL, NULL,

36

PROV_RSA_FULL, CRYPT_VERIFYCONTEXT))

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

goto error;

return 0;

error:

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

42

if (raise) {

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

43

PyErr_SetFromWindowsErr(0);

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

44

}

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

return -1;

}

/* Fill buffer with size pseudo-random bytes generated by the Windows CryptoGen

Victor Stinner

2014-12-21 01:16:38 +0100

[diff] [blame]

49

API. Return 0 on success, or raise an exception and return -1 on error. */

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

50

static int

51

win32_urandom(unsigned char *buffer, Py_ssize_t size, int raise)

{

Py_ssize_t chunk;

if (hCryptProv == 0)

{

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

57

if (win32_urandom_init(raise) == -1) {

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

58

return -1;

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

59

}

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

}

while (size > 0)

{

chunk = size > INT_MAX ? INT_MAX : size;

Victor Stinner

0c08346

2013-11-15 23:26:25 +0100

[diff] [blame]

65

if (!CryptGenRandom(hCryptProv, (DWORD)chunk, buffer))

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

66

{

67

/* CryptGenRandom() failed */

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

68

if (raise) {

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

69

PyErr_SetFromWindowsErr(0);

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

70

}

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

return -1;

}

buffer += chunk;

size -= chunk;

}

return 0;

}

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

78

Martin Panter

39b1025

2016-06-10 08:07:11 +0000

[diff] [blame]

79

/* Issue #25003: Don't use getentropy() on Solaris (available since

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

80

Solaris 11.3), it is blocking whereas os.urandom() should not block. */

Victor Stinner

2015-10-01 09:47:30 +0200

[diff] [blame]

81

#elif defined(HAVE_GETENTROPY) && !defined(sun)

82

#define PY_GETENTROPY 1

83

Victor Stinner

2014-12-21 01:16:38 +0100

[diff] [blame]

84

/* Fill buffer with size pseudo-random bytes generated by getentropy().

85

Return 0 on success, or raise an exception and return -1 on error.

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

86

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

87

If raise is zero, don't raise an exception on error. */

Victor Stinner

2014-12-21 01:16:38 +0100

[diff] [blame]

88

static int

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

89

py_getentropy(char *buffer, Py_ssize_t size, int raise)

Victor Stinner

2014-12-21 01:16:38 +0100

[diff] [blame]

90

{

91

while (size > 0) {

92

Py_ssize_t len = Py_MIN(size, 256);

Victor Stinner

2015-03-30 11:18:30 +0200

[diff] [blame]

93

int res;

94

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

95

if (raise) {

Victor Stinner

2015-03-30 11:18:30 +0200

[diff] [blame]

96

Py_BEGIN_ALLOW_THREADS

97

res = getentropy(buffer, len);

98

Py_END_ALLOW_THREADS

Victor Stinner

2014-12-21 01:16:38 +0100

[diff] [blame]

99

}

Victor Stinner

2015-03-30 11:18:30 +0200

[diff] [blame]

100

else {

101

res = getentropy(buffer, len);

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

}

if (res < 0) {

if (raise) {

PyErr_SetFromErrno(PyExc_OSError);

107

}

108

return -1;

Victor Stinner

2015-03-30 11:18:30 +0200

[diff] [blame]

109

}

110

Victor Stinner

2014-12-21 01:16:38 +0100

[diff] [blame]

buffer += len;

size -= len;

}

return 0;

}

Victor Stinner

2015-10-01 09:47:30 +0200

[diff] [blame]

117

#else

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

118

Victor Stinner

2015-10-01 09:47:30 +0200

[diff] [blame]

119

#if defined(HAVE_GETRANDOM) || defined(HAVE_GETRANDOM_SYSCALL)

120

#define PY_GETRANDOM 1

121

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

122

/* Call getrandom()

123

- Return 1 on success

124

- Return 0 if getrandom() syscall is not available (fails with ENOSYS).

