Georg Brandl | 2daf6ae | 2012-02-20 19:54:16 +0100 | [diff] [blame] | 1 | #include "Python.h" |
| 2 | #ifdef MS_WINDOWS |
| 3 | #include <windows.h> |
| 4 | #else |
| 5 | #include <fcntl.h> |
| 6 | #endif |
| 7 | |
Benjamin Peterson | 69e9727 | 2012-02-21 11:08:50 -0500 | [diff] [blame] | 8 | #ifdef Py_DEBUG |
| 9 | int _Py_HashSecret_Initialized = 0; |
| 10 | #else |
| 11 | static int _Py_HashSecret_Initialized = 0; |
| 12 | #endif |
Georg Brandl | 2daf6ae | 2012-02-20 19:54:16 +0100 | [diff] [blame] | 13 | |
| 14 | #ifdef MS_WINDOWS |
Georg Brandl | 2daf6ae | 2012-02-20 19:54:16 +0100 | [diff] [blame] | 15 | /* This handle is never explicitly released. Instead, the operating |
| 16 | system will release it when the process terminates. */ |
| 17 | static HCRYPTPROV hCryptProv = 0; |
| 18 | |
| 19 | static int |
| 20 | win32_urandom_init(int raise) |
| 21 | { |
Georg Brandl | 2daf6ae | 2012-02-20 19:54:16 +0100 | [diff] [blame] | 22 | /* Acquire context */ |
Martin v. Löwis | 3f50bf6 | 2013-01-25 14:06:18 +0100 | [diff] [blame^] | 23 | if (!CryptAcquireContext(&hCryptProv, NULL, NULL, |
| 24 | PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) |
Georg Brandl | 2daf6ae | 2012-02-20 19:54:16 +0100 | [diff] [blame] | 25 | goto error; |
| 26 | |
| 27 | return 0; |
| 28 | |
| 29 | error: |
| 30 | if (raise) |
| 31 | PyErr_SetFromWindowsErr(0); |
| 32 | else |
| 33 | Py_FatalError("Failed to initialize Windows random API (CryptoGen)"); |
| 34 | return -1; |
| 35 | } |
| 36 | |
| 37 | /* Fill buffer with size pseudo-random bytes generated by the Windows CryptoGen |
| 38 | API. Return 0 on success, or -1 on error. */ |
| 39 | static int |
| 40 | win32_urandom(unsigned char *buffer, Py_ssize_t size, int raise) |
| 41 | { |
| 42 | Py_ssize_t chunk; |
| 43 | |
| 44 | if (hCryptProv == 0) |
| 45 | { |
| 46 | if (win32_urandom_init(raise) == -1) |
| 47 | return -1; |
| 48 | } |
| 49 | |
| 50 | while (size > 0) |
| 51 | { |
| 52 | chunk = size > INT_MAX ? INT_MAX : size; |
Martin v. Löwis | 3f50bf6 | 2013-01-25 14:06:18 +0100 | [diff] [blame^] | 53 | if (!CryptGenRandom(hCryptProv, chunk, buffer)) |
Georg Brandl | 2daf6ae | 2012-02-20 19:54:16 +0100 | [diff] [blame] | 54 | { |
| 55 | /* CryptGenRandom() failed */ |
| 56 | if (raise) |
| 57 | PyErr_SetFromWindowsErr(0); |
| 58 | else |
| 59 | Py_FatalError("Failed to initialized the randomized hash " |
| 60 | "secret using CryptoGen)"); |
| 61 | return -1; |
| 62 | } |
| 63 | buffer += chunk; |
| 64 | size -= chunk; |
| 65 | } |
| 66 | return 0; |
| 67 | } |
| 68 | #endif /* MS_WINDOWS */ |
| 69 | |
| 70 | |
| 71 | #ifdef __VMS |
| 72 | /* Use openssl random routine */ |
| 73 | #include <openssl/rand.h> |
| 74 | static int |
| 75 | vms_urandom(unsigned char *buffer, Py_ssize_t size, int raise) |
| 76 | { |
| 77 | if (RAND_pseudo_bytes(buffer, size) < 0) { |
| 78 | if (raise) { |
| 79 | PyErr_Format(PyExc_ValueError, |
| 80 | "RAND_pseudo_bytes"); |
| 81 | } else { |
| 82 | Py_FatalError("Failed to initialize the randomized hash " |
| 83 | "secret using RAND_pseudo_bytes"); |
| 84 | } |
| 85 | return -1; |
| 86 | } |
