Blame - Python/random.c - platform/external/python/cpython3

2012-02-20 19:54:16 +0100

[diff] [blame]

1

#include "Python.h"

2

#ifdef MS_WINDOWS

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

3

# include <windows.h>

Martin Panter

d2f8747

2016-07-29 04:00:44 +0000

[diff] [blame]

4

/* All sample MSDN wincrypt programs include the header below. It is at least

5

* required with Min GW. */

6

# include <wincrypt.h>

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

7

#else

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

8

# include <fcntl.h>

9

# ifdef HAVE_SYS_STAT_H

10

# include <sys/stat.h>

11

# endif

Victor Stinner

dddf484

2016-06-07 11:21:42 +0200

[diff] [blame]

12

# ifdef HAVE_LINUX_RANDOM_H

13

# include <linux/random.h>

14

# endif

Victor Stinner

2015-10-01 09:47:30 +0200

[diff] [blame]

15

# ifdef HAVE_GETRANDOM

16

# include <sys/random.h>

17

# elif defined(HAVE_GETRANDOM_SYSCALL)

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

18

# include <sys/syscall.h>

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

19

# endif

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

20

#endif

21

Benjamin Peterson

2012-02-21 11:08:50 -0500

[diff] [blame]

22

#ifdef Py_DEBUG

23

int _Py_HashSecret_Initialized = 0;

24

#else

25

static int _Py_HashSecret_Initialized = 0;

26

#endif

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

27

28

#ifdef MS_WINDOWS

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

29

static HCRYPTPROV hCryptProv = 0;

30

31

static int

32

win32_urandom_init(int raise)

33

{

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

34

/* Acquire context */

Martin v. Löwis

3f50bf6

2013-01-25 14:06:18 +0100

[diff] [blame]

35

if (!CryptAcquireContext(&hCryptProv, NULL, NULL,

36

PROV_RSA_FULL, CRYPT_VERIFYCONTEXT))

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

goto error;

return 0;

error:

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

42

if (raise) {

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

43

PyErr_SetFromWindowsErr(0);

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

44

}

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

return -1;

}

/* Fill buffer with size pseudo-random bytes generated by the Windows CryptoGen

Victor Stinner

2014-12-21 01:16:38 +0100

[diff] [blame]

49

API. Return 0 on success, or raise an exception and return -1 on error. */

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

50

static int

51

win32_urandom(unsigned char *buffer, Py_ssize_t size, int raise)

{

Py_ssize_t chunk;

if (hCryptProv == 0)

{

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

57

if (win32_urandom_init(raise) == -1) {

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

58

return -1;

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

59

}

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

}

while (size > 0)

{

chunk = size > INT_MAX ? INT_MAX : size;

Victor Stinner

0c08346

2013-11-15 23:26:25 +0100

[diff] [blame]

65

if (!CryptGenRandom(hCryptProv, (DWORD)chunk, buffer))

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

66

{

67

/* CryptGenRandom() failed */

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

68

if (raise) {

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

69

PyErr_SetFromWindowsErr(0);

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

70

}

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

return -1;

}

buffer += chunk;

size -= chunk;

}

return 0;

}

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

78

Martin Panter

39b1025

2016-06-10 08:07:11 +0000

[diff] [blame]

79

/* Issue #25003: Don't use getentropy() on Solaris (available since

Victor Stinner

2016-09-06 16:33:52 -0700

[diff] [blame]

80

* Solaris 11.3), it is blocking whereas os.urandom() should not block. */

Victor Stinner

2015-10-01 09:47:30 +0200

[diff] [blame]

81

#elif defined(HAVE_GETENTROPY) && !defined(sun)

82

#define PY_GETENTROPY 1

83

Victor Stinner

2014-12-21 01:16:38 +0100

[diff] [blame]

84

/* Fill buffer with size pseudo-random bytes generated by getentropy().

85

Return 0 on success, or raise an exception and return -1 on error.

