Blame - Python/random.c - platform/external/python/cpython3

2012-02-20 19:54:16 +0100

[diff] [blame]

1

#include "Python.h"

2

#ifdef MS_WINDOWS

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

3

# include <windows.h>

Martin Panter

d2f8747

2016-07-29 04:00:44 +0000

[diff] [blame]

4

/* All sample MSDN wincrypt programs include the header below. It is at least

5

* required with Min GW. */

6

# include <wincrypt.h>

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

7

#else

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

8

# include <fcntl.h>

9

# ifdef HAVE_SYS_STAT_H

10

# include <sys/stat.h>

11

# endif

Victor Stinner

dddf484

2016-06-07 11:21:42 +0200

[diff] [blame]

12

# ifdef HAVE_LINUX_RANDOM_H

13

# include <linux/random.h>

14

# endif

Benjamin Peterson

493ac1b

2017-01-01 22:29:36 -0600

[diff] [blame]

15

# if defined(HAVE_SYS_RANDOM_H) && (defined(HAVE_GETRANDOM) || defined(HAVE_GETENTROPY))

Victor Stinner

2015-10-01 09:47:30 +0200

[diff] [blame]

16

# include <sys/random.h>

Ned Deily

7ae4112

2016-11-12 16:35:48 -0500

[diff] [blame]

17

# endif

18

# if !defined(HAVE_GETRANDOM) && defined(HAVE_GETRANDOM_SYSCALL)

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

19

# include <sys/syscall.h>

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

20

# endif

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

21

#endif

22

Benjamin Peterson

2012-02-21 11:08:50 -0500

[diff] [blame]

23

#ifdef Py_DEBUG

24

int _Py_HashSecret_Initialized = 0;

25

#else

26

static int _Py_HashSecret_Initialized = 0;

27

#endif

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

28

29

#ifdef MS_WINDOWS

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

30

static HCRYPTPROV hCryptProv = 0;

31

32

static int

33

win32_urandom_init(int raise)

34

{

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

35

/* Acquire context */

Martin v. Löwis

3f50bf6

2013-01-25 14:06:18 +0100

[diff] [blame]

36

if (!CryptAcquireContext(&hCryptProv, NULL, NULL,

37

PROV_RSA_FULL, CRYPT_VERIFYCONTEXT))

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

goto error;

return 0;

error:

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

43

if (raise) {

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

44

PyErr_SetFromWindowsErr(0);

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

45

}

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

return -1;

}

/* Fill buffer with size pseudo-random bytes generated by the Windows CryptoGen

Victor Stinner

4d6a3d6

2014-12-21 01:16:38 +0100

[diff] [blame]

50

API. Return 0 on success, or raise an exception and return -1 on error. */

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

51

static int

52

win32_urandom(unsigned char *buffer, Py_ssize_t size, int raise)

{

Py_ssize_t chunk;

if (hCryptProv == 0)

{

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

58

if (win32_urandom_init(raise) == -1) {

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

59

return -1;

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

60

}

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

}

while (size > 0)

{

chunk = size > INT_MAX ? INT_MAX : size;

Victor Stinner

0c08346

2013-11-15 23:26:25 +0100

[diff] [blame]

66

if (!CryptGenRandom(hCryptProv, (DWORD)chunk, buffer))

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

67

{

68

/* CryptGenRandom() failed */

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

69

if (raise) {

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

70

PyErr_SetFromWindowsErr(0);

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

71

}

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

return -1;

}

buffer += chunk;

size -= chunk;

}

return 0;

}

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

79

Victor Stinner

dcdb60e

2017-01-06 11:16:20 +0100

[diff] [blame]

80

#else /* !MS_WINDOWS */

81

Victor Stinner

2017-01-06 11:26:01 +0100

[diff] [blame^]

82

#if defined(HAVE_GETRANDOM) || defined(HAVE_GETRANDOM_SYSCALL)

