| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
Issue #27776: The os.urandom() function does now block on Linux 3.17 and newer
until the system urandom entropy pool is initialized to increase the security.
This change is part of the PEP 524.
|
| | |
|
| |
|
|
|
| |
Merge dev_urandom_python() and dev_urandom_noraise() functions to reduce code
duplication.
|
| |
|
|
|
|
| |
Modify py_getrandom() to not call PyErr_CheckSignals() if raise is zero.
_PyRandom_Init() is called very early in the Python initialization, so it's
safer to not call PyErr_CheckSignals().
|
| |
|
|
|
|
| |
* Add pyurandom() helper function to factorize the code
* don't call Py_FatalError() in helper functions, but only in _PyRandom_Init()
if pyurandom() failed, to uniformize the code
|
| |
|
|
| |
Based on patch by Roumen Petrov.
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| | |
Issue #27278. It should fix a conversion warning.
In practice, the Linux kernel doesn't return more than 32 MB per call to the
getrandom() syscall.
|
| |\ \
| |/ |
|
| | |
| |
| |
| | |
Casting Py_ssize_t to Py_ssize_t is useless.
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| | |
Issue #27278: Fix os.urandom() implementation using getrandom() on Linux.
Truncate size to INT_MAX and loop until we collected enough random bytes,
instead of casting a directly Py_ssize_t to int.
|
| |\ \
| |/ |
|
| | | |
|
| | |
| |
| |
| | |
Fix a "gcc -pedantic" warning on "buffer += n" because buffer type is void*.
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| | |
Issue #26839: On Linux, os.urandom() now calls getrandom() with GRND_NONBLOCK
to fall back on reading /dev/urandom if the urandom entropy pool is not
initialized yet. Patch written by Colm Buckley.
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| | |
Issue #26735: Fix os.urandom() on Solaris 11.3 and newer when reading more than
1,024 bytes: call getrandom() multiple times with a limit of 1024 bytes per
call.
|
| |/ |
|
| |\ |
|
| | |
| |
| |
| |
| | |
getentropy() is blocking, whereas os.urandom() should not block. getentropy()
is supported since Solaris 11.3.
|
| | |
| |
| |
| |
| |
| | |
function instead of the getentropy() function. The getentropy() function is
blocking to generate very good quality entropy, os.urandom() doesn't need such
high-quality entropy.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
See the latest version of getrandom() manual page:
http://man7.org/linux/man-pages/man2/getrandom.2.html#NOTES
The behavior when a call to getrandom() that is blocked while reading from
/dev/urandom is interrupted by a signal handler depends on the
initialization state of the entropy buffer and on the request size, buflen.
If the entropy is not yet initialized, then the call will fail with the
EINTR error. If the entropy pool has been initialized and the request size
is large (buflen > 256), the call either succeeds, returning a partially
filled buffer, or fails with the error EINTR. If the entropy pool has been
initialized and the request size is small (buflen <= 256), then getrandom()
will not fail with EINTR. Instead, it will return all of the bytes that
have been requested.
Note: py_getrandom() calls getrandom() with flags=0.
|
| |\ \
| |/
| |
| | |
getentropy() is used (OpenBSD 5.6+).
|
| | |
| |
| |
| | |
(OpenBSD 5.6+).
|
| | |
| |
| |
| | |
instead of reading /dev/urandom, to get pseudo-random bytes.
|
| | |
| |
| |
| | |
implementation is used.
|
| | |
| |
| |
| | |
Add _Py_fstat_noraise() function when a Python exception is not welcome.
|
| | |
| |
| |
| |
| |
| |
| | |
read() is interrupted by a signal.
dev_urandom_python() now calls _Py_read() helper instead of calling directly
read().
|
| | |
| |
| |
| | |
opening /dev/urandom.
|
| | |
| |
| |
| |
| |
| | |
and stored in pyconfig.h as the new HAVE_GETRANDOM_SYSCALL define.
Fix os.urandom() tests using file descriptors if os.urandom() uses getrandom().
|
| | |
| |
| |
| |
| |
| | |
available, syscall introduced in the Linux kernel 3.17. It is more reliable
and more secure, because it avoids the need of a file descriptor and waits
until the kernel has enough entropy.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* _Py_open() now raises exceptions on error. If open() fails, it raises an
OSError with the filename.
* _Py_open() now releases the GIL while calling open()
* Add _Py_open_noraise() when _Py_open() cannot be used because the GIL is not
held
|
| | |
| |
| |
| |
| |
| | |
Windows.
fstat() may fail with EOVERFLOW on files larger than 2 GB because the file size type is an signed 32-bit integer.
|
| | |
| |
| |
| | |
instead of reading /dev/urandom, to get pseudo-random bytes.
|
| |\ \
| |/ |
|
| | | |
|
| | | |
|
| |/ |
|
| |
|
|
| |
replaced, and open it anew.
|
| | |
|
| |
|
|
| |
Python now uses SipHash24 on all major platforms.
|
| |
|
|
| |
CryptGenRandom()
|
| |\ |
|
| | | |
|
| | |
| |
| |
| | |
descriptor, so as to avoid using many file descriptors when run in parallel from multiple threads.
|
| | |
| |
| |
| |
| | |
are now created non-inheritable; add functions os.get/set_inheritable(),
os.get/set_handle_inheritable() and socket.socket.get/set_inheritable().
|
| |\ \
| |/
| |
| | |
due to something else than /dev/urandom not existing.
|
| | |
| |
| |
| | |
due to something else than /dev/urandom not existing.
|