125

- Raise an exception (if raise is non-zero) and return -1 on error:

126

getrandom() failed with EINTR and the Python signal handler raised an

127

exception, or getrandom() failed with a different error. */

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

128

static int

129

py_getrandom(void *buffer, Py_ssize_t size, int raise)

130

{

Victor Stinner

2015-10-01 09:47:30 +0200

[diff] [blame]

131

/* Is getrandom() supported by the running kernel?

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

132

Need Linux kernel 3.17 or newer, or Solaris 11.3 or newer */

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

133

static int getrandom_works = 1;

Victor Stinner

2016-06-07 11:21:42 +0200

[diff] [blame]

134

135

/* getrandom() on Linux will block if called before the kernel has

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

136

initialized the urandom entropy pool. This will cause Python

137

to hang on startup if called very early in the boot process -

138

see https://bugs.python.org/issue26839. To avoid this, use the

139

GRND_NONBLOCK flag. */

Victor Stinner

2016-06-07 11:21:42 +0200

[diff] [blame]

140

const int flags = GRND_NONBLOCK;

Victor Stinner

2016-06-08 10:16:50 +0200

[diff] [blame]

141

142

char *dest;

Victor Stinner

ec721f3

2016-06-16 23:53:47 +0200

[diff] [blame]

143

long n;

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

144

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

145

if (!getrandom_works) {

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

146

return 0;

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

147

}

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

148

Victor Stinner

2016-06-08 10:16:50 +0200

[diff] [blame]

149

dest = buffer;

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

150

while (0 < size) {

Victor Stinner

9d24271

2016-04-12 22:28:49 +0200

[diff] [blame]

151

#ifdef sun

152

/* Issue #26735: On Solaris, getrandom() is limited to returning up

153

to 1024 bytes */

154

n = Py_MIN(size, 1024);

155

#else

Victor Stinner

ec721f3

2016-06-16 23:53:47 +0200

[diff] [blame]

156

n = Py_MIN(size, LONG_MAX);

Victor Stinner

9d24271

2016-04-12 22:28:49 +0200

[diff] [blame]

157

#endif

Victor Stinner

2015-03-30 11:16:40 +0200

[diff] [blame]

158

Victor Stinner

9d24271

2016-04-12 22:28:49 +0200

[diff] [blame]

159

errno = 0;

Victor Stinner

2015-10-01 09:47:30 +0200

[diff] [blame]

160

#ifdef HAVE_GETRANDOM

161

if (raise) {

162

Py_BEGIN_ALLOW_THREADS

Victor Stinner

2016-06-08 10:16:50 +0200

[diff] [blame]

163

n = getrandom(dest, n, flags);

Victor Stinner

2015-10-01 09:47:30 +0200

[diff] [blame]

164

Py_END_ALLOW_THREADS

165

}

166

else {

Victor Stinner

2016-06-08 10:16:50 +0200

[diff] [blame]

167

n = getrandom(dest, n, flags);

Victor Stinner

2015-10-01 09:47:30 +0200

[diff] [blame]

168

}

169

#else

170

/* On Linux, use the syscall() function because the GNU libc doesn't

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

171

expose the Linux getrandom() syscall yet. See:

172

https://sourceware.org/bugzilla/show_bug.cgi?id=17252 */

Victor Stinner

2015-03-30 11:16:40 +0200

[diff] [blame]

173

if (raise) {

174

Py_BEGIN_ALLOW_THREADS

Victor Stinner

2016-06-08 10:16:50 +0200

[diff] [blame]

175

n = syscall(SYS_getrandom, dest, n, flags);

Victor Stinner

2015-03-30 11:16:40 +0200

[diff] [blame]

176

Py_END_ALLOW_THREADS

177

}

178

else {

Victor Stinner

2016-06-08 10:16:50 +0200

[diff] [blame]

179

n = syscall(SYS_getrandom, dest, n, flags);

Victor Stinner

2015-03-30 11:16:40 +0200

[diff] [blame]

180

}

Victor Stinner

2015-10-01 09:47:30 +0200

[diff] [blame]

181

#endif

Victor Stinner

2015-03-30 11:16:40 +0200

[diff] [blame]

182

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

183

if (n < 0) {

184

if (errno == ENOSYS) {

185

getrandom_works = 0;

186

return 0;

187

}

Victor Stinner

2016-06-07 11:21:42 +0200

[diff] [blame]

188

if (errno == EAGAIN) {

189

/* If we failed with EAGAIN, the entropy pool was

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

190

uninitialized. In this case, we return failure to fall

191

back to reading from /dev/urandom.

