Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cpython3 / 4bad3b622e119cea330e0c0a8a6dc26b98f17d53 / . / Python / random.c
blob: 7d37fe95753e8622f16860edd9ce97ee8487e4ff [file] [log] [blame]
Georg Brandl2daf6ae2012-02-20 19:54:16 +0100[diff] [blame]1#include "Python.h"
2#ifdef MS_WINDOWS
Victor Stinner59f7fb22015-03-18 14:39:33 +0100[diff] [blame]3# include <windows.h>
Martin Panterd2f87472016-07-29 04:00:44 +0000[diff] [blame]4/* All sample MSDN wincrypt programs include the header below. It is at least
5 * required with Min GW. */
6# include <wincrypt.h>
Georg Brandl2daf6ae2012-02-20 19:54:16 +0100[diff] [blame]7#else
Victor Stinner59f7fb22015-03-18 14:39:33 +0100[diff] [blame]8# include <fcntl.h>
9# ifdef HAVE_SYS_STAT_H
10# include <sys/stat.h>
11# endif
Victor Stinnerdddf4842016-06-07 11:21:42 +0200[diff] [blame]12# ifdef HAVE_LINUX_RANDOM_H
13# include <linux/random.h>
14# endif
Victor Stinnerbae2d622015-10-01 09:47:30 +0200[diff] [blame]15# ifdef HAVE_GETRANDOM
16# include <sys/random.h>
17# elif defined(HAVE_GETRANDOM_SYSCALL)
Victor Stinner59f7fb22015-03-18 14:39:33 +0100[diff] [blame]18# include <sys/syscall.h>
Victor Stinner59f7fb22015-03-18 14:39:33 +0100[diff] [blame]19# endif
Georg Brandl2daf6ae2012-02-20 19:54:16 +0100[diff] [blame]20#endif
21
Benjamin Peterson69e97272012-02-21 11:08:50 -0500[diff] [blame]22#ifdef Py_DEBUG
23int _Py_HashSecret_Initialized = 0;
24#else
25static int _Py_HashSecret_Initialized = 0;
26#endif
Georg Brandl2daf6ae2012-02-20 19:54:16 +0100[diff] [blame]27
28#ifdef MS_WINDOWS
Georg Brandl2daf6ae2012-02-20 19:54:16 +0100[diff] [blame]29static HCRYPTPROV hCryptProv = 0;
30
31static int
32win32_urandom_init(int raise)
33{
Georg Brandl2daf6ae2012-02-20 19:54:16 +0100[diff] [blame]34 /* Acquire context */
Martin v. Löwis3f50bf62013-01-25 14:06:18 +0100[diff] [blame]35 if (!CryptAcquireContext(&hCryptProv, NULL, NULL,
36 PROV_RSA_FULL, CRYPT_VERIFYCONTEXT))
Georg Brandl2daf6ae2012-02-20 19:54:16 +0100[diff] [blame]37 goto error;
38
39 return 0;
40
41error:
Victor Stinner4bad3b62016-08-16 15:23:58 +0200[diff] [blame^]42 if (raise) {
Georg Brandl2daf6ae2012-02-20 19:54:16 +0100[diff] [blame]43 PyErr_SetFromWindowsErr(0);
Victor Stinner4bad3b62016-08-16 15:23:58 +0200[diff] [blame^]44 }
Georg Brandl2daf6ae2012-02-20 19:54:16 +0100[diff] [blame]45 return -1;
46}
47
48/* Fill buffer with size pseudo-random bytes generated by the Windows CryptoGen
Victor Stinner4d6a3d62014-12-21 01:16:38 +0100[diff] [blame]49 API. Return 0 on success, or raise an exception and return -1 on error. */
Georg Brandl2daf6ae2012-02-20 19:54:16 +0100[diff] [blame]50static int
51win32_urandom(unsigned char *buffer, Py_ssize_t size, int raise)
52{
53 Py_ssize_t chunk;
54
55 if (hCryptProv == 0)
56 {
Victor Stinner4bad3b62016-08-16 15:23:58 +0200[diff] [blame^]57 if (win32_urandom_init(raise) == -1) {
Georg Brandl2daf6ae2012-02-20 19:54:16 +0100[diff] [blame]58 return -1;
Victor Stinner4bad3b62016-08-16 15:23:58 +0200[diff] [blame^]59 }
Georg Brandl2daf6ae2012-02-20 19:54:16 +0100[diff] [blame]60 }
61
62 while (size > 0)
63 {
