Georg Brandl | 2daf6ae | 2012-02-20 19:54:16 +0100 | [diff] [blame] | 1 | #include "Python.h" |
| 2 | #ifdef MS_WINDOWS |
Victor Stinner | 59f7fb2 | 2015-03-18 14:39:33 +0100 | [diff] [blame] | 3 | # include <windows.h> |
Georg Brandl | 2daf6ae | 2012-02-20 19:54:16 +0100 | [diff] [blame] | 4 | #else |
Victor Stinner | 59f7fb2 | 2015-03-18 14:39:33 +0100 | [diff] [blame] | 5 | # include <fcntl.h> |
| 6 | # ifdef HAVE_SYS_STAT_H |
| 7 | # include <sys/stat.h> |
| 8 | # endif |
Victor Stinner | 9eb57c5 | 2015-03-19 22:21:49 +0100 | [diff] [blame] | 9 | # ifdef HAVE_GETRANDOM_SYSCALL |
Victor Stinner | 59f7fb2 | 2015-03-18 14:39:33 +0100 | [diff] [blame] | 10 | # include <sys/syscall.h> |
Victor Stinner | 59f7fb2 | 2015-03-18 14:39:33 +0100 | [diff] [blame] | 11 | # endif |
Georg Brandl | 2daf6ae | 2012-02-20 19:54:16 +0100 | [diff] [blame] | 12 | #endif |
| 13 | |
Benjamin Peterson | 69e9727 | 2012-02-21 11:08:50 -0500 | [diff] [blame] | 14 | #ifdef Py_DEBUG |
| 15 | int _Py_HashSecret_Initialized = 0; |
| 16 | #else |
| 17 | static int _Py_HashSecret_Initialized = 0; |
| 18 | #endif |
Georg Brandl | 2daf6ae | 2012-02-20 19:54:16 +0100 | [diff] [blame] | 19 | |
| 20 | #ifdef MS_WINDOWS |
Georg Brandl | 2daf6ae | 2012-02-20 19:54:16 +0100 | [diff] [blame] | 21 | static HCRYPTPROV hCryptProv = 0; |
| 22 | |
| 23 | static int |
| 24 | win32_urandom_init(int raise) |
| 25 | { |
Georg Brandl | 2daf6ae | 2012-02-20 19:54:16 +0100 | [diff] [blame] | 26 | /* Acquire context */ |
Martin v. Löwis | 3f50bf6 | 2013-01-25 14:06:18 +0100 | [diff] [blame] | 27 | if (!CryptAcquireContext(&hCryptProv, NULL, NULL, |
| 28 | PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) |
Georg Brandl | 2daf6ae | 2012-02-20 19:54:16 +0100 | [diff] [blame] | 29 | goto error; |
| 30 | |
| 31 | return 0; |
| 32 | |
| 33 | error: |
| 34 | if (raise) |
| 35 | PyErr_SetFromWindowsErr(0); |
| 36 | else |
| 37 | Py_FatalError("Failed to initialize Windows random API (CryptoGen)"); |
| 38 | return -1; |
| 39 | } |
| 40 | |
| 41 | /* Fill buffer with size pseudo-random bytes generated by the Windows CryptoGen |
Victor Stinner | 4d6a3d6 | 2014-12-21 01:16:38 +0100 | [diff] [blame] | 42 | API. Return 0 on success, or raise an exception and return -1 on error. */ |
Georg Brandl | 2daf6ae | 2012-02-20 19:54:16 +0100 | [diff] [blame] | 43 | static int |
| 44 | win32_urandom(unsigned char *buffer, Py_ssize_t size, int raise) |
| 45 | { |
| 46 | Py_ssize_t chunk; |
| 47 | |
| 48 | if (hCryptProv == 0) |
| 49 | { |
| 50 | if (win32_urandom_init(raise) == -1) |
| 51 | return -1; |
| 52 | } |
| 53 | |
| 54 | while (size > 0) |
| 55 | { |
| 56 | chunk = size > INT_MAX ? INT_MAX : size; |
Victor Stinner | 0c08346 | 2013-11-15 23:26:25 +0100 | [diff] [blame] | 57 | if (!CryptGenRandom(hCryptProv, (DWORD)chunk, buffer)) |
