Blame - Python/random.c - platform/external/python/cpython3

blob: dcc3aab79f4f2c543f9f55267dbaceefd33bbb36 [file] [log] [blame]

Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	1	#include "Python.h"
				2	#ifdef MS_WINDOWS
Victor Stinner	59f7fb2	2015-03-18 14:39:33 +0100	[diff] [blame]	3	# include <windows.h>
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	4	#else
Victor Stinner	59f7fb2	2015-03-18 14:39:33 +0100	[diff] [blame]	5	# include <fcntl.h>
				6	# ifdef HAVE_SYS_STAT_H
				7	# include <sys/stat.h>
				8	# endif
				9	# ifdef HAVE_SYS_SYSCALL_H
				10	# include <sys/syscall.h>
				11	# if defined(__linux__) && defined(SYS_getrandom)
				12	# define HAVE_GETRANDOM
				13	# endif
				14	# endif
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	15	#endif
				16
Benjamin Peterson	69e9727	2012-02-21 11:08:50 -0500	[diff] [blame]	17	#ifdef Py_DEBUG
				18	int _Py_HashSecret_Initialized = 0;
				19	#else
				20	static int _Py_HashSecret_Initialized = 0;
				21	#endif
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	22
				23	#ifdef MS_WINDOWS
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	24	static HCRYPTPROV hCryptProv = 0;
				25
				26	static int
				27	win32_urandom_init(int raise)
				28	{
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	29	/* Acquire context */
Martin v. Löwis	3f50bf6	2013-01-25 14:06:18 +0100	[diff] [blame]	30	if (!CryptAcquireContext(&hCryptProv, NULL, NULL,
				31	PROV_RSA_FULL, CRYPT_VERIFYCONTEXT))
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	32	goto error;
				33
				34	return 0;
				35
				36	error:
				37	if (raise)
				38	PyErr_SetFromWindowsErr(0);
				39	else
				40	Py_FatalError("Failed to initialize Windows random API (CryptoGen)");
				41	return -1;
				42	}
				43
				44	/* Fill buffer with size pseudo-random bytes generated by the Windows CryptoGen
Victor Stinner	4d6a3d6	2014-12-21 01:16:38 +0100	[diff] [blame]	45	API. Return 0 on success, or raise an exception and return -1 on error. */
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	46	static int
				47	win32_urandom(unsigned char *buffer, Py_ssize_t size, int raise)
				48	{
				49	Py_ssize_t chunk;
				50
				51	if (hCryptProv == 0)
				52	{
				53	if (win32_urandom_init(raise) == -1)
				54	return -1;
				55	}
				56
				57	while (size > 0)
				58	{
				59	chunk = size > INT_MAX ? INT_MAX : size;
Victor Stinner	0c08346	2013-11-15 23:26:25 +0100	[diff] [blame]	60	if (!CryptGenRandom(hCryptProv, (DWORD)chunk, buffer))
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	61	{
				62	/* CryptGenRandom() failed */
				63	if (raise)
				64	PyErr_SetFromWindowsErr(0);
				65	else
				66	Py_FatalError("Failed to initialized the randomized hash "
				67	"secret using CryptoGen)");
				68	return -1;
				69	}
				70	buffer += chunk;
				71	size -= chunk;
				72	}
				73	return 0;
				74	}
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	75
Victor Stinner	4d6a3d6	2014-12-21 01:16:38 +0100	[diff] [blame]	76	#elif HAVE_GETENTROPY
				77	/* Fill buffer with size pseudo-random bytes generated by getentropy().