64 chunk = size > INT_MAX ? INT_MAX : size;
Victor Stinner0c083462013-11-15 23:26:25 +0100[diff] [blame]65 if (!CryptGenRandom(hCryptProv, (DWORD)chunk, buffer))
Georg Brandl2daf6ae2012-02-20 19:54:16 +0100[diff] [blame]66 {
67 /* CryptGenRandom() failed */
Victor Stinner4bad3b62016-08-16 15:23:58 +0200[diff] [blame^]68 if (raise) {
Georg Brandl2daf6ae2012-02-20 19:54:16 +0100[diff] [blame]69 PyErr_SetFromWindowsErr(0);
Victor Stinner4bad3b62016-08-16 15:23:58 +0200[diff] [blame^]70 }
Georg Brandl2daf6ae2012-02-20 19:54:16 +0100[diff] [blame]71 return -1;
72 }
73 buffer += chunk;
74 size -= chunk;
75 }
76 return 0;
77}
Georg Brandl2daf6ae2012-02-20 19:54:16 +0100[diff] [blame]78
Martin Panter39b10252016-06-10 08:07:11 +0000[diff] [blame]79/* Issue #25003: Don't use getentropy() on Solaris (available since
80 * Solaris 11.3), it is blocking whereas os.urandom() should not block. */
Victor Stinnerbae2d622015-10-01 09:47:30 +0200[diff] [blame]81#elif defined(HAVE_GETENTROPY) && !defined(sun)
82#define PY_GETENTROPY 1
83
Victor Stinner4d6a3d62014-12-21 01:16:38 +0100[diff] [blame]84/* Fill buffer with size pseudo-random bytes generated by getentropy().
85 Return 0 on success, or raise an exception and return -1 on error.
Georg Brandl2daf6ae2012-02-20 19:54:16 +0100[diff] [blame]86
Victor Stinner4bad3b62016-08-16 15:23:58 +0200[diff] [blame^]87 If raise is zero, don't raise an exception on error. */
Victor Stinner4d6a3d62014-12-21 01:16:38 +0100[diff] [blame]88static int
Victor Stinner4bad3b62016-08-16 15:23:58 +0200[diff] [blame^]89py_getentropy(char *buffer, Py_ssize_t size, int raise)
Victor Stinner4d6a3d62014-12-21 01:16:38 +0100[diff] [blame]90{
91 while (size > 0) {
92 Py_ssize_t len = Py_MIN(size, 256);
Victor Stinner9aa13312015-03-30 11:18:30 +0200[diff] [blame]93 int res;
94
Victor Stinner4bad3b62016-08-16 15:23:58 +0200[diff] [blame^]95 if (raise) {
Victor Stinner9aa13312015-03-30 11:18:30 +0200[diff] [blame]96 Py_BEGIN_ALLOW_THREADS
97 res = getentropy(buffer, len);
98 Py_END_ALLOW_THREADS
Victor Stinner4d6a3d62014-12-21 01:16:38 +0100[diff] [blame]99 }
Victor Stinner9aa13312015-03-30 11:18:30 +0200[diff] [blame]100 else {
101 res = getentropy(buffer, len);
Victor Stinner4bad3b62016-08-16 15:23:58 +0200[diff] [blame^]102 }
103
104 if (res < 0) {
105 if (raise) {
106 PyErr_SetFromErrno(PyExc_OSError);
107 }
108 return -1;
Victor Stinner9aa13312015-03-30 11:18:30 +0200[diff] [blame]109 }
110
Victor Stinner4d6a3d62014-12-21 01:16:38 +0100[diff] [blame]111 buffer += len;
112 size -= len;
113 }
114 return 0;
115}
116
Victor Stinnerbae2d622015-10-01 09:47:30 +0200[diff] [blame]117#else
Victor Stinner59f7fb22015-03-18 14:39:33 +0100[diff] [blame]118
Victor Stinnerbae2d622015-10-01 09:47:30 +0200[diff] [blame]119#if defined(HAVE_GETRANDOM) || defined(HAVE_GETRANDOM_SYSCALL)
120#define PY_GETRANDOM 1
121
Victor Stinner59f7fb22015-03-18 14:39:33 +0100[diff] [blame]122static int
123py_getrandom(void *buffer, Py_ssize_t size, int raise)
124{
Victor Stinnerbae2d622015-10-01 09:47:30 +0200[diff] [blame]125 /* Is getrandom() supported by the running kernel?