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

86

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

87

If raise is zero, don't raise an exception on error. */

Victor Stinner

2014-12-21 01:16:38 +0100

[diff] [blame]

88

static int

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

89

py_getentropy(char *buffer, Py_ssize_t size, int raise)

Victor Stinner

2014-12-21 01:16:38 +0100

[diff] [blame]

90

{

91

while (size > 0) {

92

Py_ssize_t len = Py_MIN(size, 256);

Victor Stinner

2015-03-30 11:18:30 +0200

[diff] [blame]

93

int res;

94

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

95

if (raise) {

Victor Stinner

2015-03-30 11:18:30 +0200

[diff] [blame]

96

Py_BEGIN_ALLOW_THREADS

97

res = getentropy(buffer, len);

98

Py_END_ALLOW_THREADS

Victor Stinner

2014-12-21 01:16:38 +0100

[diff] [blame]

99

}

Victor Stinner

2015-03-30 11:18:30 +0200

[diff] [blame]

100

else {

101

res = getentropy(buffer, len);

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

}

if (res < 0) {

if (raise) {

PyErr_SetFromErrno(PyExc_OSError);

107

}

108

return -1;

Victor Stinner

2015-03-30 11:18:30 +0200

[diff] [blame]

109

}

110

Victor Stinner

2014-12-21 01:16:38 +0100

[diff] [blame]

buffer += len;

size -= len;

}

return 0;

}

Victor Stinner

2015-10-01 09:47:30 +0200

[diff] [blame]

117

#else

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

118

Victor Stinner

2015-10-01 09:47:30 +0200

[diff] [blame]

119

#if defined(HAVE_GETRANDOM) || defined(HAVE_GETRANDOM_SYSCALL)

120

#define PY_GETRANDOM 1

121

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

122

/* Call getrandom()

123

- Return 1 on success

Victor Stinner

2016-09-20 22:46:02 +0200

[diff] [blame]

124

- Return 0 if getrandom() syscall is not available (failed with ENOSYS or

125

EPERM) or if getrandom(GRND_NONBLOCK) failed with EAGAIN (system urandom

Victor Stinner

2016-09-20 22:26:18 +0200

[diff] [blame]

126

not initialized yet) and raise=0.

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

127

- Raise an exception (if raise is non-zero) and return -1 on error:

128

getrandom() failed with EINTR and the Python signal handler raised an

129

exception, or getrandom() failed with a different error. */

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

130

static int

Victor Stinner

2016-09-06 16:33:52 -0700

[diff] [blame]

131

py_getrandom(void *buffer, Py_ssize_t size, int blocking, int raise)

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

132

{

Victor Stinner

2016-09-06 16:33:52 -0700

[diff] [blame]

133

/* Is getrandom() supported by the running kernel? Set to 0 if getrandom()

Victor Stinner

2016-09-20 22:46:02 +0200

[diff] [blame]

134

failed with ENOSYS or EPERM. Need Linux kernel 3.17 or newer, or Solaris

Victor Stinner

2016-09-20 22:26:18 +0200

[diff] [blame]

135

11.3 or newer */

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

136

static int getrandom_works = 1;

Victor Stinner

2016-09-06 16:33:52 -0700

[diff] [blame]

137

int flags;

Victor Stinner

2016-06-08 10:16:50 +0200

[diff] [blame]

138

char *dest;

Victor Stinner

ec721f3

2016-06-16 23:53:47 +0200

[diff] [blame]

139

long n;

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

140

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

141

if (!getrandom_works) {

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

142

return 0;

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

143

}

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

144

Victor Stinner

2016-09-06 16:33:52 -0700

[diff] [blame]

145

flags = blocking ? 0 : GRND_NONBLOCK;

Victor Stinner

2016-06-08 10:16:50 +0200

[diff] [blame]

146

dest = buffer;

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

147

while (0 < size) {

Victor Stinner

9d24271

2016-04-12 22:28:49 +0200

[diff] [blame]

148

#ifdef sun

149

/* Issue #26735: On Solaris, getrandom() is limited to returning up

150

to 1024 bytes */

151

n = Py_MIN(size, 1024);

152

#else

Victor Stinner

ec721f3

2016-06-16 23:53:47 +0200

[diff] [blame]

153

n = Py_MIN(size, LONG_MAX);

Victor Stinner

9d24271

2016-04-12 22:28:49 +0200

[diff] [blame]

154

#endif

Victor Stinner

2015-03-30 11:16:40 +0200

[diff] [blame]