				78	Return 0 on success, or raise an exception and return -1 on error.
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	79
Victor Stinner	4d6a3d6	2014-12-21 01:16:38 +0100	[diff] [blame]	80	If fatal is nonzero, call Py_FatalError() instead of raising an exception
				81	on error. */
				82	static int
				83	py_getentropy(unsigned char *buffer, Py_ssize_t size, int fatal)
				84	{
				85	while (size > 0) {
				86	Py_ssize_t len = Py_MIN(size, 256);
				87	int res = getentropy(buffer, len);
				88	if (res < 0) {
				89	if (fatal) {
				90	Py_FatalError("getentropy() failed");
				91	}
				92	else {
				93	PyErr_SetFromErrno(PyExc_OSError);
				94	return -1;
				95	}
				96	}
				97	buffer += len;
				98	size -= len;
				99	}
				100	return 0;
				101	}
				102
Victor Stinner	59f7fb2	2015-03-18 14:39:33 +0100	[diff] [blame]	103	#else /* !HAVE_GETENTROPY */
				104
				105	#ifdef HAVE_GETRANDOM
				106	static int
				107	py_getrandom(void *buffer, Py_ssize_t size, int raise)
				108	{
				109	/* is getrandom() supported by the running kernel?
				110	* need Linux kernel 3.17 or later */
				111	static int getrandom_works = 1;
				112	/* Use /dev/urandom, block if the kernel has no entropy */
				113	const int flags = 0;
				114	int n;
				115
				116	if (!getrandom_works)
				117	return 0;
				118
				119	while (0 < size) {
				120	errno = 0;
				121	/* the libc doesn't expose getrandom() yet, see:
				122	* https://sourceware.org/bugzilla/show_bug.cgi?id=17252 */
				123	n = syscall(SYS_getrandom, buffer, size, flags);
				124	if (n < 0) {
				125	if (errno == ENOSYS) {
				126	getrandom_works = 0;
				127	return 0;
				128	}
				129
				130	if (errno == EINTR) {
				131	/* Note: EINTR should not occur with flags=0 */
				132	if (PyErr_CheckSignals()) {
				133	if (!raise)
				134	Py_FatalError("getrandom() interrupted by a signal");
				135	return -1;
				136	}
				137	/* retry getrandom() */
				138	continue;
				139	}
				140
				141	if (raise)
				142	PyErr_SetFromErrno(PyExc_OSError);
				143	else
				144	Py_FatalError("getrandom() failed");
				145	return -1;
				146	}
				147
				148	buffer += n;
				149	size -= n;
				150	}
				151	return 1;
				152	}
				153	#endif
				154
Antoine Pitrou	e472aea	2014-04-26 14:33:03 +0200	[diff] [blame]	155	static struct {
				156	int fd;
				157	dev_t st_dev;
				158	ino_t st_ino;
				159	} urandom_cache = { -1 };
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	160
Victor Stinner	59f7fb2	2015-03-18 14:39:33 +0100	[diff] [blame]	161
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	162	/* Read size bytes from /dev/urandom into buffer.
				163	Call Py_FatalError() on error. */
				164	static void
Christian Heimes	985ecdc	2013-11-20 11:46:18 +0100	[diff] [blame]	165	dev_urandom_noraise(unsigned char *buffer, Py_ssize_t size)
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	166	{
				167	int fd;
				168	Py_ssize_t n;
				169
				170	assert (0 < size);
				171
Victor Stinner	a555cfc	2015-03-18 00:22:14 +0100	[diff] [blame]	172	fd = _Py_open_noraise("/dev/urandom", O_RDONLY);
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	173	if (fd < 0)
				174	Py_FatalError("Failed to open /dev/urandom");
				175
Victor Stinner	59f7fb2	2015-03-18 14:39:33 +0100	[diff] [blame]	176	#ifdef HAVE_GETRANDOM
				177	if (py_getrandom(buffer, size, 0) == 1)
				178	return;
				179	/* getrandom() is not supported by the running kernel, fall back
				180	* on reading /dev/urandom */
				181	#endif
				182
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	183	while (0 < size)
				184	{
				185	do {
				186	n = read(fd, buffer, (size_t)size);
				187	} while (n < 0 && errno == EINTR);
				188	if (n <= 0)
				189	{
				190	/* stop on error or if read(size) returned 0 */
				191	Py_FatalError("Failed to read bytes from /dev/urandom");
				192	break;
				193	}
				194	buffer += n;
				195	size -= (Py_ssize_t)n;
				196	}
				197	close(fd);
				198	}
				199
				200	/* Read size bytes from /dev/urandom into buffer.