126 * Need Linux kernel 3.17 or newer, or Solaris 11.3 or newer */
Victor Stinner59f7fb22015-03-18 14:39:33 +0100[diff] [blame]127 static int getrandom_works = 1;
Victor Stinnerdddf4842016-06-07 11:21:42 +0200[diff] [blame]128
129 /* getrandom() on Linux will block if called before the kernel has
130 * initialized the urandom entropy pool. This will cause Python
131 * to hang on startup if called very early in the boot process -
132 * see https://bugs.python.org/issue26839. To avoid this, use the
133 * GRND_NONBLOCK flag. */
134 const int flags = GRND_NONBLOCK;
Victor Stinnercfb19612016-06-08 10:16:50 +0200[diff] [blame]135
136 char *dest;
Victor Stinnerec721f32016-06-16 23:53:47 +0200[diff] [blame]137 long n;
Victor Stinner59f7fb22015-03-18 14:39:33 +0100[diff] [blame]138
139 if (!getrandom_works)
140 return 0;
141
Victor Stinnercfb19612016-06-08 10:16:50 +0200[diff] [blame]142 dest = buffer;
Victor Stinner59f7fb22015-03-18 14:39:33 +0100[diff] [blame]143 while (0 < size) {
Victor Stinner9d242712016-04-12 22:28:49 +0200[diff] [blame]144#ifdef sun
145 /* Issue #26735: On Solaris, getrandom() is limited to returning up
146 to 1024 bytes */
147 n = Py_MIN(size, 1024);
148#else
Victor Stinnerec721f32016-06-16 23:53:47 +0200[diff] [blame]149 n = Py_MIN(size, LONG_MAX);
Victor Stinner9d242712016-04-12 22:28:49 +0200[diff] [blame]150#endif
Victor Stinner79b74ae2015-03-30 11:16:40 +0200[diff] [blame]151
Victor Stinner9d242712016-04-12 22:28:49 +0200[diff] [blame]152 errno = 0;
Victor Stinnerbae2d622015-10-01 09:47:30 +0200[diff] [blame]153#ifdef HAVE_GETRANDOM
154 if (raise) {
155 Py_BEGIN_ALLOW_THREADS
Victor Stinnercfb19612016-06-08 10:16:50 +0200[diff] [blame]156 n = getrandom(dest, n, flags);
Victor Stinnerbae2d622015-10-01 09:47:30 +0200[diff] [blame]157 Py_END_ALLOW_THREADS
158 }
159 else {
Victor Stinnercfb19612016-06-08 10:16:50 +0200[diff] [blame]160 n = getrandom(dest, n, flags);
Victor Stinnerbae2d622015-10-01 09:47:30 +0200[diff] [blame]161 }
162#else
163 /* On Linux, use the syscall() function because the GNU libc doesn't
164 * expose the Linux getrandom() syscall yet. See:
Victor Stinner59f7fb22015-03-18 14:39:33 +0100[diff] [blame]165 * https://sourceware.org/bugzilla/show_bug.cgi?id=17252 */
Victor Stinner79b74ae2015-03-30 11:16:40 +0200[diff] [blame]166 if (raise) {
167 Py_BEGIN_ALLOW_THREADS
Victor Stinnercfb19612016-06-08 10:16:50 +0200[diff] [blame]168 n = syscall(SYS_getrandom, dest, n, flags);
Victor Stinner79b74ae2015-03-30 11:16:40 +0200[diff] [blame]169 Py_END_ALLOW_THREADS
170 }
171 else {
Victor Stinnercfb19612016-06-08 10:16:50 +0200[diff] [blame]172 n = syscall(SYS_getrandom, dest, n, flags);
Victor Stinner79b74ae2015-03-30 11:16:40 +0200[diff] [blame]173 }
Victor Stinnerbae2d622015-10-01 09:47:30 +0200[diff] [blame]174#endif
Victor Stinner79b74ae2015-03-30 11:16:40 +0200[diff] [blame]175
Victor Stinner59f7fb22015-03-18 14:39:33 +0100[diff] [blame]176 if (n < 0) {
177 if (errno == ENOSYS) {
178 getrandom_works = 0;
179 return 0;
180 }
Victor Stinnerdddf4842016-06-07 11:21:42 +0200[diff] [blame]181 if (errno == EAGAIN) {
182 /* If we failed with EAGAIN, the entropy pool was
183 * uninitialized. In this case, we return failure to fall
184 * back to reading from /dev/urandom.
