Blame - Python/random.c - platform/external/python/cpython3

blob: a281829f9744ee8143b8173fb5e7a12a0a12b113 [file] [log] [blame]

Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	1	#include "Python.h"
				2	#ifdef MS_WINDOWS
Victor Stinner	59f7fb2	2015-03-18 14:39:33 +0100	[diff] [blame]	3	# include <windows.h>
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	4	#else
Victor Stinner	59f7fb2	2015-03-18 14:39:33 +0100	[diff] [blame]	5	# include <fcntl.h>
				6	# ifdef HAVE_SYS_STAT_H
				7	# include <sys/stat.h>
				8	# endif
Victor Stinner	9eb57c5	2015-03-19 22:21:49 +0100	[diff] [blame]	9	# ifdef HAVE_GETRANDOM_SYSCALL
Victor Stinner	59f7fb2	2015-03-18 14:39:33 +0100	[diff] [blame]	10	# include <sys/syscall.h>
Victor Stinner	59f7fb2	2015-03-18 14:39:33 +0100	[diff] [blame]	11	# endif
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	12	#endif
				13
Benjamin Peterson	69e9727	2012-02-21 11:08:50 -0500	[diff] [blame]	14	#ifdef Py_DEBUG
				15	int _Py_HashSecret_Initialized = 0;
				16	#else
				17	static int _Py_HashSecret_Initialized = 0;
				18	#endif
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	19
				20	#ifdef MS_WINDOWS
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	21	static HCRYPTPROV hCryptProv = 0;
				22
				23	static int
				24	win32_urandom_init(int raise)
				25	{
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	26	/* Acquire context */
Martin v. Löwis	3f50bf6	2013-01-25 14:06:18 +0100	[diff] [blame]	27	if (!CryptAcquireContext(&hCryptProv, NULL, NULL,
				28	PROV_RSA_FULL, CRYPT_VERIFYCONTEXT))
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	29	goto error;
				30
				31	return 0;
				32
				33	error:
				34	if (raise)
				35	PyErr_SetFromWindowsErr(0);
				36	else
				37	Py_FatalError("Failed to initialize Windows random API (CryptoGen)");
				38	return -1;
				39	}
				40
				41	/* Fill buffer with size pseudo-random bytes generated by the Windows CryptoGen
Victor Stinner	4d6a3d6	2014-12-21 01:16:38 +0100	[diff] [blame]	42	API. Return 0 on success, or raise an exception and return -1 on error. */
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	43	static int
				44	win32_urandom(unsigned char *buffer, Py_ssize_t size, int raise)
				45	{
				46	Py_ssize_t chunk;
				47
				48	if (hCryptProv == 0)
				49	{
				50	if (win32_urandom_init(raise) == -1)
				51	return -1;
				52	}
				53
				54	while (size > 0)
				55	{
				56	chunk = size > INT_MAX ? INT_MAX : size;
Victor Stinner	0c08346	2013-11-15 23:26:25 +0100	[diff] [blame]	57	if (!CryptGenRandom(hCryptProv, (DWORD)chunk, buffer))
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	58	{
				59	/* CryptGenRandom() failed */
				60	if (raise)
				61	PyErr_SetFromWindowsErr(0);
				62	else
				63	Py_FatalError("Failed to initialized the randomized hash "
				64	"secret using CryptoGen)");
				65	return -1;
				66	}
				67	buffer += chunk;
				68	size -= chunk;
				69	}
				70	return 0;
				71	}
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	72
Victor Stinner	4d6a3d6	2014-12-21 01:16:38 +0100	[diff] [blame]	73	#elif HAVE_GETENTROPY
				74	/* Fill buffer with size pseudo-random bytes generated by getentropy().