Victor Stinner

2015-10-01 09:47:30 +0200

[diff] [blame]

83

#define PY_GETRANDOM 1

84

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

85

/* Call getrandom()

86

- Return 1 on success

Victor Stinner

6d8bc46

2016-09-20 22:46:02 +0200

[diff] [blame]

87

- Return 0 if getrandom() syscall is not available (failed with ENOSYS or

88

EPERM) or if getrandom(GRND_NONBLOCK) failed with EAGAIN (system urandom

Victor Stinner

af59732

2016-09-20 22:26:18 +0200

[diff] [blame]

89

not initialized yet) and raise=0.

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

90

- Raise an exception (if raise is non-zero) and return -1 on error:

91

getrandom() failed with EINTR and the Python signal handler raised an

92

exception, or getrandom() failed with a different error. */

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

93

static int

Victor Stinner

2016-09-06 16:33:52 -0700

[diff] [blame]

94

py_getrandom(void *buffer, Py_ssize_t size, int blocking, int raise)

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

95

{

Victor Stinner

2016-09-06 16:33:52 -0700

[diff] [blame]

96

/* Is getrandom() supported by the running kernel? Set to 0 if getrandom()

Victor Stinner

6d8bc46

2016-09-20 22:46:02 +0200

[diff] [blame]

97

failed with ENOSYS or EPERM. Need Linux kernel 3.17 or newer, or Solaris

Victor Stinner

af59732

2016-09-20 22:26:18 +0200

[diff] [blame]

98

11.3 or newer */

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

99

static int getrandom_works = 1;

Victor Stinner

2016-09-06 16:33:52 -0700

[diff] [blame]

100

int flags;

Victor Stinner

2016-06-08 10:16:50 +0200

[diff] [blame]

101

char *dest;

Victor Stinner

ec721f3

2016-06-16 23:53:47 +0200

[diff] [blame]

102

long n;

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

103

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

104

if (!getrandom_works) {

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

105

return 0;

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

106

}

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

107

Victor Stinner

2016-09-06 16:33:52 -0700

[diff] [blame]

108

flags = blocking ? 0 : GRND_NONBLOCK;

Victor Stinner

2016-06-08 10:16:50 +0200

[diff] [blame]

109

dest = buffer;

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

110

while (0 < size) {

Victor Stinner

9d24271

2016-04-12 22:28:49 +0200

[diff] [blame]

111

#ifdef sun

112

/* Issue #26735: On Solaris, getrandom() is limited to returning up

113

to 1024 bytes */

114

n = Py_MIN(size, 1024);

115

#else

Victor Stinner

ec721f3

2016-06-16 23:53:47 +0200

[diff] [blame]

116

n = Py_MIN(size, LONG_MAX);

Victor Stinner

9d24271

2016-04-12 22:28:49 +0200

[diff] [blame]

117

#endif

Victor Stinner

2015-03-30 11:16:40 +0200

[diff] [blame]

118

Victor Stinner

9d24271

2016-04-12 22:28:49 +0200

[diff] [blame]

119

errno = 0;

Victor Stinner

2015-10-01 09:47:30 +0200

[diff] [blame]

120

#ifdef HAVE_GETRANDOM

121

if (raise) {

122

Py_BEGIN_ALLOW_THREADS

Victor Stinner

2016-06-08 10:16:50 +0200

[diff] [blame]

123

n = getrandom(dest, n, flags);

Victor Stinner

2015-10-01 09:47:30 +0200

[diff] [blame]

124

Py_END_ALLOW_THREADS

125

}

126

else {

Victor Stinner

2016-06-08 10:16:50 +0200

[diff] [blame]

127

n = getrandom(dest, n, flags);

Victor Stinner

2015-10-01 09:47:30 +0200

[diff] [blame]

128

}

129

#else

130

/* On Linux, use the syscall() function because the GNU libc doesn't

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

131

expose the Linux getrandom() syscall yet. See:

132

https://sourceware.org/bugzilla/show_bug.cgi?id=17252 */

Victor Stinner

2015-03-30 11:16:40 +0200

[diff] [blame]

133

if (raise) {

134

Py_BEGIN_ALLOW_THREADS

Victor Stinner

2016-06-08 10:16:50 +0200

[diff] [blame]

135

n = syscall(SYS_getrandom, dest, n, flags);

Victor Stinner

2015-03-30 11:16:40 +0200

[diff] [blame]

136

Py_END_ALLOW_THREADS

137

}

138

else {

Victor Stinner

2016-06-08 10:16:50 +0200

[diff] [blame]

139

n = syscall(SYS_getrandom, dest, n, flags);

Victor Stinner

2015-03-30 11:16:40 +0200

[diff] [blame]

140

}

Victor Stinner

2015-10-01 09:47:30 +0200

[diff] [blame]

141

#endif

Victor Stinner

2015-03-30 11:16:40 +0200

[diff] [blame]

142

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

143

if (n < 0) {

Victor Stinner

af59732

2016-09-20 22:26:18 +0200

[diff] [blame]

144

/* ENOSYS: getrandom() syscall not supported by the kernel (but

Victor Stinner

6d8bc46

2016-09-20 22:46:02 +0200

[diff] [blame]

145

* maybe supported by the host which built Python). EPERM:

146

* getrandom() syscall blocked by SECCOMP or something else. */

147

if (errno == ENOSYS || errno == EPERM) {

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

148

getrandom_works = 0;

149

return 0;

150

}

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

151

Victor Stinner

2016-09-06 16:33:52 -0700

[diff] [blame]

152

/* getrandom(GRND_NONBLOCK) fails with EAGAIN if the system urandom

153

is not initialiazed yet. For _PyRandom_Init(), we ignore their

154

error and fall back on reading /dev/urandom which never blocks,

155

even if the system urandom is not initialized yet. */

156

if (errno == EAGAIN && !raise && !blocking) {

Victor Stinner

dddf484

2016-06-07 11:21:42 +0200

[diff] [blame]

157

return 0;

158

}

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

159

160

if (errno == EINTR) {

Victor Stinner

cecdd96

2016-08-16 15:19:09 +0200

[diff] [blame]

161

if (raise) {

162

if (PyErr_CheckSignals()) {

163

return -1;

164

}

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

165

}

Victor Stinner

cecdd96

2016-08-16 15:19:09 +0200

[diff] [blame]

166

167

/* retry getrandom() if it was interrupted by a signal */

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

continue;

}

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

171

if (raise) {

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

172

PyErr_SetFromErrno(PyExc_OSError);

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

173

}

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

return -1;

}

Victor Stinner

2016-06-08 10:16:50 +0200

[diff] [blame]

177

dest += n;

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

size -= n;

}

return 1;

}

Victor Stinner

2017-01-06 11:26:01 +0100

[diff] [blame^]

182

183

#elif defined(HAVE_GETENTROPY)

184

#define PY_GETENTROPY 1

185

186

/* Fill buffer with size pseudo-random bytes generated by getentropy().

187

Return 1 on success, or raise an exception and return -1 on error.

188

189

If raise is zero, don't raise an exception on error. */

190

static int

191

py_getentropy(char *buffer, Py_ssize_t size, int raise)

192

{

193

while (size > 0) {

194

Py_ssize_t len = Py_MIN(size, 256);

int res;

if (raise) {

Py_BEGIN_ALLOW_THREADS

199

res = getentropy(buffer, len);

Py_END_ALLOW_THREADS

}

else {

res = getentropy(buffer, len);

}

if (res < 0) {

if (raise) {

PyErr_SetFromErrno(PyExc_OSError);

}

return -1;

}

buffer += len;

size -= len;

}

return 1;