185 *
186 * Note: In this case the data read will not be random so
187 * should not be used for cryptographic purposes. Retaining
188 * the existing semantics for practical purposes. */
189 getrandom_works = 0;
190 return 0;
191 }
Victor Stinner59f7fb22015-03-18 14:39:33 +0100[diff] [blame]192
193 if (errno == EINTR) {
Victor Stinner59f7fb22015-03-18 14:39:33 +0100[diff] [blame]194 if (PyErr_CheckSignals()) {
Victor Stinner59f7fb22015-03-18 14:39:33 +0100[diff] [blame]195 return -1;
196 }
197 /* retry getrandom() */
198 continue;
199 }
200
Victor Stinner4bad3b62016-08-16 15:23:58 +0200[diff] [blame^]201 if (raise) {
Victor Stinner59f7fb22015-03-18 14:39:33 +0100[diff] [blame]202 PyErr_SetFromErrno(PyExc_OSError);
Victor Stinner4bad3b62016-08-16 15:23:58 +0200[diff] [blame^]203 }
Victor Stinner59f7fb22015-03-18 14:39:33 +0100[diff] [blame]204 return -1;
205 }
206
Victor Stinnercfb19612016-06-08 10:16:50 +0200[diff] [blame]207 dest += n;
Victor Stinner59f7fb22015-03-18 14:39:33 +0100[diff] [blame]208 size -= n;
209 }
210 return 1;
211}
212#endif
213
Antoine Pitroue472aea2014-04-26 14:33:03 +0200[diff] [blame]214static struct {
215 int fd;
216 dev_t st_dev;
217 ino_t st_ino;
218} urandom_cache = { -1 };
Georg Brandl2daf6ae2012-02-20 19:54:16 +0100[diff] [blame]219
Victor Stinner59f7fb22015-03-18 14:39:33 +0100[diff] [blame]220
Georg Brandl2daf6ae2012-02-20 19:54:16 +0100[diff] [blame]221/* Read size bytes from /dev/urandom into buffer.
Victor Stinner4bad3b62016-08-16 15:23:58 +0200[diff] [blame^]222 Return 0 success, or return -1 on error. */
223static int
224dev_urandom_noraise(char *buffer, Py_ssize_t size)
Georg Brandl2daf6ae2012-02-20 19:54:16 +0100[diff] [blame]225{
226 int fd;
227 Py_ssize_t n;
228
229 assert (0 < size);
230
Victor Stinnerbae2d622015-10-01 09:47:30 +0200[diff] [blame]231#ifdef PY_GETRANDOM
Victor Stinner4bad3b62016-08-16 15:23:58 +0200[diff] [blame^]232 if (py_getrandom(buffer, size, 0) == 1) {
233 return 0;
234 }
Victor Stinner59f7fb22015-03-18 14:39:33 +0100[diff] [blame]235 /* getrandom() is not supported by the running kernel, fall back
236 * on reading /dev/urandom */
237#endif
238
Victor Stinnerc7cd12d2015-03-19 23:24:45 +0100[diff] [blame]239 fd = _Py_open_noraise("/dev/urandom", O_RDONLY);
Victor Stinner4bad3b62016-08-16 15:23:58 +0200[diff] [blame^]240 if (fd < 0) {
241 return -1;
242 }
Victor Stinnerc7cd12d2015-03-19 23:24:45 +0100[diff] [blame]243
Georg Brandl2daf6ae2012-02-20 19:54:16 +0100[diff] [blame]244 while (0 < size)
245 {
246 do {
247 n = read(fd, buffer, (size_t)size);
248 } while (n < 0 && errno == EINTR);
Victor Stinner4bad3b62016-08-16 15:23:58 +0200[diff] [blame^]249
250 if (n <= 0) {
Georg Brandl2daf6ae2012-02-20 19:54:16 +0100[diff] [blame]251 /* stop on error or if read(size) returned 0 */
Victor Stinner4bad3b62016-08-16 15:23:58 +0200[diff] [blame^]252 return -1;
Georg Brandl2daf6ae2012-02-20 19:54:16 +0100[diff] [blame]253 }
Victor Stinner4bad3b62016-08-16 15:23:58 +0200[diff] [blame^]254
Georg Brandl2daf6ae2012-02-20 19:54:16 +0100[diff] [blame]255 buffer += n;
Victor Stinnerc72828b2016-06-14 16:35:49 +0200[diff] [blame]256 size -= n;
Georg Brandl2daf6ae2012-02-20 19:54:16 +0100[diff] [blame]257 }
258 close(fd);
Victor Stinner4bad3b62016-08-16 15:23:58 +0200[diff] [blame^]259
260 return 0;
Georg Brandl2daf6ae2012-02-20 19:54:16 +0100[diff] [blame]261}
262
263/* Read size bytes from /dev/urandom into buffer.