Georg Brandl | 2daf6ae | 2012-02-20 19:54:16 +0100 | [diff] [blame] | 58 | { |
| 59 | /* CryptGenRandom() failed */ |
| 60 | if (raise) |
| 61 | PyErr_SetFromWindowsErr(0); |
| 62 | else |
| 63 | Py_FatalError("Failed to initialized the randomized hash " |
| 64 | "secret using CryptoGen)"); |
| 65 | return -1; |
| 66 | } |
| 67 | buffer += chunk; |
| 68 | size -= chunk; |
| 69 | } |
| 70 | return 0; |
| 71 | } |
Georg Brandl | 2daf6ae | 2012-02-20 19:54:16 +0100 | [diff] [blame] | 72 | |
Victor Stinner | 4d6a3d6 | 2014-12-21 01:16:38 +0100 | [diff] [blame] | 73 | #elif HAVE_GETENTROPY |
| 74 | /* Fill buffer with size pseudo-random bytes generated by getentropy(). |
| 75 | Return 0 on success, or raise an exception and return -1 on error. |
Georg Brandl | 2daf6ae | 2012-02-20 19:54:16 +0100 | [diff] [blame] | 76 | |
Victor Stinner | 4d6a3d6 | 2014-12-21 01:16:38 +0100 | [diff] [blame] | 77 | If fatal is nonzero, call Py_FatalError() instead of raising an exception |
| 78 | on error. */ |
| 79 | static int |
| 80 | py_getentropy(unsigned char *buffer, Py_ssize_t size, int fatal) |
| 81 | { |
| 82 | while (size > 0) { |
| 83 | Py_ssize_t len = Py_MIN(size, 256); |
Victor Stinner | 9aa1331 | 2015-03-30 11:18:30 +0200 | [diff] [blame] | 84 | int res; |
| 85 | |
| 86 | if (!fatal) { |
| 87 | Py_BEGIN_ALLOW_THREADS |
| 88 | res = getentropy(buffer, len); |
| 89 | Py_END_ALLOW_THREADS |
| 90 | |
| 91 | if (res < 0) { |
Victor Stinner | 4d6a3d6 | 2014-12-21 01:16:38 +0100 | [diff] [blame] | 92 | PyErr_SetFromErrno(PyExc_OSError); |
| 93 | return -1; |
| 94 | } |
| 95 | } |
Victor Stinner | 9aa1331 | 2015-03-30 11:18:30 +0200 | [diff] [blame] | 96 | else { |
| 97 | res = getentropy(buffer, len); |
| 98 | if (res < 0) |
| 99 | Py_FatalError("getentropy() failed"); |
| 100 | } |
| 101 | |
Victor Stinner | 4d6a3d6 | 2014-12-21 01:16:38 +0100 | [diff] [blame] | 102 | buffer += len; |
| 103 | size -= len; |
| 104 | } |
| 105 | return 0; |
| 106 | } |
| 107 | |
Victor Stinner | 59f7fb2 | 2015-03-18 14:39:33 +0100 | [diff] [blame] | 108 | #else /* !HAVE_GETENTROPY */ |
| 109 | |
Victor Stinner | 9eb57c5 | 2015-03-19 22:21:49 +0100 | [diff] [blame] | 110 | #ifdef HAVE_GETRANDOM_SYSCALL |
Victor Stinner | 59f7fb2 | 2015-03-18 14:39:33 +0100 | [diff] [blame] | 111 | static int |
| 112 | py_getrandom(void *buffer, Py_ssize_t size, int raise) |
| 113 | { |
| 114 | /* is getrandom() supported by the running kernel? |
| 115 | * need Linux kernel 3.17 or later */ |
| 116 | static int getrandom_works = 1; |
| 117 | /* Use /dev/urandom, block if the kernel has no entropy */ |
| 118 | const int flags = 0; |
| 119 | int n; |
| 120 | |
| 121 | if (!getrandom_works) |
| 122 | return 0; |
| 123 | |
| 124 | while (0 < size) { |
| 125 | errno = 0; |
Victor Stinner | 79b74ae | 2015-03-30 11:16:40 +0200 | [diff] [blame] | 126 | |