				75	Return 0 on success, or raise an exception and return -1 on error.
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	76
Victor Stinner	4d6a3d6	2014-12-21 01:16:38 +0100	[diff] [blame]	77	If fatal is nonzero, call Py_FatalError() instead of raising an exception
				78	on error. */
				79	static int
				80	py_getentropy(unsigned char *buffer, Py_ssize_t size, int fatal)
				81	{
				82	while (size > 0) {
				83	Py_ssize_t len = Py_MIN(size, 256);
				84	int res = getentropy(buffer, len);
				85	if (res < 0) {
				86	if (fatal) {
				87	Py_FatalError("getentropy() failed");
				88	}
				89	else {
				90	PyErr_SetFromErrno(PyExc_OSError);
				91	return -1;
				92	}
				93	}
				94	buffer += len;
				95	size -= len;
				96	}
				97	return 0;
				98	}
				99
Victor Stinner	59f7fb2	2015-03-18 14:39:33 +0100	[diff] [blame]	100	#else /* !HAVE_GETENTROPY */
				101
Victor Stinner	9eb57c5	2015-03-19 22:21:49 +0100	[diff] [blame]	102	#ifdef HAVE_GETRANDOM_SYSCALL
Victor Stinner	59f7fb2	2015-03-18 14:39:33 +0100	[diff] [blame]	103	static int
				104	py_getrandom(void *buffer, Py_ssize_t size, int raise)
				105	{
				106	/* is getrandom() supported by the running kernel?
				107	* need Linux kernel 3.17 or later */
				108	static int getrandom_works = 1;
				109	/* Use /dev/urandom, block if the kernel has no entropy */
				110	const int flags = 0;
				111	int n;
				112
				113	if (!getrandom_works)
				114	return 0;
				115
				116	while (0 < size) {
				117	errno = 0;
				118	/* the libc doesn't expose getrandom() yet, see:
				119	* https://sourceware.org/bugzilla/show_bug.cgi?id=17252 */
				120	n = syscall(SYS_getrandom, buffer, size, flags);
				121	if (n < 0) {
				122	if (errno == ENOSYS) {
				123	getrandom_works = 0;
				124	return 0;
				125	}
				126
				127	if (errno == EINTR) {
				128	/* Note: EINTR should not occur with flags=0 */
				129	if (PyErr_CheckSignals()) {
				130	if (!raise)
				131	Py_FatalError("getrandom() interrupted by a signal");
				132	return -1;
				133	}
				134	/* retry getrandom() */
				135	continue;
				136	}
				137
				138	if (raise)
				139	PyErr_SetFromErrno(PyExc_OSError);
				140	else
				141	Py_FatalError("getrandom() failed");
				142	return -1;
				143	}
				144
				145	buffer += n;
				146	size -= n;
				147	}
				148	return 1;
				149	}
				150	#endif
				151
Antoine Pitrou	e472aea	2014-04-26 14:33:03 +0200	[diff] [blame]	152	static struct {
				153	int fd;
				154	dev_t st_dev;
				155	ino_t st_ino;
				156	} urandom_cache = { -1 };
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	157
Victor Stinner	59f7fb2	2015-03-18 14:39:33 +0100	[diff] [blame]	158
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	159	/* Read size bytes from /dev/urandom into buffer.
				160	Call Py_FatalError() on error. */
				161	static void
Christian Heimes	985ecdc	2013-11-20 11:46:18 +0100	[diff] [blame]	162	dev_urandom_noraise(unsigned char *buffer, Py_ssize_t size)
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	163	{
				164	int fd;
				165	Py_ssize_t n;
				166
				167	assert (0 < size);
				168
Victor Stinner	9eb57c5	2015-03-19 22:21:49 +0100	[diff] [blame]	169	#ifdef HAVE_GETRANDOM_SYSCALL
Victor Stinner	59f7fb2	2015-03-18 14:39:33 +0100	[diff] [blame]	170	if (py_getrandom(buffer, size, 0) == 1)
				171	return;
				172	/* getrandom() is not supported by the running kernel, fall back
				173	* on reading /dev/urandom */
				174	#endif
				175
Victor Stinner	c7cd12d	2015-03-19 23:24:45 +0100	[diff] [blame]	176	fd = _Py_open_noraise("/dev/urandom", O_RDONLY);
				177	if (fd < 0)
				178	Py_FatalError("Failed to open /dev/urandom");
				179
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	180	while (0 < size)
				181	{
				182	do {
				183	n = read(fd, buffer, (size_t)size);
				184	} while (n < 0 && errno == EINTR);
				185	if (n <= 0)
				186	{
				187	/* stop on error or if read(size) returned 0 */
				188	Py_FatalError("Failed to read bytes from /dev/urandom");
				189	break;
				190	}
				191	buffer += n;
				192	size -= (Py_ssize_t)n;
				193	}
				194	close(fd);
				195	}
				196
				197	/* Read size bytes from /dev/urandom into buffer.