}

#endif /* defined(HAVE_GETENTROPY) && !defined(sun) */

Victor Stinner

dcdb60e

2017-01-06 11:16:20 +0100

[diff] [blame]

219

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

220

Antoine Pitrou

2014-04-26 14:33:03 +0200

[diff] [blame]

static struct {

int fd;

dev_t st_dev;

ino_t st_ino;

} urandom_cache = { -1 };

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

226

Victor Stinner

2017-01-06 11:17:52 +0100

[diff] [blame]

227

/* Read random bytes from the /dev/urandom device:

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

228

Victor Stinner

2017-01-06 11:17:52 +0100

[diff] [blame]

229

- Return 0 on success

230

- Raise an exception (if raise is non-zero) and return -1 on error

231

232

Possible causes of errors:

233

234

- open() failed with ENOENT, ENXIO, ENODEV, EACCES: the /dev/urandom device

235

was not found. For example, it was removed manually or not exposed in a

236

chroot or container.

237

- open() failed with a different error

238

- fstat() failed

239

- read() failed or returned 0

240

241

read() is retried if it failed with EINTR: interrupted by a signal.

242

243

The file descriptor of the device is kept open between calls to avoid using

244

many file descriptors when run in parallel from multiple threads:

245

see the issue #18756.

246

247

st_dev and st_ino fields of the file descriptor (from fstat()) are cached to

248

check if the file descriptor was replaced by a different file (which is

249

likely a bug in the application): see the issue #21207.

250

251

If the file descriptor was closed or replaced, open a new file descriptor

252

but don't close the old file descriptor: it probably points to something

253

important for some third-party code. */

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

254

static int

Victor Stinner

2017-01-06 11:17:52 +0100

[diff] [blame]

255

dev_urandom(char *buffer, Py_ssize_t size, int raise)

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

256

{

257

int fd;

258

Py_ssize_t n;

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

259

260

if (raise) {

261

struct _Py_stat_struct st;

262

Antoine Pitrou

2014-04-26 14:33:03 +0200

[diff] [blame]

263

if (urandom_cache.fd >= 0) {

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

264

/* Does the fd point to the same thing as before? (issue #21207) */

265

if (_Py_fstat_noraise(urandom_cache.fd, &st)

266

|| st.st_dev != urandom_cache.st_dev

267

|| st.st_ino != urandom_cache.st_ino) {

268

/* Something changed: forget the cached fd (but don't close it,

269

since it probably points to something important for some

270

third-party code). */

271

urandom_cache.fd = -1;

272

}

Antoine Pitrou

2013-08-31 00:26:02 +0200

[diff] [blame]

273

}

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

274

if (urandom_cache.fd >= 0)

275

fd = urandom_cache.fd;

Antoine Pitrou

2014-04-26 14:33:03 +0200

[diff] [blame]

276

else {

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

277

fd = _Py_open("/dev/urandom", O_RDONLY);

278

if (fd < 0) {

279

if (errno == ENOENT || errno == ENXIO ||

280

errno == ENODEV || errno == EACCES)

281

PyErr_SetString(PyExc_NotImplementedError,

282

"/dev/urandom (or equivalent) not found");

283

/* otherwise, keep the OSError exception raised by _Py_open() */

Antoine Pitrou

2014-04-26 14:33:03 +0200

[diff] [blame]

284

return -1;

285

}

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

286

if (urandom_cache.fd >= 0) {

287

/* urandom_fd was initialized by another thread while we were

288

not holding the GIL, keep it. */

289

close(fd);

290

fd = urandom_cache.fd;

291

}

Antoine Pitrou

2014-04-26 14:33:03 +0200

[diff] [blame]

292

else {

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

293

if (_Py_fstat(fd, &st)) {

close(fd);

return -1;

}

else {

urandom_cache.fd = fd;

299

urandom_cache.st_dev = st.st_dev;

300

urandom_cache.st_ino = st.st_ino;