| 127 | /* Use syscall() because the libc doesn't expose getrandom() yet, see: |
Victor Stinner | 59f7fb2 | 2015-03-18 14:39:33 +0100 | [diff] [blame] | 128 | * https://sourceware.org/bugzilla/show_bug.cgi?id=17252 */ |
Victor Stinner | 79b74ae | 2015-03-30 11:16:40 +0200 | [diff] [blame] | 129 | if (raise) { |
| 130 | Py_BEGIN_ALLOW_THREADS |
| 131 | n = syscall(SYS_getrandom, buffer, size, flags); |
| 132 | Py_END_ALLOW_THREADS |
| 133 | } |
| 134 | else { |
| 135 | n = syscall(SYS_getrandom, buffer, size, flags); |
| 136 | } |
| 137 | |
Victor Stinner | 59f7fb2 | 2015-03-18 14:39:33 +0100 | [diff] [blame] | 138 | if (n < 0) { |
| 139 | if (errno == ENOSYS) { |
| 140 | getrandom_works = 0; |
| 141 | return 0; |
| 142 | } |
| 143 | |
| 144 | if (errno == EINTR) { |
Victor Stinner | 59f7fb2 | 2015-03-18 14:39:33 +0100 | [diff] [blame] | 145 | if (PyErr_CheckSignals()) { |
| 146 | if (!raise) |
| 147 | Py_FatalError("getrandom() interrupted by a signal"); |
| 148 | return -1; |
| 149 | } |
| 150 | /* retry getrandom() */ |
| 151 | continue; |
| 152 | } |
| 153 | |
| 154 | if (raise) |
| 155 | PyErr_SetFromErrno(PyExc_OSError); |
| 156 | else |
| 157 | Py_FatalError("getrandom() failed"); |
| 158 | return -1; |
| 159 | } |
| 160 | |
| 161 | buffer += n; |
| 162 | size -= n; |
| 163 | } |
| 164 | return 1; |
| 165 | } |
| 166 | #endif |
| 167 | |
Antoine Pitrou | e472aea | 2014-04-26 14:33:03 +0200 | [diff] [blame] | 168 | static struct { |
| 169 | int fd; |
| 170 | dev_t st_dev; |
| 171 | ino_t st_ino; |
| 172 | } urandom_cache = { -1 }; |
Georg Brandl | 2daf6ae | 2012-02-20 19:54:16 +0100 | [diff] [blame] | 173 | |
Victor Stinner | 59f7fb2 | 2015-03-18 14:39:33 +0100 | [diff] [blame] | 174 | |
Georg Brandl | 2daf6ae | 2012-02-20 19:54:16 +0100 | [diff] [blame] | 175 | /* Read size bytes from /dev/urandom into buffer. |
| 176 | Call Py_FatalError() on error. */ |
| 177 | static void |
Christian Heimes | 985ecdc | 2013-11-20 11:46:18 +0100 | [diff] [blame] | 178 | dev_urandom_noraise(unsigned char *buffer, Py_ssize_t size) |
Georg Brandl | 2daf6ae | 2012-02-20 19:54:16 +0100 | [diff] [blame] | 179 | { |
| 180 | int fd; |
| 181 | Py_ssize_t n; |
| 182 | |
| 183 | assert (0 < size); |
| 184 | |
Victor Stinner | 9eb57c5 | 2015-03-19 22:21:49 +0100 | [diff] [blame] | 185 | #ifdef HAVE_GETRANDOM_SYSCALL |
Victor Stinner | 59f7fb2 | 2015-03-18 14:39:33 +0100 | [diff] [blame] | 186 | if (py_getrandom(buffer, size, 0) == 1) |
| 187 | return; |
| 188 | /* getrandom() is not supported by the running kernel, fall back |
| 189 | * on reading /dev/urandom */ |
| 190 | #endif |
| 191 | |
Victor Stinner | c7cd12d | 2015-03-19 23:24:45 +0100 | [diff] [blame] | 192 | fd = _Py_open_noraise("/dev/urandom", O_RDONLY); |
| 193 | if (fd < 0) |
| 194 | Py_FatalError("Failed to open /dev/urandom"); |
| 195 | |