155

Victor Stinner

9d24271

2016-04-12 22:28:49 +0200

[diff] [blame]

156

errno = 0;

Victor Stinner

2015-10-01 09:47:30 +0200

[diff] [blame]

157

#ifdef HAVE_GETRANDOM

158

if (raise) {

159

Py_BEGIN_ALLOW_THREADS

Victor Stinner

2016-06-08 10:16:50 +0200

[diff] [blame]

160

n = getrandom(dest, n, flags);

Victor Stinner

2015-10-01 09:47:30 +0200

[diff] [blame]

161

Py_END_ALLOW_THREADS

162

}

163

else {

Victor Stinner

2016-06-08 10:16:50 +0200

[diff] [blame]

164

n = getrandom(dest, n, flags);

Victor Stinner

2015-10-01 09:47:30 +0200

[diff] [blame]

165

}

166

#else

167

/* On Linux, use the syscall() function because the GNU libc doesn't

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

168

expose the Linux getrandom() syscall yet. See:

169

https://sourceware.org/bugzilla/show_bug.cgi?id=17252 */

Victor Stinner

2015-03-30 11:16:40 +0200

[diff] [blame]

170

if (raise) {

171

Py_BEGIN_ALLOW_THREADS

Victor Stinner

2016-06-08 10:16:50 +0200

[diff] [blame]

172

n = syscall(SYS_getrandom, dest, n, flags);

Victor Stinner

2015-03-30 11:16:40 +0200

[diff] [blame]

173

Py_END_ALLOW_THREADS

174

}

175

else {

Victor Stinner

2016-06-08 10:16:50 +0200

[diff] [blame]

176

n = syscall(SYS_getrandom, dest, n, flags);

Victor Stinner

2015-03-30 11:16:40 +0200

[diff] [blame]

177

}

Victor Stinner

2015-10-01 09:47:30 +0200

[diff] [blame]

178

#endif

Victor Stinner

2015-03-30 11:16:40 +0200

[diff] [blame]

179

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

180

if (n < 0) {

Victor Stinner

2016-09-20 22:26:18 +0200

[diff] [blame]

181

/* ENOSYS: getrandom() syscall not supported by the kernel (but

Victor Stinner

2016-09-20 22:46:02 +0200

[diff] [blame]

182

* maybe supported by the host which built Python). EPERM:

183

* getrandom() syscall blocked by SECCOMP or something else. */

184

if (errno == ENOSYS || errno == EPERM) {

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

185

getrandom_works = 0;

186

return 0;

187

}

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

188

Victor Stinner

2016-09-06 16:33:52 -0700

[diff] [blame]

189

/* getrandom(GRND_NONBLOCK) fails with EAGAIN if the system urandom

190

is not initialiazed yet. For _PyRandom_Init(), we ignore their

191

error and fall back on reading /dev/urandom which never blocks,

192

even if the system urandom is not initialized yet. */

193

if (errno == EAGAIN && !raise && !blocking) {

Victor Stinner

dddf484

2016-06-07 11:21:42 +0200

[diff] [blame]

194

return 0;

195

}

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

196

197

if (errno == EINTR) {

Victor Stinner

cecdd96

2016-08-16 15:19:09 +0200

[diff] [blame]

198

if (raise) {

199

if (PyErr_CheckSignals()) {

200

return -1;

201

}

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

202

}

Victor Stinner

cecdd96

2016-08-16 15:19:09 +0200

[diff] [blame]

203

204

/* retry getrandom() if it was interrupted by a signal */

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

continue;

}

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

208

if (raise) {

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

209

PyErr_SetFromErrno(PyExc_OSError);

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

210

}

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

return -1;

}

Victor Stinner

2016-06-08 10:16:50 +0200

[diff] [blame]

214

dest += n;

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

size -= n;

}

return 1;

}

#endif

Antoine Pitrou

2014-04-26 14:33:03 +0200

[diff] [blame]

static struct {

int fd;

dev_t st_dev;

ino_t st_ino;

} urandom_cache = { -1 };

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

226

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

227

Victor Stinner

2016-09-06 16:33:52 -0700

[diff] [blame]

228

/* Read 'size' random bytes from py_getrandom(). Fall back on reading from

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

229

/dev/urandom if getrandom() is not available.