301

}

Antoine Pitrou

2014-04-26 14:33:03 +0200

[diff] [blame]

302

}

303

}

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

304

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

305

do {

306

n = _Py_read(fd, buffer, (size_t)size);

if (n == -1)

return -1;

if (n == 0) {

PyErr_Format(PyExc_RuntimeError,

311

"Failed to read %zi bytes from /dev/urandom",

size);

return -1;

}

buffer += n;

size -= n;

} while (0 < size);

}

else {

fd = _Py_open_noraise("/dev/urandom", O_RDONLY);

322

if (fd < 0) {

Victor Stinner

c9382eb

2015-03-19 23:36:33 +0100

[diff] [blame]

return -1;

}

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

while (0 < size)

{

do {

n = read(fd, buffer, (size_t)size);

330

} while (n < 0 && errno == EINTR);

Victor Stinner

c9382eb

2015-03-19 23:36:33 +0100

[diff] [blame]

331

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

332

if (n <= 0) {

333

/* stop on error or if read(size) returned 0 */

Victor Stinner

3ee933f

2016-08-16 18:27:44 +0200

[diff] [blame]

334

close(fd);

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

return -1;

}

buffer += n;

size -= n;

}

close(fd);

}

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

343

return 0;

344

}

Antoine Pitrou

2013-08-31 00:26:02 +0200

[diff] [blame]

345

346

static void

347

dev_urandom_close(void)

348

{

Antoine Pitrou

2014-04-26 14:33:03 +0200

[diff] [blame]

349

if (urandom_cache.fd >= 0) {

350

close(urandom_cache.fd);

351

urandom_cache.fd = -1;

Antoine Pitrou

2013-08-31 00:26:02 +0200

[diff] [blame]

352

}

353

}

Victor Stinner

dcdb60e

2017-01-06 11:16:20 +0100

[diff] [blame]

354

#endif /* !MS_WINDOWS */

Antoine Pitrou

2013-08-31 00:26:02 +0200

[diff] [blame]

355

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

356

357

/* Fill buffer with pseudo-random bytes generated by a linear congruent

358

generator (LCG):

359

360

x(n+1) = (x(n) * 214013 + 2531011) % 2^32

361

362

Use bits 23..16 of x(n) to generate a byte. */

363

static void

364

lcg_urandom(unsigned int x0, unsigned char *buffer, size_t size)

{

size_t index;

unsigned int x;

x = x0;

for (index=0; index < size; index++) {

371

x *= 214013;

372

x += 2531011;

373

/* modulo 2 ^ (8 * sizeof(int)) */

374

buffer[index] = (x >> 16) & 0xff;

}

}

Victor Stinner

2017-01-06 11:17:52 +0100

[diff] [blame]

378

/* Read random bytes:

379

380

- Return 0 on success

381

- Raise an exception (if raise is non-zero) and return -1 on error

382

383

Used sources of entropy ordered by preference, preferred source first:

384

385

- CryptGenRandom() on Windows

Victor Stinner

2017-01-06 11:17:52 +0100

[diff] [blame]

386

- getrandom() function (ex: Linux and Solaris): call py_getrandom()

Victor Stinner

2017-01-06 11:26:01 +0100

[diff] [blame^]

387

- getentropy() function (ex: OpenBSD): call py_getentropy()

Victor Stinner

2017-01-06 11:17:52 +0100

[diff] [blame]

388

- /dev/urandom device

389

390

Read from the /dev/urandom device if getrandom() or getentropy() function

391

is not available or does not work.

392

Victor Stinner

2017-01-06 11:26:01 +0100

[diff] [blame^]

393

Prefer getrandom() over getentropy() because getrandom() supports blocking

394

and non-blocking mode: see the PEP 524. Python requires non-blocking RNG at

395

startup to initialize its hash secret, but os.urandom() must block until the

396

system urandom is initialized (at least on Linux 3.17 and newer).