Georg Brandl | 2daf6ae | 2012-02-20 19:54:16 +0100 | [diff] [blame] | 196 | while (0 < size) |
| 197 | { |
| 198 | do { |
| 199 | n = read(fd, buffer, (size_t)size); |
| 200 | } while (n < 0 && errno == EINTR); |
| 201 | if (n <= 0) |
| 202 | { |
| 203 | /* stop on error or if read(size) returned 0 */ |
| 204 | Py_FatalError("Failed to read bytes from /dev/urandom"); |
| 205 | break; |
| 206 | } |
| 207 | buffer += n; |
| 208 | size -= (Py_ssize_t)n; |
| 209 | } |
| 210 | close(fd); |
| 211 | } |
| 212 | |
| 213 | /* Read size bytes from /dev/urandom into buffer. |
| 214 | Return 0 on success, raise an exception and return -1 on error. */ |
| 215 | static int |
| 216 | dev_urandom_python(char *buffer, Py_ssize_t size) |
| 217 | { |
| 218 | int fd; |
| 219 | Py_ssize_t n; |
Steve Dower | f2f373f | 2015-02-21 08:44:05 -0800 | [diff] [blame] | 220 | struct _Py_stat_struct st; |
Victor Stinner | 9eb57c5 | 2015-03-19 22:21:49 +0100 | [diff] [blame] | 221 | #ifdef HAVE_GETRANDOM_SYSCALL |
Victor Stinner | 59f7fb2 | 2015-03-18 14:39:33 +0100 | [diff] [blame] | 222 | int res; |
| 223 | #endif |
Georg Brandl | 2daf6ae | 2012-02-20 19:54:16 +0100 | [diff] [blame] | 224 | |
| 225 | if (size <= 0) |
| 226 | return 0; |
| 227 | |
Victor Stinner | 9eb57c5 | 2015-03-19 22:21:49 +0100 | [diff] [blame] | 228 | #ifdef HAVE_GETRANDOM_SYSCALL |
Victor Stinner | 59f7fb2 | 2015-03-18 14:39:33 +0100 | [diff] [blame] | 229 | res = py_getrandom(buffer, size, 1); |
| 230 | if (res < 0) |
| 231 | return -1; |
| 232 | if (res == 1) |
| 233 | return 0; |
| 234 | /* getrandom() is not supported by the running kernel, fall back |
| 235 | * on reading /dev/urandom */ |
| 236 | #endif |
| 237 | |
Antoine Pitrou | e472aea | 2014-04-26 14:33:03 +0200 | [diff] [blame] | 238 | if (urandom_cache.fd >= 0) { |
| 239 | /* Does the fd point to the same thing as before? (issue #21207) */ |
Victor Stinner | e134a7f | 2015-03-30 10:09:31 +0200 | [diff] [blame] | 240 | if (_Py_fstat_noraise(urandom_cache.fd, &st) |
Antoine Pitrou | e472aea | 2014-04-26 14:33:03 +0200 | [diff] [blame] | 241 | || st.st_dev != urandom_cache.st_dev |
| 242 | || st.st_ino != urandom_cache.st_ino) { |
| 243 | /* Something changed: forget the cached fd (but don't close it, |
| 244 | since it probably points to something important for some |
| 245 | third-party code). */ |
| 246 | urandom_cache.fd = -1; |
| 247 | } |
| 248 | } |
| 249 | if (urandom_cache.fd >= 0) |
| 250 | fd = urandom_cache.fd; |
Antoine Pitrou | 4879a96 | 2013-08-31 00:26:02 +0200 | [diff] [blame] | 251 | else { |
Antoine Pitrou | 4879a96 | 2013-08-31 00:26:02 +0200 | [diff] [blame] | 252 | fd = _Py_open("/dev/urandom", O_RDONLY); |
Victor Stinner | a555cfc | 2015-03-18 00:22:14 +0100 | [diff] [blame] | 253 | if (fd < 0) { |
Antoine Pitrou | 4879a96 | 2013-08-31 00:26:02 +0200 | [diff] [blame] | 254 | if (errno == ENOENT || errno == ENXIO || |