230

231

Return 0 on success. Raise an exception (if raise is non-zero) and return -1

232

on error. */

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

233

static int

Victor Stinner

2016-09-06 16:33:52 -0700

[diff] [blame]

234

dev_urandom(char *buffer, Py_ssize_t size, int blocking, int raise)

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

235

{

236

int fd;

237

Py_ssize_t n;

Victor Stinner

2015-10-01 09:47:30 +0200

[diff] [blame]

238

#ifdef PY_GETRANDOM

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

239

int res;

240

#endif

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

241

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

242

assert(size > 0);

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

243

Victor Stinner

2015-10-01 09:47:30 +0200

[diff] [blame]

244

#ifdef PY_GETRANDOM

Victor Stinner

2016-09-06 16:33:52 -0700

[diff] [blame]

245

res = py_getrandom(buffer, size, blocking, raise);

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

246

if (res < 0) {

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

247

return -1;

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

248

}

249

if (res == 1) {

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

250

return 0;

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

251

}

Victor Stinner

2016-09-20 22:46:02 +0200

[diff] [blame]

252

/* getrandom() failed with ENOSYS or EPERM,

Victor Stinner

2016-09-20 22:26:18 +0200

[diff] [blame]

253

fall back on reading /dev/urandom */

Victor Stinner

2015-03-18 14:39:33 +0100

[diff] [blame]

254

#endif

255

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

256

257

if (raise) {

258

struct _Py_stat_struct st;

259

Antoine Pitrou

2014-04-26 14:33:03 +0200

[diff] [blame]

260

if (urandom_cache.fd >= 0) {

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

261

/* Does the fd point to the same thing as before? (issue #21207) */

262

if (_Py_fstat_noraise(urandom_cache.fd, &st)

263

|| st.st_dev != urandom_cache.st_dev

264

|| st.st_ino != urandom_cache.st_ino) {

265

/* Something changed: forget the cached fd (but don't close it,

266

since it probably points to something important for some

267

third-party code). */

268

urandom_cache.fd = -1;

269

}

Antoine Pitrou

2013-08-31 00:26:02 +0200

[diff] [blame]

270

}

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

271

if (urandom_cache.fd >= 0)

272

fd = urandom_cache.fd;

Antoine Pitrou

2014-04-26 14:33:03 +0200

[diff] [blame]

273

else {

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

274

fd = _Py_open("/dev/urandom", O_RDONLY);

275

if (fd < 0) {

276

if (errno == ENOENT || errno == ENXIO ||

277

errno == ENODEV || errno == EACCES)

278

PyErr_SetString(PyExc_NotImplementedError,

279

"/dev/urandom (or equivalent) not found");

280

/* otherwise, keep the OSError exception raised by _Py_open() */

Antoine Pitrou

2014-04-26 14:33:03 +0200

[diff] [blame]

281

return -1;

282

}

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

283

if (urandom_cache.fd >= 0) {

284

/* urandom_fd was initialized by another thread while we were

285

not holding the GIL, keep it. */

286

close(fd);

287

fd = urandom_cache.fd;

288

}

Antoine Pitrou

2014-04-26 14:33:03 +0200

[diff] [blame]

289

else {

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

290

if (_Py_fstat(fd, &st)) {

close(fd);

return -1;

}

else {

urandom_cache.fd = fd;

296

urandom_cache.st_dev = st.st_dev;

297

urandom_cache.st_ino = st.st_ino;

298

}

Antoine Pitrou

2014-04-26 14:33:03 +0200

[diff] [blame]

299

}

300

}

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

301

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

302

do {

303

n = _Py_read(fd, buffer, (size_t)size);

if (n == -1)

return -1;

if (n == 0) {

PyErr_Format(PyExc_RuntimeError,

308

"Failed to read %zi bytes from /dev/urandom",

size);

return -1;

}

buffer += n;

size -= n;

} while (0 < size);

}

else {

fd = _Py_open_noraise("/dev/urandom", O_RDONLY);

319

if (fd < 0) {

Victor Stinner

c9382eb

2015-03-19 23:36:33 +0100

[diff] [blame]

return -1;