				198	Return 0 on success, raise an exception and return -1 on error. */
				199	static int
				200	dev_urandom_python(char *buffer, Py_ssize_t size)
				201	{
				202	int fd;
				203	Py_ssize_t n;
Steve Dower	f2f373f	2015-02-21 08:44:05 -0800	[diff] [blame]	204	struct _Py_stat_struct st;
Victor Stinner	9eb57c5	2015-03-19 22:21:49 +0100	[diff] [blame]	205	#ifdef HAVE_GETRANDOM_SYSCALL
Victor Stinner	59f7fb2	2015-03-18 14:39:33 +0100	[diff] [blame]	206	int res;
				207	#endif
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	208
				209	if (size <= 0)
				210	return 0;
				211
Victor Stinner	9eb57c5	2015-03-19 22:21:49 +0100	[diff] [blame]	212	#ifdef HAVE_GETRANDOM_SYSCALL
Victor Stinner	59f7fb2	2015-03-18 14:39:33 +0100	[diff] [blame]	213	res = py_getrandom(buffer, size, 1);
				214	if (res < 0)
				215	return -1;
				216	if (res == 1)
				217	return 0;
				218	/* getrandom() is not supported by the running kernel, fall back
				219	* on reading /dev/urandom */
				220	#endif
				221
Antoine Pitrou	e472aea	2014-04-26 14:33:03 +0200	[diff] [blame]	222	if (urandom_cache.fd >= 0) {
				223	/* Does the fd point to the same thing as before? (issue #21207) */
Steve Dower	f2f373f	2015-02-21 08:44:05 -0800	[diff] [blame]	224	if (_Py_fstat(urandom_cache.fd, &st)
Antoine Pitrou	e472aea	2014-04-26 14:33:03 +0200	[diff] [blame]	225	\|\| st.st_dev != urandom_cache.st_dev
				226	\|\| st.st_ino != urandom_cache.st_ino) {
				227	/* Something changed: forget the cached fd (but don't close it,
				228	since it probably points to something important for some
				229	third-party code). */
				230	urandom_cache.fd = -1;
				231	}
				232	}
				233	if (urandom_cache.fd >= 0)
				234	fd = urandom_cache.fd;
Antoine Pitrou	4879a96	2013-08-31 00:26:02 +0200	[diff] [blame]	235	else {
Antoine Pitrou	4879a96	2013-08-31 00:26:02 +0200	[diff] [blame]	236	fd = _Py_open("/dev/urandom", O_RDONLY);
Victor Stinner	a555cfc	2015-03-18 00:22:14 +0100	[diff] [blame]	237	if (fd < 0) {
Antoine Pitrou	4879a96	2013-08-31 00:26:02 +0200	[diff] [blame]	238	if (errno == ENOENT \|\| errno == ENXIO \|\|
				239	errno == ENODEV \|\| errno == EACCES)
				240	PyErr_SetString(PyExc_NotImplementedError,
				241	"/dev/urandom (or equivalent) not found");
Victor Stinner	a555cfc	2015-03-18 00:22:14 +0100	[diff] [blame]	242	/* otherwise, keep the OSError exception raised by _Py_open() */
Antoine Pitrou	4879a96	2013-08-31 00:26:02 +0200	[diff] [blame]	243	return -1;
				244	}
Antoine Pitrou	e472aea	2014-04-26 14:33:03 +0200	[diff] [blame]	245	if (urandom_cache.fd >= 0) {
Antoine Pitrou	4879a96	2013-08-31 00:26:02 +0200	[diff] [blame]	246	/* urandom_fd was initialized by another thread while we were
				247	not holding the GIL, keep it. */
				248	close(fd);
Antoine Pitrou	e472aea	2014-04-26 14:33:03 +0200	[diff] [blame]	249	fd = urandom_cache.fd;