264 Return 0 on success, raise an exception and return -1 on error. */
265static int
266dev_urandom_python(char *buffer, Py_ssize_t size)
267{
268 int fd;
269 Py_ssize_t n;
Steve Dowerf2f373f2015-02-21 08:44:05 -0800[diff] [blame]270 struct _Py_stat_struct st;
Victor Stinnerbae2d622015-10-01 09:47:30 +0200[diff] [blame]271#ifdef PY_GETRANDOM
Victor Stinner59f7fb22015-03-18 14:39:33 +0100[diff] [blame]272 int res;
273#endif
Georg Brandl2daf6ae2012-02-20 19:54:16 +0100[diff] [blame]274
275 if (size <= 0)
276 return 0;
277
Victor Stinnerbae2d622015-10-01 09:47:30 +0200[diff] [blame]278#ifdef PY_GETRANDOM
Victor Stinner59f7fb22015-03-18 14:39:33 +0100[diff] [blame]279 res = py_getrandom(buffer, size, 1);
280 if (res < 0)
281 return -1;
282 if (res == 1)
283 return 0;
284 /* getrandom() is not supported by the running kernel, fall back
285 * on reading /dev/urandom */
286#endif
287
Antoine Pitroue472aea2014-04-26 14:33:03 +0200[diff] [blame]288 if (urandom_cache.fd >= 0) {
289 /* Does the fd point to the same thing as before? (issue #21207) */
Victor Stinnere134a7f2015-03-30 10:09:31 +0200[diff] [blame]290 if (_Py_fstat_noraise(urandom_cache.fd, &st)
Antoine Pitroue472aea2014-04-26 14:33:03 +0200[diff] [blame]291 || st.st_dev != urandom_cache.st_dev
292 || st.st_ino != urandom_cache.st_ino) {
293 /* Something changed: forget the cached fd (but don't close it,
294 since it probably points to something important for some
295 third-party code). */
296 urandom_cache.fd = -1;
297 }
298 }
299 if (urandom_cache.fd >= 0)
300 fd = urandom_cache.fd;
Antoine Pitrou4879a962013-08-31 00:26:02 +0200[diff] [blame]301 else {
Antoine Pitrou4879a962013-08-31 00:26:02 +0200[diff] [blame]302 fd = _Py_open("/dev/urandom", O_RDONLY);
Victor Stinnera555cfc2015-03-18 00:22:14 +0100[diff] [blame]303 if (fd < 0) {
Antoine Pitrou4879a962013-08-31 00:26:02 +0200[diff] [blame]304 if (errno == ENOENT || errno == ENXIO ||
305 errno == ENODEV || errno == EACCES)
306 PyErr_SetString(PyExc_NotImplementedError,
307 "/dev/urandom (or equivalent) not found");
Victor Stinnera555cfc2015-03-18 00:22:14 +0100[diff] [blame]308 /* otherwise, keep the OSError exception raised by _Py_open() */
Antoine Pitrou4879a962013-08-31 00:26:02 +0200[diff] [blame]309 return -1;
310 }
Antoine Pitroue472aea2014-04-26 14:33:03 +0200[diff] [blame]311 if (urandom_cache.fd >= 0) {
Antoine Pitrou4879a962013-08-31 00:26:02 +0200[diff] [blame]312 /* urandom_fd was initialized by another thread while we were
313 not holding the GIL, keep it. */
314 close(fd);
Antoine Pitroue472aea2014-04-26 14:33:03 +0200[diff] [blame]315 fd = urandom_cache.fd;
Antoine Pitrou4879a962013-08-31 00:26:02 +0200[diff] [blame]316 }
Antoine Pitroue472aea2014-04-26 14:33:03 +0200[diff] [blame]317 else {
Steve Dowerf2f373f2015-02-21 08:44:05 -0800[diff] [blame]318 if (_Py_fstat(fd, &st)) {
Antoine Pitroue472aea2014-04-26 14:33:03 +0200[diff] [blame]319 close(fd);
320 return -1;
321 }
322 else {
323 urandom_cache.fd = fd;