}

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

while (0 < size)

{

do {

n = read(fd, buffer, (size_t)size);

327

} while (n < 0 && errno == EINTR);

Victor Stinner

c9382eb

2015-03-19 23:36:33 +0100

[diff] [blame]

328

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

329

if (n <= 0) {

330

/* stop on error or if read(size) returned 0 */

Victor Stinner

3ee933f

2016-08-16 18:27:44 +0200

[diff] [blame]

331

close(fd);

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

return -1;

}

buffer += n;

size -= n;

}

close(fd);

}

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

340

return 0;

341

}

Antoine Pitrou

2013-08-31 00:26:02 +0200

[diff] [blame]

342

343

static void

344

dev_urandom_close(void)

345

{

Antoine Pitrou

2014-04-26 14:33:03 +0200

[diff] [blame]

346

if (urandom_cache.fd >= 0) {

347

close(urandom_cache.fd);

348

urandom_cache.fd = -1;

Antoine Pitrou

2013-08-31 00:26:02 +0200

[diff] [blame]

}

}

Victor Stinner

2015-10-01 09:47:30 +0200

[diff] [blame]

352

#endif

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

353

354

/* Fill buffer with pseudo-random bytes generated by a linear congruent

355

generator (LCG):

356

357

x(n+1) = (x(n) * 214013 + 2531011) % 2^32

358

359

Use bits 23..16 of x(n) to generate a byte. */

360

static void

361

lcg_urandom(unsigned int x0, unsigned char *buffer, size_t size)

{

size_t index;

unsigned int x;

x = x0;

for (index=0; index < size; index++) {

368

x *= 214013;

369

x += 2531011;

370

/* modulo 2 ^ (8 * sizeof(int)) */

371

buffer[index] = (x >> 16) & 0xff;

}

}

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

375

/* If raise is zero:

Victor Stinner

2016-08-16 18:46:38 +0200

[diff] [blame]

376

- Don't raise exceptions on error

377

- Don't call PyErr_CheckSignals() on EINTR (retry directly the interrupted

378

syscall)

379

- Don't release the GIL to call syscalls. */

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

380

static int

Victor Stinner

2016-09-06 16:33:52 -0700

[diff] [blame]

381

pyurandom(void *buffer, Py_ssize_t size, int blocking, int raise)

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

{

if (size < 0) {

if (raise) {

PyErr_Format(PyExc_ValueError,

386

"negative argument not allowed");

}

return -1;

}

if (size == 0) {

return 0;

}

#ifdef MS_WINDOWS

return win32_urandom((unsigned char *)buffer, size, raise);

397

#elif defined(PY_GETENTROPY)

398

return py_getentropy(buffer, size, raise);

399

#else

Victor Stinner

2016-09-06 16:33:52 -0700

[diff] [blame]

400

return dev_urandom(buffer, size, blocking, raise);

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

#endif

}

Georg Brandl

2013-10-06 18:43:19 +0200

[diff] [blame]

404

/* Fill buffer with size pseudo-random bytes from the operating system random

Serhiy Storchaka

56a6d85

2014-12-01 18:28:43 +0200

[diff] [blame]

405

number generator (RNG). It is suitable for most cryptographic purposes

Georg Brandl

c6a2c9b

2013-10-06 18:43:19 +0200

[diff] [blame]

406

except long living private keys for asymmetric encryption.

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

407

Victor Stinner

2016-09-06 16:33:52 -0700

[diff] [blame]

408

On Linux 3.17 and newer, the getrandom() syscall is used in blocking mode:

409

block until the system urandom entropy pool is initialized (128 bits are

410

collected by the kernel).

411

412

Return 0 on success. Raise an exception and return -1 on error. */

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

413

int

414

_PyOS_URandom(void *buffer, Py_ssize_t size)

415

{

Victor Stinner

2016-09-06 16:33:52 -0700

[diff] [blame]

416

return pyurandom(buffer, size, 1, 1);

417

}

418

419

/* Fill buffer with size pseudo-random bytes from the operating system random

420

number generator (RNG). It is not suitable for cryptographic purpose.