				201	Return 0 on success, raise an exception and return -1 on error. */
				202	static int
				203	dev_urandom_python(char *buffer, Py_ssize_t size)
				204	{
				205	int fd;
				206	Py_ssize_t n;
Steve Dower	f2f373f	2015-02-21 08:44:05 -0800	[diff] [blame]	207	struct _Py_stat_struct st;
Victor Stinner	59f7fb2	2015-03-18 14:39:33 +0100	[diff] [blame]	208	#ifdef HAVE_GETRANDOM
				209	int res;
				210	#endif
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	211
				212	if (size <= 0)
				213	return 0;
				214
Victor Stinner	59f7fb2	2015-03-18 14:39:33 +0100	[diff] [blame]	215	#ifdef HAVE_GETRANDOM
				216	res = py_getrandom(buffer, size, 1);
				217	if (res < 0)
				218	return -1;
				219	if (res == 1)
				220	return 0;
				221	/* getrandom() is not supported by the running kernel, fall back
				222	* on reading /dev/urandom */
				223	#endif
				224
Antoine Pitrou	e472aea	2014-04-26 14:33:03 +0200	[diff] [blame]	225	if (urandom_cache.fd >= 0) {
				226	/* Does the fd point to the same thing as before? (issue #21207) */
Steve Dower	f2f373f	2015-02-21 08:44:05 -0800	[diff] [blame]	227	if (_Py_fstat(urandom_cache.fd, &st)
Antoine Pitrou	e472aea	2014-04-26 14:33:03 +0200	[diff] [blame]	228	\|\| st.st_dev != urandom_cache.st_dev
				229	\|\| st.st_ino != urandom_cache.st_ino) {
				230	/* Something changed: forget the cached fd (but don't close it,
				231	since it probably points to something important for some
				232	third-party code). */
				233	urandom_cache.fd = -1;
				234	}
				235	}
				236	if (urandom_cache.fd >= 0)
				237	fd = urandom_cache.fd;
Antoine Pitrou	4879a96	2013-08-31 00:26:02 +0200	[diff] [blame]	238	else {
Antoine Pitrou	4879a96	2013-08-31 00:26:02 +0200	[diff] [blame]	239	fd = _Py_open("/dev/urandom", O_RDONLY);
Victor Stinner	a555cfc	2015-03-18 00:22:14 +0100	[diff] [blame]	240	if (fd < 0) {
Antoine Pitrou	4879a96	2013-08-31 00:26:02 +0200	[diff] [blame]	241	if (errno == ENOENT \|\| errno == ENXIO \|\|
				242	errno == ENODEV \|\| errno == EACCES)
				243	PyErr_SetString(PyExc_NotImplementedError,
				244	"/dev/urandom (or equivalent) not found");
Victor Stinner	a555cfc	2015-03-18 00:22:14 +0100	[diff] [blame]	245	/* otherwise, keep the OSError exception raised by _Py_open() */
Antoine Pitrou	4879a96	2013-08-31 00:26:02 +0200	[diff] [blame]	246	return -1;
				247	}
Antoine Pitrou	e472aea	2014-04-26 14:33:03 +0200	[diff] [blame]	248	if (urandom_cache.fd >= 0) {
Antoine Pitrou	4879a96	2013-08-31 00:26:02 +0200	[diff] [blame]	249	/* urandom_fd was initialized by another thread while we were
				250	not holding the GIL, keep it. */
				251	close(fd);
Antoine Pitrou	e472aea	2014-04-26 14:33:03 +0200	[diff] [blame]	252	fd = urandom_cache.fd;
Antoine Pitrou	4879a96	2013-08-31 00:26:02 +0200	[diff] [blame]	253	}