397

Victor Stinner

2017-01-06 11:17:52 +0100

[diff] [blame]

398

Prefer getrandom() and getentropy() over reading directly /dev/urandom

399

because these functions don't need file descriptors and so avoid ENFILE or

400

EMFILE errors (too many open files): see the issue #18756.

401

402

Only the getrandom() function supports non-blocking mode.

403

404

Only use RNG running in the kernel. They are more secure because it is

405

harder to get the internal state of a RNG running in the kernel land than a

406

RNG running in the user land. The kernel has a direct access to the hardware

407

and has access to hardware RNG, they are used as entropy sources.

408

409

Note: the OpenSSL RAND_pseudo_bytes() function does not automatically reseed

410

its RNG on fork(), two child processes (with the same pid) generate the same

411

random numbers: see issue #18747. Kernel RNGs don't have this issue,

412

they have access to good quality entropy sources.

If raise is zero:

- Don't raise an exception on error

417

- Don't call the Python signal handler (don't call PyErr_CheckSignals()) if

418

a function fails with EINTR: retry directly the interrupted function

419

- Don't release the GIL to call functions.

420

*/

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

421

static int

Victor Stinner

2016-09-06 16:33:52 -0700

[diff] [blame]

422

pyurandom(void *buffer, Py_ssize_t size, int blocking, int raise)

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

423

{

Victor Stinner

2017-01-06 11:17:52 +0100

[diff] [blame]

424

#if defined(PY_GETRANDOM) || defined(PY_GETENTROPY)

int res;

#endif

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

428

if (size < 0) {

429

if (raise) {

430

PyErr_Format(PyExc_ValueError,

431

"negative argument not allowed");

}

return -1;

}

if (size == 0) {

return 0;

}

#ifdef MS_WINDOWS

return win32_urandom((unsigned char *)buffer, size, raise);

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

442

#else

Victor Stinner

2017-01-06 11:17:52 +0100

[diff] [blame]

443

444

#if defined(PY_GETRANDOM) || defined(PY_GETENTROPY)

Victor Stinner

2017-01-06 11:26:01 +0100

[diff] [blame^]

445

#ifdef PY_GETRANDOM

Victor Stinner

2017-01-06 11:17:52 +0100

[diff] [blame]

446

res = py_getrandom(buffer, size, blocking, raise);

Victor Stinner

2017-01-06 11:26:01 +0100

[diff] [blame^]

447

#else

448

res = py_getentropy(buffer, size, raise);

Victor Stinner

2017-01-06 11:17:52 +0100

[diff] [blame]

#endif

if (res < 0) {

return -1;

}

if (res == 1) {

return 0;

}

/* getrandom() or getentropy() function is not available: failed with

457

ENOSYS or EPERM. Fall back on reading from /dev/urandom. */

458

#endif

459

460

return dev_urandom(buffer, size, raise);

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

#endif

}

Georg Brandl

2013-10-06 18:43:19 +0200

[diff] [blame]

464

/* Fill buffer with size pseudo-random bytes from the operating system random

Serhiy Storchaka

56a6d85

2014-12-01 18:28:43 +0200

[diff] [blame]

465

number generator (RNG). It is suitable for most cryptographic purposes

Georg Brandl

c6a2c9b

2013-10-06 18:43:19 +0200

[diff] [blame]

466

except long living private keys for asymmetric encryption.

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

467

Victor Stinner

2016-09-06 16:33:52 -0700

[diff] [blame]

468

On Linux 3.17 and newer, the getrandom() syscall is used in blocking mode:

469

block until the system urandom entropy pool is initialized (128 bits are

470

collected by the kernel).

471

472

Return 0 on success. Raise an exception and return -1 on error. */

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

473

int

474

_PyOS_URandom(void *buffer, Py_ssize_t size)

475

{

Victor Stinner

2016-09-06 16:33:52 -0700

[diff] [blame]

476

return pyurandom(buffer, size, 1, 1);

477

}

478

479

/* Fill buffer with size pseudo-random bytes from the operating system random

480

number generator (RNG). It is not suitable for cryptographic purpose.