192

193

Note: In this case the data read will not be random so

194

should not be used for cryptographic purposes. Retaining

195

the existing semantics for practical purposes. */

Victor Stinner

2016-06-07 11:21:42 +0200

[diff] [blame]

196

getrandom_works = 0;

197

return 0;

198

}

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

199

200

if (errno == EINTR) {

Victor Stinner

cecdd96

2016-08-16 15:19:09 +0200

[diff] [blame]

201

if (raise) {

202

if (PyErr_CheckSignals()) {

203

return -1;

204

}

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

205

}

Victor Stinner

cecdd96

2016-08-16 15:19:09 +0200

[diff] [blame]

206

207

/* retry getrandom() if it was interrupted by a signal */

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

continue;

}

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

211

if (raise) {

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

212

PyErr_SetFromErrno(PyExc_OSError);

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

213

}

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

return -1;

}

Victor Stinner

2016-06-08 10:16:50 +0200

[diff] [blame]

217

dest += n;

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

size -= n;

}

return 1;

}

#endif

Antoine Pitrou

2014-04-26 14:33:03 +0200

[diff] [blame]

static struct {

int fd;

dev_t st_dev;

ino_t st_ino;

} urandom_cache = { -1 };

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

229

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

230

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

231

/* Read 'size' random bytes from getrandom(). Fall back on reading from

232

/dev/urandom if getrandom() is not available.

233

234

Return 0 on success. Raise an exception (if raise is non-zero) and return -1

235

on error. */

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

236

static int

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

237

dev_urandom(char *buffer, Py_ssize_t size, int raise)

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

238

{

239

int fd;

240

Py_ssize_t n;

Victor Stinner

2015-10-01 09:47:30 +0200

[diff] [blame]

241

#ifdef PY_GETRANDOM

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

242

int res;

243

#endif

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

244

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

245

assert(size > 0);

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

246

Victor Stinner

2015-10-01 09:47:30 +0200

[diff] [blame]

247

#ifdef PY_GETRANDOM

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

248

res = py_getrandom(buffer, size, raise);

249

if (res < 0) {

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

250

return -1;

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

251

}

252

if (res == 1) {

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

253

return 0;

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

254

}

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

255

/* getrandom() is not supported by the running kernel, fall back

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

256

on reading /dev/urandom */

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

257

#endif

258

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

259

260

if (raise) {

261

struct _Py_stat_struct st;

262

Antoine Pitrou

2014-04-26 14:33:03 +0200

[diff] [blame]

263

if (urandom_cache.fd >= 0) {

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

264

/* Does the fd point to the same thing as before? (issue #21207) */

265

if (_Py_fstat_noraise(urandom_cache.fd, &st)

266

|| st.st_dev != urandom_cache.st_dev

267

|| st.st_ino != urandom_cache.st_ino) {

268

/* Something changed: forget the cached fd (but don't close it,

269

since it probably points to something important for some

270

third-party code). */

271

urandom_cache.fd = -1;

272

}

Antoine Pitrou

2013-08-31 00:26:02 +0200

[diff] [blame]

273

}

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

274

if (urandom_cache.fd >= 0)

275

fd = urandom_cache.fd;

Antoine Pitrou

2014-04-26 14:33:03 +0200

[diff] [blame]

276

else {

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

277

fd = _Py_open("/dev/urandom", O_RDONLY);

278

if (fd < 0) {

279

if (errno == ENOENT || errno == ENXIO ||

280

errno == ENODEV || errno == EACCES)

281

PyErr_SetString(PyExc_NotImplementedError,

282

"/dev/urandom (or equivalent) not found");