| 255 | errno == ENODEV || errno == EACCES) |
| 256 | PyErr_SetString(PyExc_NotImplementedError, |
| 257 | "/dev/urandom (or equivalent) not found"); |
Victor Stinner | a555cfc | 2015-03-18 00:22:14 +0100 | [diff] [blame] | 258 | /* otherwise, keep the OSError exception raised by _Py_open() */ |
Antoine Pitrou | 4879a96 | 2013-08-31 00:26:02 +0200 | [diff] [blame] | 259 | return -1; |
| 260 | } |
Antoine Pitrou | e472aea | 2014-04-26 14:33:03 +0200 | [diff] [blame] | 261 | if (urandom_cache.fd >= 0) { |
Antoine Pitrou | 4879a96 | 2013-08-31 00:26:02 +0200 | [diff] [blame] | 262 | /* urandom_fd was initialized by another thread while we were |
| 263 | not holding the GIL, keep it. */ |
| 264 | close(fd); |
Antoine Pitrou | e472aea | 2014-04-26 14:33:03 +0200 | [diff] [blame] | 265 | fd = urandom_cache.fd; |
Antoine Pitrou | 4879a96 | 2013-08-31 00:26:02 +0200 | [diff] [blame] | 266 | } |
Antoine Pitrou | e472aea | 2014-04-26 14:33:03 +0200 | [diff] [blame] | 267 | else { |
Steve Dower | f2f373f | 2015-02-21 08:44:05 -0800 | [diff] [blame] | 268 | if (_Py_fstat(fd, &st)) { |
Antoine Pitrou | e472aea | 2014-04-26 14:33:03 +0200 | [diff] [blame] | 269 | close(fd); |
| 270 | return -1; |
| 271 | } |
| 272 | else { |
| 273 | urandom_cache.fd = fd; |
| 274 | urandom_cache.st_dev = st.st_dev; |
| 275 | urandom_cache.st_ino = st.st_ino; |
| 276 | } |
| 277 | } |
Georg Brandl | 2daf6ae | 2012-02-20 19:54:16 +0100 | [diff] [blame] | 278 | } |
| 279 | |
Georg Brandl | 2daf6ae | 2012-02-20 19:54:16 +0100 | [diff] [blame] | 280 | do { |
Victor Stinner | c9382eb | 2015-03-19 23:36:33 +0100 | [diff] [blame] | 281 | n = _Py_read(fd, buffer, (size_t)size); |
| 282 | if (n == -1) |
| 283 | return -1; |
| 284 | if (n == 0) { |
Georg Brandl | 2daf6ae | 2012-02-20 19:54:16 +0100 | [diff] [blame] | 285 | PyErr_Format(PyExc_RuntimeError, |
Victor Stinner | c9382eb | 2015-03-19 23:36:33 +0100 | [diff] [blame] | 286 | "Failed to read %zi bytes from /dev/urandom", |
| 287 | size); |
| 288 | return -1; |
| 289 | } |
| 290 | |
| 291 | buffer += n; |
| 292 | size -= n; |
| 293 | } while (0 < size); |
| 294 | |
Georg Brandl | 2daf6ae | 2012-02-20 19:54:16 +0100 | [diff] [blame] | 295 | return 0; |
| 296 | } |
Antoine Pitrou | 4879a96 | 2013-08-31 00:26:02 +0200 | [diff] [blame] | 297 | |
| 298 | static void |
| 299 | dev_urandom_close(void) |
| 300 | { |
Antoine Pitrou | e472aea | 2014-04-26 14:33:03 +0200 | [diff] [blame] | 301 | if (urandom_cache.fd >= 0) { |
| 302 | close(urandom_cache.fd); |
| 303 | urandom_cache.fd = -1; |
Antoine Pitrou | 4879a96 | 2013-08-31 00:26:02 +0200 | [diff] [blame] | 304 | } |
| 305 | } |
| 306 | |
Victor Stinner | 4d6a3d6 | 2014-12-21 01:16:38 +0100 | [diff] [blame] | 307 | #endif /* HAVE_GETENTROPY */ |
Georg Brandl | 2daf6ae | 2012-02-20 19:54:16 +0100 | [diff] [blame] | 308 | |