Antoine Pitrou	e472aea	2014-04-26 14:33:03 +0200	[diff] [blame]	254	else {
Steve Dower	f2f373f	2015-02-21 08:44:05 -0800	[diff] [blame]	255	if (_Py_fstat(fd, &st)) {
Antoine Pitrou	e472aea	2014-04-26 14:33:03 +0200	[diff] [blame]	256	PyErr_SetFromErrno(PyExc_OSError);
				257	close(fd);
				258	return -1;
				259	}
				260	else {
				261	urandom_cache.fd = fd;
				262	urandom_cache.st_dev = st.st_dev;
				263	urandom_cache.st_ino = st.st_ino;
				264	}
				265	}
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	266	}
				267
				268	Py_BEGIN_ALLOW_THREADS
				269	do {
				270	do {
				271	n = read(fd, buffer, (size_t)size);
				272	} while (n < 0 && errno == EINTR);
				273	if (n <= 0)
				274	break;
				275	buffer += n;
				276	size -= (Py_ssize_t)n;
				277	} while (0 < size);
				278	Py_END_ALLOW_THREADS
				279
				280	if (n <= 0)
				281	{
				282	/* stop on error or if read(size) returned 0 */
				283	if (n < 0)
				284	PyErr_SetFromErrno(PyExc_OSError);
				285	else
				286	PyErr_Format(PyExc_RuntimeError,
				287	"Failed to read %zi bytes from /dev/urandom",
				288	size);
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	289	return -1;
				290	}
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	291	return 0;
				292	}
Antoine Pitrou	4879a96	2013-08-31 00:26:02 +0200	[diff] [blame]	293
				294	static void
				295	dev_urandom_close(void)
				296	{
Antoine Pitrou	e472aea	2014-04-26 14:33:03 +0200	[diff] [blame]	297	if (urandom_cache.fd >= 0) {
				298	close(urandom_cache.fd);
				299	urandom_cache.fd = -1;
Antoine Pitrou	4879a96	2013-08-31 00:26:02 +0200	[diff] [blame]	300	}
				301	}
				302
Victor Stinner	4d6a3d6	2014-12-21 01:16:38 +0100	[diff] [blame]	303	#endif /* HAVE_GETENTROPY */
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	304
				305	/* Fill buffer with pseudo-random bytes generated by a linear congruent
				306	generator (LCG):
				307
				308	x(n+1) = (x(n) * 214013 + 2531011) % 2^32
				309
				310	Use bits 23..16 of x(n) to generate a byte. */
				311	static void
				312	lcg_urandom(unsigned int x0, unsigned char *buffer, size_t size)
				313	{
				314	size_t index;
				315	unsigned int x;
				316
				317	x = x0;
				318	for (index=0; index < size; index++) {
				319	x *= 214013;
				320	x += 2531011;
				321	/* modulo 2 ^ (8 * sizeof(int)) */
				322	buffer[index] = (x >> 16) & 0xff;
				323	}
				324	}
				325
Georg Brandl	c6a2c9b	2013-10-06 18:43:19 +0200	[diff] [blame]	326	/* Fill buffer with size pseudo-random bytes from the operating system random
Serhiy Storchaka	56a6d85	2014-12-01 18:28:43 +0200	[diff] [blame]	327	number generator (RNG). It is suitable for most cryptographic purposes
Georg Brandl	c6a2c9b	2013-10-06 18:43:19 +0200	[diff] [blame]	328	except long living private keys for asymmetric encryption.