| 87 | return 0; |
| 88 | } |
| 89 | #endif /* __VMS */ |
| 90 | |
| 91 | |
| 92 | #if !defined(MS_WINDOWS) && !defined(__VMS) |
| 93 | |
| 94 | /* Read size bytes from /dev/urandom into buffer. |
| 95 | Call Py_FatalError() on error. */ |
| 96 | static void |
| 97 | dev_urandom_noraise(char *buffer, Py_ssize_t size) |
| 98 | { |
| 99 | int fd; |
| 100 | Py_ssize_t n; |
| 101 | |
| 102 | assert (0 < size); |
| 103 | |
| 104 | fd = open("/dev/urandom", O_RDONLY); |
| 105 | if (fd < 0) |
| 106 | Py_FatalError("Failed to open /dev/urandom"); |
| 107 | |
| 108 | while (0 < size) |
| 109 | { |
| 110 | do { |
| 111 | n = read(fd, buffer, (size_t)size); |
| 112 | } while (n < 0 && errno == EINTR); |
| 113 | if (n <= 0) |
| 114 | { |
| 115 | /* stop on error or if read(size) returned 0 */ |
| 116 | Py_FatalError("Failed to read bytes from /dev/urandom"); |
| 117 | break; |
| 118 | } |
| 119 | buffer += n; |
| 120 | size -= (Py_ssize_t)n; |
| 121 | } |
| 122 | close(fd); |
| 123 | } |
| 124 | |
| 125 | /* Read size bytes from /dev/urandom into buffer. |
| 126 | Return 0 on success, raise an exception and return -1 on error. */ |
| 127 | static int |
| 128 | dev_urandom_python(char *buffer, Py_ssize_t size) |
| 129 | { |
| 130 | int fd; |
| 131 | Py_ssize_t n; |
| 132 | |
| 133 | if (size <= 0) |
| 134 | return 0; |
| 135 | |
| 136 | Py_BEGIN_ALLOW_THREADS |
| 137 | fd = open("/dev/urandom", O_RDONLY); |
| 138 | Py_END_ALLOW_THREADS |
| 139 | if (fd < 0) |
| 140 | { |
Antoine Pitrou | 380c55c | 2012-09-07 23:49:07 +0200 | [diff] [blame] | 141 | PyErr_SetString(PyExc_NotImplementedError, |
| 142 | "/dev/urandom (or equivalent) not found"); |
Georg Brandl | 2daf6ae | 2012-02-20 19:54:16 +0100 | [diff] [blame] | 143 | return -1; |
| 144 | } |
| 145 | |
| 146 | Py_BEGIN_ALLOW_THREADS |
| 147 | do { |
| 148 | do { |
| 149 | n = read(fd, buffer, (size_t)size); |
| 150 | } while (n < 0 && errno == EINTR); |
| 151 | if (n <= 0) |
| 152 | break; |
| 153 | buffer += n; |
| 154 | size -= (Py_ssize_t)n; |
| 155 | } while (0 < size); |
| 156 | Py_END_ALLOW_THREADS |
| 157 | |
| 158 | if (n <= 0) |
| 159 | { |
| 160 | /* stop on error or if read(size) returned 0 */ |
| 161 | if (n < 0) |
| 162 | PyErr_SetFromErrno(PyExc_OSError); |
| 163 | else |
| 164 | PyErr_Format(PyExc_RuntimeError, |
| 165 | "Failed to read %zi bytes from /dev/urandom", |
| 166 | size); |
| 167 | close(fd); |
| 168 | return -1; |
| 169 | } |
| 170 | close(fd); |
| 171 | return 0; |
| 172 | } |
| 173 | #endif /* !defined(MS_WINDOWS) && !defined(__VMS) */ |
| 174 | |
| 175 | /* Fill buffer with pseudo-random bytes generated by a linear congruent |
| 176 | generator (LCG): |
| 177 | |
| 178 | x(n+1) = (x(n) * 214013 + 2531011) % 2^32 |
| 179 | |
| 180 | Use bits 23..16 of x(n) to generate a byte. */ |
| 181 | static void |
| 182 | lcg_urandom(unsigned int x0, unsigned char *buffer, size_t size) |
| 183 | { |
| 184 | size_t index; |
| 185 | unsigned int x; |
| 186 | |
| 187 | x = x0; |
| 188 | for (index=0; index < size; index++) { |
| 189 | x *= 214013; |
| 190 | x += 2531011; |
| 191 | /* modulo 2 ^ (8 * sizeof(int)) */ |