| 309 | /* Fill buffer with pseudo-random bytes generated by a linear congruent |
| 310 | generator (LCG): |
| 311 | |
| 312 | x(n+1) = (x(n) * 214013 + 2531011) % 2^32 |
| 313 | |
| 314 | Use bits 23..16 of x(n) to generate a byte. */ |
| 315 | static void |
| 316 | lcg_urandom(unsigned int x0, unsigned char *buffer, size_t size) |
| 317 | { |
| 318 | size_t index; |
| 319 | unsigned int x; |
| 320 | |
| 321 | x = x0; |
| 322 | for (index=0; index < size; index++) { |
| 323 | x *= 214013; |
| 324 | x += 2531011; |
| 325 | /* modulo 2 ^ (8 * sizeof(int)) */ |
| 326 | buffer[index] = (x >> 16) & 0xff; |
| 327 | } |
| 328 | } |
| 329 | |
Georg Brandl | c6a2c9b | 2013-10-06 18:43:19 +0200 | [diff] [blame] | 330 | /* Fill buffer with size pseudo-random bytes from the operating system random |
Serhiy Storchaka | 56a6d85 | 2014-12-01 18:28:43 +0200 | [diff] [blame] | 331 | number generator (RNG). It is suitable for most cryptographic purposes |
Georg Brandl | c6a2c9b | 2013-10-06 18:43:19 +0200 | [diff] [blame] | 332 | except long living private keys for asymmetric encryption. |
Georg Brandl | 2daf6ae | 2012-02-20 19:54:16 +0100 | [diff] [blame] | 333 | |
| 334 | Return 0 on success, raise an exception and return -1 on error. */ |
| 335 | int |
| 336 | _PyOS_URandom(void *buffer, Py_ssize_t size) |
| 337 | { |
| 338 | if (size < 0) { |
| 339 | PyErr_Format(PyExc_ValueError, |
| 340 | "negative argument not allowed"); |
| 341 | return -1; |
| 342 | } |
| 343 | if (size == 0) |
| 344 | return 0; |
| 345 | |
| 346 | #ifdef MS_WINDOWS |
| 347 | return win32_urandom((unsigned char *)buffer, size, 1); |
Victor Stinner | 4d6a3d6 | 2014-12-21 01:16:38 +0100 | [diff] [blame] | 348 | #elif HAVE_GETENTROPY |
| 349 | return py_getentropy(buffer, size, 0); |
Georg Brandl | 2daf6ae | 2012-02-20 19:54:16 +0100 | [diff] [blame] | 350 | #else |
Georg Brandl | 2daf6ae | 2012-02-20 19:54:16 +0100 | [diff] [blame] | 351 | return dev_urandom_python((char*)buffer, size); |
Georg Brandl | 2daf6ae | 2012-02-20 19:54:16 +0100 | [diff] [blame] | 352 | #endif |
| 353 | } |
| 354 | |
| 355 | void |
| 356 | _PyRandom_Init(void) |
| 357 | { |
| 358 | char *env; |
Christian Heimes | 985ecdc | 2013-11-20 11:46:18 +0100 | [diff] [blame] | 359 | unsigned char *secret = (unsigned char *)&_Py_HashSecret.uc; |
Benjamin Peterson | 69e9727 | 2012-02-21 11:08:50 -0500 | [diff] [blame] | 360 | Py_ssize_t secret_size = sizeof(_Py_HashSecret_t); |
Christian Heimes | 985ecdc | 2013-11-20 11:46:18 +0100 | [diff] [blame] | 361 | assert(secret_size == sizeof(_Py_HashSecret.uc)); |
Georg Brandl | 2daf6ae | 2012-02-20 19:54:16 +0100 | [diff] [blame] | 362 | |
Benjamin Peterson | 69e9727 | 2012-02-21 11:08:50 -0500 | [diff] [blame] | 363 | if (_Py_HashSecret_Initialized) |
Georg Brandl | 2daf6ae | 2012-02-20 19:54:16 +0100 | [diff] [blame] | 364 | return; |