Antoine Pitrou	4879a96	2013-08-31 00:26:02 +0200	[diff] [blame]	250	}
Antoine Pitrou	e472aea	2014-04-26 14:33:03 +0200	[diff] [blame]	251	else {
Steve Dower	f2f373f	2015-02-21 08:44:05 -0800	[diff] [blame]	252	if (_Py_fstat(fd, &st)) {
Antoine Pitrou	e472aea	2014-04-26 14:33:03 +0200	[diff] [blame]	253	PyErr_SetFromErrno(PyExc_OSError);
				254	close(fd);
				255	return -1;
				256	}
				257	else {
				258	urandom_cache.fd = fd;
				259	urandom_cache.st_dev = st.st_dev;
				260	urandom_cache.st_ino = st.st_ino;
				261	}
				262	}
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	263	}
				264
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	265	do {
Victor Stinner	c9382eb	2015-03-19 23:36:33 +0100	[diff] [blame]	266	n = _Py_read(fd, buffer, (size_t)size);
				267	if (n == -1)
				268	return -1;
				269	if (n == 0) {
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	270	PyErr_Format(PyExc_RuntimeError,
Victor Stinner	c9382eb	2015-03-19 23:36:33 +0100	[diff] [blame]	271	"Failed to read %zi bytes from /dev/urandom",
				272	size);
				273	return -1;
				274	}
				275
				276	buffer += n;
				277	size -= n;
				278	} while (0 < size);
				279
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	280	return 0;
				281	}
Antoine Pitrou	4879a96	2013-08-31 00:26:02 +0200	[diff] [blame]	282
				283	static void
				284	dev_urandom_close(void)
				285	{
Antoine Pitrou	e472aea	2014-04-26 14:33:03 +0200	[diff] [blame]	286	if (urandom_cache.fd >= 0) {
				287	close(urandom_cache.fd);
				288	urandom_cache.fd = -1;
Antoine Pitrou	4879a96	2013-08-31 00:26:02 +0200	[diff] [blame]	289	}
				290	}
				291
Victor Stinner	4d6a3d6	2014-12-21 01:16:38 +0100	[diff] [blame]	292	#endif /* HAVE_GETENTROPY */
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	293
				294	/* Fill buffer with pseudo-random bytes generated by a linear congruent
				295	generator (LCG):
				296
				297	x(n+1) = (x(n) * 214013 + 2531011) % 2^32
				298
				299	Use bits 23..16 of x(n) to generate a byte. */
				300	static void
				301	lcg_urandom(unsigned int x0, unsigned char *buffer, size_t size)
				302	{
				303	size_t index;
				304	unsigned int x;
				305
				306	x = x0;
				307	for (index=0; index < size; index++) {
				308	x *= 214013;
				309	x += 2531011;
				310	/* modulo 2 ^ (8 * sizeof(int)) */
				311	buffer[index] = (x >> 16) & 0xff;
				312	}
				313	}
				314
Georg Brandl	c6a2c9b	2013-10-06 18:43:19 +0200	[diff] [blame]	315	/* Fill buffer with size pseudo-random bytes from the operating system random
Serhiy Storchaka	56a6d85	2014-12-01 18:28:43 +0200	[diff] [blame]	316	number generator (RNG). It is suitable for most cryptographic purposes
Georg Brandl	c6a2c9b	2013-10-06 18:43:19 +0200	[diff] [blame]	317	except long living private keys for asymmetric encryption.
