summaryrefslogtreecommitdiffstats
path: root/Python
diff options
context:
space:
mode:
Diffstat (limited to 'Python')
-rw-r--r--Python/random.c129
1 files changed, 74 insertions, 55 deletions
diff --git a/Python/random.c b/Python/random.c
index 945269a..7d37fe9 100644
--- a/Python/random.c
+++ b/Python/random.c
@@ -39,10 +39,9 @@ win32_urandom_init(int raise)
return 0;
error:
- if (raise)
+ if (raise) {
PyErr_SetFromWindowsErr(0);
- else
- Py_FatalError("Failed to initialize Windows random API (CryptoGen)");
+ }
return -1;
}
@@ -55,8 +54,9 @@ win32_urandom(unsigned char *buffer, Py_ssize_t size, int raise)
if (hCryptProv == 0)
{
- if (win32_urandom_init(raise) == -1)
+ if (win32_urandom_init(raise) == -1) {
return -1;
+ }
}
while (size > 0)
@@ -65,11 +65,9 @@ win32_urandom(unsigned char *buffer, Py_ssize_t size, int raise)
if (!CryptGenRandom(hCryptProv, (DWORD)chunk, buffer))
{
/* CryptGenRandom() failed */
- if (raise)
+ if (raise) {
PyErr_SetFromWindowsErr(0);
- else
- Py_FatalError("Failed to initialized the randomized hash "
- "secret using CryptoGen)");
+ }
return -1;
}
buffer += chunk;
@@ -86,29 +84,28 @@ win32_urandom(unsigned char *buffer, Py_ssize_t size, int raise)
/* Fill buffer with size pseudo-random bytes generated by getentropy().
Return 0 on success, or raise an exception and return -1 on error.
- If fatal is nonzero, call Py_FatalError() instead of raising an exception
- on error. */
+ If raise is zero, don't raise an exception on error. */
static int
-py_getentropy(unsigned char *buffer, Py_ssize_t size, int fatal)
+py_getentropy(char *buffer, Py_ssize_t size, int raise)
{
while (size > 0) {
Py_ssize_t len = Py_MIN(size, 256);
int res;
- if (!fatal) {
+ if (raise) {
Py_BEGIN_ALLOW_THREADS
res = getentropy(buffer, len);
Py_END_ALLOW_THREADS
-
- if (res < 0) {
- PyErr_SetFromErrno(PyExc_OSError);
- return -1;
- }
}
else {
res = getentropy(buffer, len);
- if (res < 0)
- Py_FatalError("getentropy() failed");
+ }
+
+ if (res < 0) {
+ if (raise) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ }
+ return -1;
}
buffer += len;
@@ -195,18 +192,15 @@ py_getrandom(void *buffer, Py_ssize_t size, int raise)
if (errno == EINTR) {
if (PyErr_CheckSignals()) {
- if (!raise)
- Py_FatalError("getrandom() interrupted by a signal");
return -1;
}
/* retry getrandom() */
continue;
}
- if (raise)
+ if (raise) {
PyErr_SetFromErrno(PyExc_OSError);
- else
- Py_FatalError("getrandom() failed");
+ }
return -1;
}
@@ -225,9 +219,9 @@ static struct {
/* Read size bytes from /dev/urandom into buffer.
- Call Py_FatalError() on error. */
-static void
-dev_urandom_noraise(unsigned char *buffer, Py_ssize_t size)
+ Return 0 success, or return -1 on error. */
+static int
+dev_urandom_noraise(char *buffer, Py_ssize_t size)
{
int fd;
Py_ssize_t n;
@@ -235,31 +229,35 @@ dev_urandom_noraise(unsigned char *buffer, Py_ssize_t size)
assert (0 < size);
#ifdef PY_GETRANDOM
- if (py_getrandom(buffer, size, 0) == 1)
- return;
+ if (py_getrandom(buffer, size, 0) == 1) {
+ return 0;
+ }
/* getrandom() is not supported by the running kernel, fall back
* on reading /dev/urandom */
#endif
fd = _Py_open_noraise("/dev/urandom", O_RDONLY);
- if (fd < 0)
- Py_FatalError("Failed to open /dev/urandom");
+ if (fd < 0) {
+ return -1;
+ }
while (0 < size)
{
do {
n = read(fd, buffer, (size_t)size);
} while (n < 0 && errno == EINTR);
- if (n <= 0)
- {
+
+ if (n <= 0) {
/* stop on error or if read(size) returned 0 */
- Py_FatalError("Failed to read bytes from /dev/urandom");
- break;
+ return -1;
}
+
buffer += n;
size -= n;
}
close(fd);
+
+ return 0;
}
/* Read size bytes from /dev/urandom into buffer.
@@ -379,31 +377,51 @@ lcg_urandom(unsigned int x0, unsigned char *buffer, size_t size)
}
}
-/* Fill buffer with size pseudo-random bytes from the operating system random
- number generator (RNG). It is suitable for most cryptographic purposes
- except long living private keys for asymmetric encryption.
-
- Return 0 on success, raise an exception and return -1 on error. */
-int
-_PyOS_URandom(void *buffer, Py_ssize_t size)
+/* If raise is zero:
+ * - Don't raise exceptions on error
+ * - Don't call PyErr_CheckSignals() on EINTR (retry directly the interrupted
+ * syscall)
+ * - Don't release the GIL to call syscalls. */
+static int
+pyurandom(void *buffer, Py_ssize_t size, int raise)
{
if (size < 0) {
- PyErr_Format(PyExc_ValueError,
- "negative argument not allowed");
+ if (raise) {
+ PyErr_Format(PyExc_ValueError,
+ "negative argument not allowed");
+ }
return -1;
}
- if (size == 0)
+
+ if (size == 0) {
return 0;
+ }
#ifdef MS_WINDOWS
- return win32_urandom((unsigned char *)buffer, size, 1);
+ return win32_urandom((unsigned char *)buffer, size, raise);
#elif defined(PY_GETENTROPY)
- return py_getentropy(buffer, size, 0);
+ return py_getentropy(buffer, size, raise);
#else
- return dev_urandom_python((char*)buffer, size);
+ if (raise) {
+ return dev_urandom_python(buffer, size);
+ }
+ else {
+ return dev_urandom_noraise(buffer, size);
+ }
#endif
}
+/* Fill buffer with size pseudo-random bytes from the operating system random
+ number generator (RNG). It is suitable for most cryptographic purposes
+ except long living private keys for asymmetric encryption.
+
+ Return 0 on success, raise an exception and return -1 on error. */
+int
+_PyOS_URandom(void *buffer, Py_ssize_t size)
+{
+ return pyurandom(buffer, size, 1);
+}
+
void
_PyRandom_Init(void)
{
@@ -442,13 +460,14 @@ _PyRandom_Init(void)
}
}
else {
-#ifdef MS_WINDOWS
- (void)win32_urandom(secret, secret_size, 0);
-#elif defined(PY_GETENTROPY)
- (void)py_getentropy(secret, secret_size, 1);
-#else
- dev_urandom_noraise(secret, secret_size);
-#endif
+ int res;
+
+ /* _PyRandom_Init() is called very early in the Python initialization
+ * and so exceptions cannot be used. */
+ res = pyurandom(secret, secret_size, 0);
+ if (res < 0) {
+ Py_FatalError("failed to get random numbers to initialize Python");
+ }
}
}