481

482

On Linux 3.17 and newer (when getrandom() syscall is used), if the system

483

urandom is not initialized yet, the function returns "weak" entropy read

484

from /dev/urandom.

485

486

Return 0 on success. Raise an exception and return -1 on error. */

487

int

488

_PyOS_URandomNonblock(void *buffer, Py_ssize_t size)

489

{

490

return pyurandom(buffer, size, 0, 1);

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

}

void

_PyRandom_Init(void)

{

char *env;

Christian Heimes

985ecdc

2013-11-20 11:46:18 +0100

[diff] [blame]

497

unsigned char *secret = (unsigned char *)&_Py_HashSecret.uc;

Benjamin Peterson

2012-02-21 11:08:50 -0500

[diff] [blame]

498

Py_ssize_t secret_size = sizeof(_Py_HashSecret_t);

Serhiy Storchaka

fad85aa

2015-11-07 15:42:38 +0200

[diff] [blame]

499

Py_BUILD_ASSERT(sizeof(_Py_HashSecret_t) == sizeof(_Py_HashSecret.uc));

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

500

Benjamin Peterson

2012-02-21 11:08:50 -0500

[diff] [blame]

501

if (_Py_HashSecret_Initialized)

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

502

return;

Benjamin Peterson

2012-02-21 11:08:50 -0500

[diff] [blame]

503

_Py_HashSecret_Initialized = 1;

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

504

505

/*

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

506

Hash randomization is enabled. Generate a per-process secret,

507

using PYTHONHASHSEED if provided.

508

*/

509

510

env = Py_GETENV("PYTHONHASHSEED");

Georg Brandl

12897d7

2012-02-20 23:49:29 +0100

[diff] [blame]

511

if (env && *env != '\0' && strcmp(env, "random") != 0) {

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

512

char *endptr = env;

513

unsigned long seed;

514

seed = strtoul(env, &endptr, 10);

515

if (*endptr != '\0'

516

|| seed > 4294967295UL

517

|| (errno == ERANGE && seed == ULONG_MAX))

518

{

519

Py_FatalError("PYTHONHASHSEED must be \"random\" or an integer "

520

"in range [0; 4294967295]");

521

}

522

if (seed == 0) {

523

/* disable the randomized hash */

524

memset(secret, 0, secret_size);

525

}

526

else {

Christian Heimes

985ecdc

2013-11-20 11:46:18 +0100

[diff] [blame]

527

lcg_urandom(seed, secret, secret_size);

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

528

}

529

}

530

else {

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

531

int res;

532

533

/* _PyRandom_Init() is called very early in the Python initialization

Victor Stinner

2016-09-06 16:33:52 -0700

[diff] [blame]

534

and so exceptions cannot be used (use raise=0).

535

536

_PyRandom_Init() must not block Python initialization: call

537

pyurandom() is non-blocking mode (blocking=0): see the PEP 524. */

538

res = pyurandom(secret, secret_size, 0, 0);

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

539

if (res < 0) {

540

Py_FatalError("failed to get random numbers to initialize Python");

541

}

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

542

}

543

}

Antoine Pitrou

2013-08-31 00:26:02 +0200

[diff] [blame]

void

_PyRandom_Fini(void)

{

Victor Stinner

d50c3f3

2014-05-02 22:06:44 +0200

[diff] [blame]

548

#ifdef MS_WINDOWS

549

if (hCryptProv) {

Tim Golden

b8ac3e1

2014-05-06 13:29:45 +0100

[diff] [blame]

550

CryptReleaseContext(hCryptProv, 0);

Victor Stinner

d50c3f3

2014-05-02 22:06:44 +0200

[diff] [blame]

551

hCryptProv = 0;

552

}

553

#else

Antoine Pitrou