324 urandom_cache.st_dev = st.st_dev;
325 urandom_cache.st_ino = st.st_ino;
326 }
327 }
Georg Brandl2daf6ae2012-02-20 19:54:16 +0100[diff] [blame]328 }
329
Georg Brandl2daf6ae2012-02-20 19:54:16 +0100[diff] [blame]330 do {
Victor Stinnerc9382eb2015-03-19 23:36:33 +0100[diff] [blame]331 n = _Py_read(fd, buffer, (size_t)size);
332 if (n == -1)
333 return -1;
334 if (n == 0) {
Georg Brandl2daf6ae2012-02-20 19:54:16 +0100[diff] [blame]335 PyErr_Format(PyExc_RuntimeError,
Victor Stinnerc9382eb2015-03-19 23:36:33 +0100[diff] [blame]336 "Failed to read %zi bytes from /dev/urandom",
337 size);
338 return -1;
339 }
340
341 buffer += n;
342 size -= n;
343 } while (0 < size);
344
Georg Brandl2daf6ae2012-02-20 19:54:16 +0100[diff] [blame]345 return 0;
346}
Antoine Pitrou4879a962013-08-31 00:26:02 +0200[diff] [blame]347
348static void
349dev_urandom_close(void)
350{
Antoine Pitroue472aea2014-04-26 14:33:03 +0200[diff] [blame]351 if (urandom_cache.fd >= 0) {
352 close(urandom_cache.fd);
353 urandom_cache.fd = -1;
Antoine Pitrou4879a962013-08-31 00:26:02 +0200[diff] [blame]354 }
355}
356
Victor Stinnerbae2d622015-10-01 09:47:30 +0200[diff] [blame]357#endif
Georg Brandl2daf6ae2012-02-20 19:54:16 +0100[diff] [blame]358
359/* Fill buffer with pseudo-random bytes generated by a linear congruent
360 generator (LCG):
361
362 x(n+1) = (x(n) * 214013 + 2531011) % 2^32
363
364 Use bits 23..16 of x(n) to generate a byte. */
365static void
366lcg_urandom(unsigned int x0, unsigned char *buffer, size_t size)
367{
368 size_t index;
369 unsigned int x;
370
371 x = x0;
372 for (index=0; index < size; index++) {
373 x *= 214013;
374 x += 2531011;
375 /* modulo 2 ^ (8 * sizeof(int)) */
376 buffer[index] = (x >> 16) & 0xff;
377 }
378}
379
Victor Stinner4bad3b62016-08-16 15:23:58 +0200[diff] [blame^]380/* If raise is zero:
381 * - Don't raise exceptions on error
382 * - Don't call PyErr_CheckSignals() on EINTR (retry directly the interrupted
383 * syscall)
384 * - Don't release the GIL to call syscalls. */
385static int
386pyurandom(void *buffer, Py_ssize_t size, int raise)
387{
388 if (size < 0) {
389 if (raise) {
390 PyErr_Format(PyExc_ValueError,
391 "negative argument not allowed");
392 }
393 return -1;
394 }
395
396 if (size == 0) {
397 return 0;
398 }
399
400#ifdef MS_WINDOWS
401 return win32_urandom((unsigned char *)buffer, size, raise);
402#elif defined(PY_GETENTROPY)
403 return py_getentropy(buffer, size, raise);
404#else
405 if (raise) {
406 return dev_urandom_python(buffer, size);
407 }
408 else {
409 return dev_urandom_noraise(buffer, size);
410 }
411#endif
412}
413
Georg Brandlc6a2c9b2013-10-06 18:43:19 +0200[diff] [blame]414/* Fill buffer with size pseudo-random bytes from the operating system random
Serhiy Storchaka56a6d852014-12-01 18:28:43 +0200[diff] [blame]415 number generator (RNG). It is suitable for most cryptographic purposes
Georg Brandlc6a2c9b2013-10-06 18:43:19 +0200[diff] [blame]416 except long living private keys for asymmetric encryption.