283

/* otherwise, keep the OSError exception raised by _Py_open() */

Antoine Pitrou

2014-04-26 14:33:03 +0200

[diff] [blame]

284

return -1;

285

}

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

286

if (urandom_cache.fd >= 0) {

287

/* urandom_fd was initialized by another thread while we were

288

not holding the GIL, keep it. */

289

close(fd);

290

fd = urandom_cache.fd;

291

}

Antoine Pitrou

2014-04-26 14:33:03 +0200

[diff] [blame]

292

else {

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

293

if (_Py_fstat(fd, &st)) {

close(fd);

return -1;

}

else {

urandom_cache.fd = fd;

299

urandom_cache.st_dev = st.st_dev;

300

urandom_cache.st_ino = st.st_ino;

301

}

Antoine Pitrou

2014-04-26 14:33:03 +0200

[diff] [blame]

302

}

303

}

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

304

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

305

do {

306

n = _Py_read(fd, buffer, (size_t)size);

if (n == -1)

return -1;

if (n == 0) {

PyErr_Format(PyExc_RuntimeError,

311

"Failed to read %zi bytes from /dev/urandom",

size);

return -1;

}

buffer += n;

size -= n;

} while (0 < size);

}

else {

fd = _Py_open_noraise("/dev/urandom", O_RDONLY);

322

if (fd < 0) {

Victor Stinner

c9382eb

2015-03-19 23:36:33 +0100

[diff] [blame]

return -1;

}

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

while (0 < size)

{

do {

n = read(fd, buffer, (size_t)size);

330

} while (n < 0 && errno == EINTR);

Victor Stinner

c9382eb

2015-03-19 23:36:33 +0100

[diff] [blame]

331

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

332

if (n <= 0) {

333

/* stop on error or if read(size) returned 0 */

Victor Stinner

3ee933f

2016-08-16 18:27:44 +0200

[diff] [blame]

334

close(fd);

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

return -1;

}

buffer += n;

size -= n;

}

close(fd);

}

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

343

return 0;

344

}

Antoine Pitrou

2013-08-31 00:26:02 +0200

[diff] [blame]

345

346

static void

347

dev_urandom_close(void)

348

{

Antoine Pitrou

2014-04-26 14:33:03 +0200

[diff] [blame]

349

if (urandom_cache.fd >= 0) {

350

close(urandom_cache.fd);

351

urandom_cache.fd = -1;

Antoine Pitrou

2013-08-31 00:26:02 +0200

[diff] [blame]

}

}

Victor Stinner

2015-10-01 09:47:30 +0200

[diff] [blame]

355

#endif

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

356

357

/* Fill buffer with pseudo-random bytes generated by a linear congruent

358

generator (LCG):

359

360

x(n+1) = (x(n) * 214013 + 2531011) % 2^32

361

362

Use bits 23..16 of x(n) to generate a byte. */

363

static void

364

lcg_urandom(unsigned int x0, unsigned char *buffer, size_t size)

{

size_t index;

unsigned int x;

x = x0;

for (index=0; index < size; index++) {

371

x *= 214013;

372

x += 2531011;

373

/* modulo 2 ^ (8 * sizeof(int)) */

374

buffer[index] = (x >> 16) & 0xff;

}

}

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

378

/* If raise is zero:

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

379

- Don't raise exceptions on error

380

- Don't call PyErr_CheckSignals() on EINTR (retry directly the interrupted

381

syscall)

382

- Don't release the GIL to call syscalls. */

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

383

static int

384

pyurandom(void *buffer, Py_ssize_t size, int raise)

{

if (size < 0) {

if (raise) {

PyErr_Format(PyExc_ValueError,

389

"negative argument not allowed");

}

return -1;

}

if (size == 0) {

return 0;

}

#ifdef MS_WINDOWS

return win32_urandom((unsigned char *)buffer, size, raise);

400

#elif defined(PY_GETENTROPY)

401

return py_getentropy(buffer, size, raise);

402

#else

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

403

return dev_urandom(buffer, size, raise);

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

#endif

}

Georg Brandl

2013-10-06 18:43:19 +0200

[diff] [blame]

407

/* Fill buffer with size pseudo-random bytes from the operating system random

Serhiy Storchaka

56a6d85

2014-12-01 18:28:43 +0200

[diff] [blame]

408

number generator (RNG). It is suitable for most cryptographic purposes

Georg Brandl

c6a2c9b

2013-10-06 18:43:19 +0200

[diff] [blame]

409

except long living private keys for asymmetric encryption.