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	329
				330	Return 0 on success, raise an exception and return -1 on error. */
				331	int
				332	_PyOS_URandom(void *buffer, Py_ssize_t size)
				333	{
				334	if (size < 0) {
				335	PyErr_Format(PyExc_ValueError,
				336	"negative argument not allowed");
				337	return -1;
				338	}
				339	if (size == 0)
				340	return 0;
				341
				342	#ifdef MS_WINDOWS
				343	return win32_urandom((unsigned char *)buffer, size, 1);
Victor Stinner	4d6a3d6	2014-12-21 01:16:38 +0100	[diff] [blame]	344	#elif HAVE_GETENTROPY
				345	return py_getentropy(buffer, size, 0);
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	346	#else
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	347	return dev_urandom_python((char*)buffer, size);
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	348	#endif
				349	}
				350
				351	void
				352	_PyRandom_Init(void)
				353	{
				354	char *env;
Christian Heimes	985ecdc	2013-11-20 11:46:18 +0100	[diff] [blame]	355	unsigned char secret = (unsigned char )&_Py_HashSecret.uc;
Benjamin Peterson	69e9727	2012-02-21 11:08:50 -0500	[diff] [blame]	356	Py_ssize_t secret_size = sizeof(_Py_HashSecret_t);
Christian Heimes	985ecdc	2013-11-20 11:46:18 +0100	[diff] [blame]	357	assert(secret_size == sizeof(_Py_HashSecret.uc));
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	358
Benjamin Peterson	69e9727	2012-02-21 11:08:50 -0500	[diff] [blame]	359	if (_Py_HashSecret_Initialized)
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	360	return;
Benjamin Peterson	69e9727	2012-02-21 11:08:50 -0500	[diff] [blame]	361	_Py_HashSecret_Initialized = 1;
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	362
				363	/*
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	364	Hash randomization is enabled. Generate a per-process secret,
				365	using PYTHONHASHSEED if provided.
				366	*/
				367
				368	env = Py_GETENV("PYTHONHASHSEED");
Georg Brandl	12897d7	2012-02-20 23:49:29 +0100	[diff] [blame]	369	if (env && *env != '\0' && strcmp(env, "random") != 0) {
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	370	char *endptr = env;
				371	unsigned long seed;
				372	seed = strtoul(env, &endptr, 10);
				373	if (*endptr != '\0'
				374	\|\| seed > 4294967295UL
				375	\|\| (errno == ERANGE && seed == ULONG_MAX))
				376	{
				377	Py_FatalError("PYTHONHASHSEED must be \"random\" or an integer "
				378	"in range [0; 4294967295]");
				379	}
				380	if (seed == 0) {
				381	/* disable the randomized hash */
				382	memset(secret, 0, secret_size);
				383	}
				384	else {
Christian Heimes	985ecdc	2013-11-20 11:46:18 +0100	[diff] [blame]	385	lcg_urandom(seed, secret, secret_size);
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	386	}
				387	}
				388	else {
				389	#ifdef MS_WINDOWS
Christian Heimes	985ecdc	2013-11-20 11:46:18 +0100	[diff] [blame]	390	(void)win32_urandom(secret, secret_size, 0);
Victor Stinner	4d6a3d6	2014-12-21 01:16:38 +0100	[diff] [blame]	391	#elif HAVE_GETENTROPY
				392	(void)py_getentropy(secret, secret_size, 1);
Christian Heimes	af01f66	2013-12-21 16:19:10 +0100	[diff] [blame]	393	#else
Christian Heimes	985ecdc	2013-11-20 11:46:18 +0100	[diff] [blame]	394	dev_urandom_noraise(secret, secret_size);
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	395	#endif
				396	}
				397	}
Antoine Pitrou	4879a96	2013-08-31 00:26:02 +0200	[diff] [blame]	398
				399	void
				400	_PyRandom_Fini(void)
				401	{
Victor Stinner	d50c3f3	2014-05-02 22:06:44 +0200	[diff] [blame]	402	#ifdef MS_WINDOWS
				403	if (hCryptProv) {
Tim Golden	b8ac3e1	2014-05-06 13:29:45 +0100	[diff] [blame]	404	CryptReleaseContext(hCryptProv, 0);
Victor Stinner	d50c3f3	2014-05-02 22:06:44 +0200	[diff] [blame]	405	hCryptProv = 0;
				406	}
Victor Stinner	4d6a3d6	2014-12-21 01:16:38 +0100	[diff] [blame]	407	#elif HAVE_GETENTROPY
				408	/* nothing to clean */
Victor Stinner	d50c3f3	2014-05-02 22:06:44 +0200	[diff] [blame]	409	#else
Antoine Pitrou	4879a96	2013-08-31 00:26:02 +0200	[diff] [blame]	410	dev_urandom_close();
				411	#endif
				412	}