Georg Brandl2daf6ae2012-02-20 19:54:16 +0100[diff] [blame]417
418 Return 0 on success, raise an exception and return -1 on error. */
419int
420_PyOS_URandom(void *buffer, Py_ssize_t size)
421{
Victor Stinner4bad3b62016-08-16 15:23:58 +0200[diff] [blame^]422 return pyurandom(buffer, size, 1);
Georg Brandl2daf6ae2012-02-20 19:54:16 +0100[diff] [blame]423}
424
425void
426_PyRandom_Init(void)
427{
428 char *env;
Christian Heimes985ecdc2013-11-20 11:46:18 +0100[diff] [blame]429 unsigned char *secret = (unsigned char *)&_Py_HashSecret.uc;
Benjamin Peterson69e97272012-02-21 11:08:50 -0500[diff] [blame]430 Py_ssize_t secret_size = sizeof(_Py_HashSecret_t);
Serhiy Storchakafad85aa2015-11-07 15:42:38 +0200[diff] [blame]431 Py_BUILD_ASSERT(sizeof(_Py_HashSecret_t) == sizeof(_Py_HashSecret.uc));
Georg Brandl2daf6ae2012-02-20 19:54:16 +0100[diff] [blame]432
Benjamin Peterson69e97272012-02-21 11:08:50 -0500[diff] [blame]433 if (_Py_HashSecret_Initialized)
Georg Brandl2daf6ae2012-02-20 19:54:16 +0100[diff] [blame]434 return;
Benjamin Peterson69e97272012-02-21 11:08:50 -0500[diff] [blame]435 _Py_HashSecret_Initialized = 1;
Georg Brandl2daf6ae2012-02-20 19:54:16 +0100[diff] [blame]436
437 /*
Georg Brandl2daf6ae2012-02-20 19:54:16 +0100[diff] [blame]438 Hash randomization is enabled. Generate a per-process secret,
439 using PYTHONHASHSEED if provided.
440 */
441
442 env = Py_GETENV("PYTHONHASHSEED");
Georg Brandl12897d72012-02-20 23:49:29 +0100[diff] [blame]443 if (env && *env != '\0' && strcmp(env, "random") != 0) {
Georg Brandl2daf6ae2012-02-20 19:54:16 +0100[diff] [blame]444 char *endptr = env;
445 unsigned long seed;
446 seed = strtoul(env, &endptr, 10);
447 if (*endptr != '\0'
448 || seed > 4294967295UL
449 || (errno == ERANGE && seed == ULONG_MAX))
450 {
451 Py_FatalError("PYTHONHASHSEED must be \"random\" or an integer "
452 "in range [0; 4294967295]");
453 }
454 if (seed == 0) {
455 /* disable the randomized hash */
456 memset(secret, 0, secret_size);
457 }
458 else {
Christian Heimes985ecdc2013-11-20 11:46:18 +0100[diff] [blame]459 lcg_urandom(seed, secret, secret_size);
Georg Brandl2daf6ae2012-02-20 19:54:16 +0100[diff] [blame]460 }
461 }
462 else {
Victor Stinner4bad3b62016-08-16 15:23:58 +0200[diff] [blame^]463 int res;
464
465 /* _PyRandom_Init() is called very early in the Python initialization
466 * and so exceptions cannot be used. */
467 res = pyurandom(secret, secret_size, 0);
468 if (res < 0) {
469 Py_FatalError("failed to get random numbers to initialize Python");
470 }
Georg Brandl2daf6ae2012-02-20 19:54:16 +0100[diff] [blame]471 }
472}
Antoine Pitrou4879a962013-08-31 00:26:02 +0200[diff] [blame]473
474void
475_PyRandom_Fini(void)
476{
Victor Stinnerd50c3f32014-05-02 22:06:44 +0200[diff] [blame]477#ifdef MS_WINDOWS
478 if (hCryptProv) {
Tim Goldenb8ac3e12014-05-06 13:29:45 +0100[diff] [blame]479 CryptReleaseContext(hCryptProv, 0);
Victor Stinnerd50c3f32014-05-02 22:06:44 +0200[diff] [blame]480 hCryptProv = 0;
481 }
Victor Stinnerbae2d622015-10-01 09:47:30 +0200[diff] [blame]482#elif defined(PY_GETENTROPY)
Victor Stinner4d6a3d62014-12-21 01:16:38 +0100[diff] [blame]483 /* nothing to clean */
Victor Stinnerd50c3f32014-05-02 22:06:44 +0200[diff] [blame]484#else
Antoine Pitrou4879a962013-08-31 00:26:02 +0200[diff] [blame]485 dev_urandom_close();
486#endif
487}