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	318
				319	Return 0 on success, raise an exception and return -1 on error. */
				320	int
				321	_PyOS_URandom(void *buffer, Py_ssize_t size)
				322	{
				323	if (size < 0) {
				324	PyErr_Format(PyExc_ValueError,
				325	"negative argument not allowed");
				326	return -1;
				327	}
				328	if (size == 0)
				329	return 0;
				330
				331	#ifdef MS_WINDOWS
				332	return win32_urandom((unsigned char *)buffer, size, 1);
Victor Stinner	4d6a3d6	2014-12-21 01:16:38 +0100	[diff] [blame]	333	#elif HAVE_GETENTROPY
				334	return py_getentropy(buffer, size, 0);
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	335	#else
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	336	return dev_urandom_python((char*)buffer, size);
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	337	#endif
				338	}
				339
				340	void
				341	_PyRandom_Init(void)
				342	{
				343	char *env;
Christian Heimes	985ecdc	2013-11-20 11:46:18 +0100	[diff] [blame]	344	unsigned char secret = (unsigned char )&_Py_HashSecret.uc;
Benjamin Peterson	69e9727	2012-02-21 11:08:50 -0500	[diff] [blame]	345	Py_ssize_t secret_size = sizeof(_Py_HashSecret_t);
Christian Heimes	985ecdc	2013-11-20 11:46:18 +0100	[diff] [blame]	346	assert(secret_size == sizeof(_Py_HashSecret.uc));
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	347
Benjamin Peterson	69e9727	2012-02-21 11:08:50 -0500	[diff] [blame]	348	if (_Py_HashSecret_Initialized)
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	349	return;
Benjamin Peterson	69e9727	2012-02-21 11:08:50 -0500	[diff] [blame]	350	_Py_HashSecret_Initialized = 1;
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	351
				352	/*
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	353	Hash randomization is enabled. Generate a per-process secret,
				354	using PYTHONHASHSEED if provided.
				355	*/
				356
				357	env = Py_GETENV("PYTHONHASHSEED");
Georg Brandl	12897d7	2012-02-20 23:49:29 +0100	[diff] [blame]	358	if (env && *env != '\0' && strcmp(env, "random") != 0) {
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	359	char *endptr = env;
				360	unsigned long seed;
				361	seed = strtoul(env, &endptr, 10);
				362	if (*endptr != '\0'
				363	\|\| seed > 4294967295UL
				364	\|\| (errno == ERANGE && seed == ULONG_MAX))
				365	{
				366	Py_FatalError("PYTHONHASHSEED must be \"random\" or an integer "
				367	"in range [0; 4294967295]");
				368	}
				369	if (seed == 0) {
				370	/* disable the randomized hash */
				371	memset(secret, 0, secret_size);
				372	}
				373	else {
Christian Heimes	985ecdc	2013-11-20 11:46:18 +0100	[diff] [blame]	374	lcg_urandom(seed, secret, secret_size);
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	375	}
				376	}
				377	else {
				378	#ifdef MS_WINDOWS
Christian Heimes	985ecdc	2013-11-20 11:46:18 +0100	[diff] [blame]	379	(void)win32_urandom(secret, secret_size, 0);
Victor Stinner	4d6a3d6	2014-12-21 01:16:38 +0100	[diff] [blame]	380	#elif HAVE_GETENTROPY
				381	(void)py_getentropy(secret, secret_size, 1);
Christian Heimes	af01f66	2013-12-21 16:19:10 +0100	[diff] [blame]	382	#else
Christian Heimes	985ecdc	2013-11-20 11:46:18 +0100	[diff] [blame]	383	dev_urandom_noraise(secret, secret_size);
Georg Brandl	2daf6ae	2012-02-20 19:54:16 +0100	[diff] [blame]	384	#endif
				385	}
				386	}
Antoine Pitrou	4879a96	2013-08-31 00:26:02 +0200	[diff] [blame]	387
				388	void
				389	_PyRandom_Fini(void)
				390	{
Victor Stinner	d50c3f3	2014-05-02 22:06:44 +0200	[diff] [blame]	391	#ifdef MS_WINDOWS
				392	if (hCryptProv) {
Tim Golden	b8ac3e1	2014-05-06 13:29:45 +0100	[diff] [blame]	393	CryptReleaseContext(hCryptProv, 0);
Victor Stinner	d50c3f3	2014-05-02 22:06:44 +0200	[diff] [blame]	394	hCryptProv = 0;
				395	}
Victor Stinner	4d6a3d6	2014-12-21 01:16:38 +0100	[diff] [blame]	396	#elif HAVE_GETENTROPY
				397	/* nothing to clean */
Victor Stinner	d50c3f3	2014-05-02 22:06:44 +0200	[diff] [blame]	398	#else
Antoine Pitrou	4879a96	2013-08-31 00:26:02 +0200	[diff] [blame]	399	dev_urandom_close();
				400	#endif
				401	}