| 192 | buffer[index] = (x >> 16) & 0xff; |
| 193 | } |
| 194 | } |
| 195 | |
| 196 | /* Fill buffer with size pseudo-random bytes, not suitable for cryptographic |
| 197 | use, from the operating random number generator (RNG). |
| 198 | |
| 199 | Return 0 on success, raise an exception and return -1 on error. */ |
| 200 | int |
| 201 | _PyOS_URandom(void *buffer, Py_ssize_t size) |
| 202 | { |
| 203 | if (size < 0) { |
| 204 | PyErr_Format(PyExc_ValueError, |
| 205 | "negative argument not allowed"); |
| 206 | return -1; |
| 207 | } |
| 208 | if (size == 0) |
| 209 | return 0; |
| 210 | |
| 211 | #ifdef MS_WINDOWS |
| 212 | return win32_urandom((unsigned char *)buffer, size, 1); |
| 213 | #else |
| 214 | # ifdef __VMS |
| 215 | return vms_urandom((unsigned char *)buffer, size, 1); |
| 216 | # else |
| 217 | return dev_urandom_python((char*)buffer, size); |
| 218 | # endif |
| 219 | #endif |
| 220 | } |
| 221 | |
| 222 | void |
| 223 | _PyRandom_Init(void) |
| 224 | { |
| 225 | char *env; |
| 226 | void *secret = &_Py_HashSecret; |
Benjamin Peterson | 69e9727 | 2012-02-21 11:08:50 -0500 | [diff] [blame] | 227 | Py_ssize_t secret_size = sizeof(_Py_HashSecret_t); |
Georg Brandl | 2daf6ae | 2012-02-20 19:54:16 +0100 | [diff] [blame] | 228 | |
Benjamin Peterson | 69e9727 | 2012-02-21 11:08:50 -0500 | [diff] [blame] | 229 | if (_Py_HashSecret_Initialized) |
Georg Brandl | 2daf6ae | 2012-02-20 19:54:16 +0100 | [diff] [blame] | 230 | return; |
Benjamin Peterson | 69e9727 | 2012-02-21 11:08:50 -0500 | [diff] [blame] | 231 | _Py_HashSecret_Initialized = 1; |
Georg Brandl | 2daf6ae | 2012-02-20 19:54:16 +0100 | [diff] [blame] | 232 | |
| 233 | /* |
Georg Brandl | 2daf6ae | 2012-02-20 19:54:16 +0100 | [diff] [blame] | 234 | Hash randomization is enabled. Generate a per-process secret, |
| 235 | using PYTHONHASHSEED if provided. |
| 236 | */ |
| 237 | |
| 238 | env = Py_GETENV("PYTHONHASHSEED"); |
Georg Brandl | 12897d7 | 2012-02-20 23:49:29 +0100 | [diff] [blame] | 239 | if (env && *env != '\0' && strcmp(env, "random") != 0) { |
Georg Brandl | 2daf6ae | 2012-02-20 19:54:16 +0100 | [diff] [blame] | 240 | char *endptr = env; |
| 241 | unsigned long seed; |
| 242 | seed = strtoul(env, &endptr, 10); |
| 243 | if (*endptr != '\0' |
| 244 | || seed > 4294967295UL |
| 245 | || (errno == ERANGE && seed == ULONG_MAX)) |
| 246 | { |
| 247 | Py_FatalError("PYTHONHASHSEED must be \"random\" or an integer " |
| 248 | "in range [0; 4294967295]"); |
| 249 | } |
| 250 | if (seed == 0) { |
| 251 | /* disable the randomized hash */ |
| 252 | memset(secret, 0, secret_size); |
| 253 | } |
| 254 | else { |
| 255 | lcg_urandom(seed, (unsigned char*)secret, secret_size); |
| 256 | } |
| 257 | } |
| 258 | else { |
| 259 | #ifdef MS_WINDOWS |
| 260 | (void)win32_urandom((unsigned char *)secret, secret_size, 0); |
| 261 | #else /* #ifdef MS_WINDOWS */ |
| 262 | # ifdef __VMS |
| 263 | vms_urandom((unsigned char *)secret, secret_size, 0); |
| 264 | # else |
| 265 | dev_urandom_noraise((char*)secret, secret_size); |
| 266 | # endif |
| 267 | #endif |
| 268 | } |
| 269 | } |