421

422

On Linux 3.17 and newer (when getrandom() syscall is used), if the system

423

urandom is not initialized yet, the function returns "weak" entropy read

424

from /dev/urandom.

425

426

Return 0 on success. Raise an exception and return -1 on error. */

427

int

428

_PyOS_URandomNonblock(void *buffer, Py_ssize_t size)

429

{

430

return pyurandom(buffer, size, 0, 1);

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

}

void

_PyRandom_Init(void)

{

char *env;

Christian Heimes

985ecdc

2013-11-20 11:46:18 +0100

[diff] [blame]

437

unsigned char *secret = (unsigned char *)&_Py_HashSecret.uc;

Benjamin Peterson

2012-02-21 11:08:50 -0500

[diff] [blame]

438

Py_ssize_t secret_size = sizeof(_Py_HashSecret_t);

Serhiy Storchaka

fad85aa

2015-11-07 15:42:38 +0200

[diff] [blame]

439

Py_BUILD_ASSERT(sizeof(_Py_HashSecret_t) == sizeof(_Py_HashSecret.uc));

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

440

Benjamin Peterson

2012-02-21 11:08:50 -0500

[diff] [blame]

441

if (_Py_HashSecret_Initialized)

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

442

return;

Benjamin Peterson

2012-02-21 11:08:50 -0500

[diff] [blame]

443

_Py_HashSecret_Initialized = 1;

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

444

445

/*

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

446

Hash randomization is enabled. Generate a per-process secret,

447

using PYTHONHASHSEED if provided.

448

*/

449

450

env = Py_GETENV("PYTHONHASHSEED");

Georg Brandl

12897d7

2012-02-20 23:49:29 +0100

[diff] [blame]

451

if (env && *env != '\0' && strcmp(env, "random") != 0) {

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

452

char *endptr = env;

453

unsigned long seed;

454

seed = strtoul(env, &endptr, 10);

455

if (*endptr != '\0'

456

|| seed > 4294967295UL

457

|| (errno == ERANGE && seed == ULONG_MAX))

458

{

459

Py_FatalError("PYTHONHASHSEED must be \"random\" or an integer "

460

"in range [0; 4294967295]");

461

}

462

if (seed == 0) {

463

/* disable the randomized hash */

464

memset(secret, 0, secret_size);

465

}

466

else {

Christian Heimes

985ecdc

2013-11-20 11:46:18 +0100

[diff] [blame]

467

lcg_urandom(seed, secret, secret_size);

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

468

}

469

}

470

else {

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

471

int res;

472

473

/* _PyRandom_Init() is called very early in the Python initialization

Victor Stinner

2016-09-06 16:33:52 -0700

[diff] [blame]

474

and so exceptions cannot be used (use raise=0).

475

476

_PyRandom_Init() must not block Python initialization: call

477

pyurandom() is non-blocking mode (blocking=0): see the PEP 524. */

478

res = pyurandom(secret, secret_size, 0, 0);

Victor Stinner

2016-08-16 15:23:58 +0200

[diff] [blame]

479

if (res < 0) {

480

Py_FatalError("failed to get random numbers to initialize Python");

481

}

Georg Brandl

2012-02-20 19:54:16 +0100

[diff] [blame]

482

}

483

}

Antoine Pitrou

2013-08-31 00:26:02 +0200

[diff] [blame]

void

_PyRandom_Fini(void)

{

Victor Stinner

d50c3f3

2014-05-02 22:06:44 +0200

[diff] [blame]

488

#ifdef MS_WINDOWS

489

if (hCryptProv) {

Tim Golden

b8ac3e1

2014-05-06 13:29:45 +0100

[diff] [blame]

490

CryptReleaseContext(hCryptProv, 0);

Victor Stinner

d50c3f3

2014-05-02 22:06:44 +0200

[diff] [blame]

491

hCryptProv = 0;

492

}

Victor Stinner

2015-10-01 09:47:30 +0200

[diff] [blame]

493

#elif defined(PY_GETENTROPY)

Victor Stinner

2014-12-21 01:16:38 +0100

[diff] [blame]

494

/* nothing to clean */

Victor Stinner

d50c3f3

2014-05-02 22:06:44 +0200

[diff] [blame]

495

#else

Antoine Pitrou