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

410

411

Return 0 on success, raise an exception and return -1 on error. */

412

int

413

_PyOS_URandom(void *buffer, Py_ssize_t size)

414

{

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

415

return pyurandom(buffer, size, 1);

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

}

void

_PyRandom_Init(void)

{

char *env;

Christian Heimes

985ecdc

2013-11-20 11:46:18 +0100

[diff] [blame]

422

unsigned char *secret = (unsigned char *)&_Py_HashSecret.uc;

Benjamin Peterson

2012-02-21 11:08:50 -0500

[diff] [blame]

423

Py_ssize_t secret_size = sizeof(_Py_HashSecret_t);

Serhiy Storchaka

fad85aa

2015-11-07 15:42:38 +0200

[diff] [blame]

424

Py_BUILD_ASSERT(sizeof(_Py_HashSecret_t) == sizeof(_Py_HashSecret.uc));

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

425

Benjamin Peterson

2012-02-21 11:08:50 -0500

[diff] [blame]

426

if (_Py_HashSecret_Initialized)

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

427

return;

Benjamin Peterson

2012-02-21 11:08:50 -0500

[diff] [blame]

428

_Py_HashSecret_Initialized = 1;

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

429

430

/*

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

431

Hash randomization is enabled. Generate a per-process secret,

432

using PYTHONHASHSEED if provided.

433

*/

434

435

env = Py_GETENV("PYTHONHASHSEED");

Georg Brandl

12897d7

2012-02-20 23:49:29 +0100

[diff] [blame]

436

if (env && *env != '\0' && strcmp(env, "random") != 0) {

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

437

char *endptr = env;

438

unsigned long seed;

439

seed = strtoul(env, &endptr, 10);

440

if (*endptr != '\0'

441

|| seed > 4294967295UL

442

|| (errno == ERANGE && seed == ULONG_MAX))

443

{

444

Py_FatalError("PYTHONHASHSEED must be \"random\" or an integer "

445

"in range [0; 4294967295]");

446

}

447

if (seed == 0) {

448

/* disable the randomized hash */

449

memset(secret, 0, secret_size);

450

}

451

else {

Christian Heimes

985ecdc

2013-11-20 11:46:18 +0100

[diff] [blame]

452

lcg_urandom(seed, secret, secret_size);

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

453

}

454

}

455

else {

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

456

int res;

457

458

/* _PyRandom_Init() is called very early in the Python initialization

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

459

and so exceptions cannot be used (use raise=0). */

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

460

res = pyurandom(secret, secret_size, 0);

461

if (res < 0) {

462

Py_FatalError("failed to get random numbers to initialize Python");

463

}

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

464

}

465

}

Antoine Pitrou

2013-08-31 00:26:02 +0200

[diff] [blame]

void

_PyRandom_Fini(void)

{

Victor Stinner

d50c3f3

2014-05-02 22:06:44 +0200

[diff] [blame]

470

#ifdef MS_WINDOWS

471

if (hCryptProv) {

Tim Golden

b8ac3e1

2014-05-06 13:29:45 +0100

[diff] [blame]

472

CryptReleaseContext(hCryptProv, 0);

Victor Stinner

d50c3f3

2014-05-02 22:06:44 +0200

[diff] [blame]

473

hCryptProv = 0;

474

}

Victor Stinner

2015-10-01 09:47:30 +0200

[diff] [blame]

475

#elif defined(PY_GETENTROPY)

Victor Stinner

2014-12-21 01:16:38 +0100

[diff] [blame]

476

/* nothing to clean */

Victor Stinner

d50c3f3

2014-05-02 22:06:44 +0200

[diff] [blame]

477

#else

Antoine Pitrou