Benjamin Peterson | 69e9727 | 2012-02-21 11:08:50 -0500 | [diff] [blame] | 365 | _Py_HashSecret_Initialized = 1; |
Georg Brandl | 2daf6ae | 2012-02-20 19:54:16 +0100 | [diff] [blame] | 366 | |
| 367 | /* |
Georg Brandl | 2daf6ae | 2012-02-20 19:54:16 +0100 | [diff] [blame] | 368 | Hash randomization is enabled. Generate a per-process secret, |
| 369 | using PYTHONHASHSEED if provided. |
| 370 | */ |
| 371 | |
| 372 | env = Py_GETENV("PYTHONHASHSEED"); |
Georg Brandl | 12897d7 | 2012-02-20 23:49:29 +0100 | [diff] [blame] | 373 | if (env && *env != '\0' && strcmp(env, "random") != 0) { |
Georg Brandl | 2daf6ae | 2012-02-20 19:54:16 +0100 | [diff] [blame] | 374 | char *endptr = env; |
| 375 | unsigned long seed; |
| 376 | seed = strtoul(env, &endptr, 10); |
| 377 | if (*endptr != '\0' |
| 378 | || seed > 4294967295UL |
| 379 | || (errno == ERANGE && seed == ULONG_MAX)) |
| 380 | { |
| 381 | Py_FatalError("PYTHONHASHSEED must be \"random\" or an integer " |
| 382 | "in range [0; 4294967295]"); |
| 383 | } |
| 384 | if (seed == 0) { |
| 385 | /* disable the randomized hash */ |
| 386 | memset(secret, 0, secret_size); |
| 387 | } |
| 388 | else { |
Christian Heimes | 985ecdc | 2013-11-20 11:46:18 +0100 | [diff] [blame] | 389 | lcg_urandom(seed, secret, secret_size); |
Georg Brandl | 2daf6ae | 2012-02-20 19:54:16 +0100 | [diff] [blame] | 390 | } |
| 391 | } |
| 392 | else { |
| 393 | #ifdef MS_WINDOWS |
Christian Heimes | 985ecdc | 2013-11-20 11:46:18 +0100 | [diff] [blame] | 394 | (void)win32_urandom(secret, secret_size, 0); |
Victor Stinner | 4d6a3d6 | 2014-12-21 01:16:38 +0100 | [diff] [blame] | 395 | #elif HAVE_GETENTROPY |
| 396 | (void)py_getentropy(secret, secret_size, 1); |
Christian Heimes | af01f66 | 2013-12-21 16:19:10 +0100 | [diff] [blame] | 397 | #else |
Christian Heimes | 985ecdc | 2013-11-20 11:46:18 +0100 | [diff] [blame] | 398 | dev_urandom_noraise(secret, secret_size); |
Georg Brandl | 2daf6ae | 2012-02-20 19:54:16 +0100 | [diff] [blame] | 399 | #endif |
| 400 | } |
| 401 | } |
Antoine Pitrou | 4879a96 | 2013-08-31 00:26:02 +0200 | [diff] [blame] | 402 | |
| 403 | void |
| 404 | _PyRandom_Fini(void) |
| 405 | { |
Victor Stinner | d50c3f3 | 2014-05-02 22:06:44 +0200 | [diff] [blame] | 406 | #ifdef MS_WINDOWS |
| 407 | if (hCryptProv) { |
Tim Golden | b8ac3e1 | 2014-05-06 13:29:45 +0100 | [diff] [blame] | 408 | CryptReleaseContext(hCryptProv, 0); |
Victor Stinner | d50c3f3 | 2014-05-02 22:06:44 +0200 | [diff] [blame] | 409 | hCryptProv = 0; |
| 410 | } |
Victor Stinner | 4d6a3d6 | 2014-12-21 01:16:38 +0100 | [diff] [blame] | 411 | #elif HAVE_GETENTROPY |
| 412 | /* nothing to clean */ |
Victor Stinner | d50c3f3 | 2014-05-02 22:06:44 +0200 | [diff] [blame] | 413 | #else |
Antoine Pitrou | 4879a96 | 2013-08-31 00:26:02 +0200 | [diff] [blame] | 414 | dev_urandom_close(); |
| 415 | #endif |
| 416 | } |