Issue #22585: On OpenBSD 5.6 and newer, os.urandom() now calls getentropy(),

instead of reading /dev/urandom, to get pseudo-random bytes.
12 years ago · fe02e39029
6 changed files with 56 additions and 9 deletions
--- a/Lib/test/test_os.py
+++ b/Lib/test/test_os.py
@ -27,6 +27,7 @@ import codecs
 import decimal
 import fractions
 import pickle
+import sysconfig
 try:
    import threading
 except ImportError:
@ -1053,6 +1054,12 @@ class URandomTests(unittest.TestCase):
        data2 = self.get_urandom_subprocess(16)
        self.assertNotEqual(data1, data2)

+
+HAVE_GETENTROPY = (sysconfig.get_config_var('HAVE_GETENTROPY') == 1)
+
+@unittest.skipIf(HAVE_GETENTROPY,
+                 "getentropy() does not use a file descriptor")
+class URandomFDTests(unittest.TestCase):
    @unittest.skipUnless(resource, "test requires the resource module")
    def test_urandom_failure(self):
        # Check urandom() failing when it is not able to open /dev/random.
--- a/Misc/NEWS
+++ b/Misc/NEWS
@ -41,6 +41,9 @@ Core and Builtins
 Library
 -------

+- Issue #22585: On OpenBSD 5.6 and newer, os.urandom() now calls getentropy(),
+  instead of reading /dev/urandom, to get pseudo-random bytes.
+
 - Issue #23112: Fix SimpleHTTPServer to correctly carry the query string and
  fragment when it redirects to add a trailing slash.

--- a/Python/random.c
+++ b/Python/random.c
@ -15,8 +15,6 @@ static int _Py_HashSecret_Initialized = 0;
 #endif

 #ifdef MS_WINDOWS
-/* This handle is never explicitly released. Instead, the operating
-   system will release it when the process terminates. */
 static HCRYPTPROV hCryptProv = 0;

 static int
@ -38,7 +36,7 @@ error:
 }

 /* Fill buffer with size pseudo-random bytes generated by the Windows CryptoGen
-   API. Return 0 on success, or -1 on error. */
+   API. Return 0 on success, or raise an exception and return -1 on error. */
 static int
 win32_urandom(unsigned char *buffer, Py_ssize_t size, int raise)
 {
@ -68,10 +66,35 @@ win32_urandom(unsigned char *buffer, Py_ssize_t size, int raise)
    }
    return 0;
 }
-#endif /* MS_WINDOWS */

+#elif HAVE_GETENTROPY
+/* Fill buffer with size pseudo-random bytes generated by getentropy().
+   Return 0 on success, or raise an exception and return -1 on error.

-#ifndef MS_WINDOWS
+   If fatal is nonzero, call Py_FatalError() instead of raising an exception
+   on error. */
+static int
+py_getentropy(unsigned char *buffer, Py_ssize_t size, int fatal)
+{
+    while (size > 0) {
+        Py_ssize_t len = Py_MIN(size, 256);
+        int res = getentropy(buffer, len);
+        if (res < 0) {
+            if (fatal) {
+                Py_FatalError("getentropy() failed");
+            }
+            else {
+                PyErr_SetFromErrno(PyExc_OSError);
+                return -1;
+            }
+        }
+        buffer += len;
+        size -= len;
+    }
+    return 0;
+}
+
+#else
 static struct {
    int fd;
    dev_t st_dev;
@ -203,7 +226,7 @@ dev_urandom_close(void)
    }
 }

-#endif /* MS_WINDOWS */
+#endif /* HAVE_GETENTROPY */

 /* Fill buffer with pseudo-random bytes generated by a linear congruent
   generator (LCG):
@ -244,6 +267,8 @@ _PyOS_URandom(void *buffer, Py_ssize_t size)

 #ifdef MS_WINDOWS
    return win32_urandom((unsigned char *)buffer, size, 1);
+#elif HAVE_GETENTROPY
+    return py_getentropy(buffer, size, 0);
 #else
    return dev_urandom_python((char*)buffer, size);
 #endif
@ -289,6 +314,8 @@ _PyRandom_Init(void)
    else {
 #ifdef MS_WINDOWS
        (void)win32_urandom(secret, secret_size, 0);
+#elif HAVE_GETENTROPY
+        (void)py_getentropy(secret, secret_size, 1);
 #else
        dev_urandom_noraise(secret, secret_size);
 #endif
@ -298,7 +325,14 @@ _PyRandom_Init(void)
 void
 _PyRandom_Fini(void)
 {
-#ifndef MS_WINDOWS
+#ifdef MS_WINDOWS
+    if (hCryptProv) {
+        CryptReleaseContext(hCryptProv, 0);
+        hCryptProv = 0;
+    }
+#elif HAVE_GETENTROPY
+    /* nothing to clean */
+#else
    dev_urandom_close();
 #endif
 }
--- a/2
+++ b/2
@ -10495,7 +10495,7 @@ fi
 for ac_func in alarm accept4 setitimer getitimer bind_textdomain_codeset chown \
 clock confstr ctermid dup3 execv faccessat fchmod fchmodat fchown fchownat \
 fexecve fdopendir fork fpathconf fstatat ftime ftruncate futimesat \
- futimens futimes gai_strerror \
+ futimens futimes gai_strerror getentropy \
 getgrouplist getgroups getlogin getloadavg getpeername getpgid getpid \
 getpriority getresuid getresgid getpwent getspnam getspent getsid getwd \
 if_nameindex \
--- a/configure.ac
+++ b/configure.ac
@ -2935,7 +2935,7 @@ fi
 AC_CHECK_FUNCS(alarm accept4 setitimer getitimer bind_textdomain_codeset chown \
 clock confstr ctermid dup3 execv faccessat fchmod fchmodat fchown fchownat \
 fexecve fdopendir fork fpathconf fstatat ftime ftruncate futimesat \
- futimens futimes gai_strerror \
+ futimens futimes gai_strerror getentropy \
 getgrouplist getgroups getlogin getloadavg getpeername getpgid getpid \
 getpriority getresuid getresgid getpwent getspnam getspent getsid getwd \
 if_nameindex \
--- a/pyconfig.h.in
+++ b/pyconfig.h.in
@ -329,6 +329,9 @@
 /* Define this if you have flockfile(), getc_unlocked(), and funlockfile() */
 #undef HAVE_GETC_UNLOCKED

+/* Define to 1 if you have the `getentropy' function. */
+#undef HAVE_GETENTROPY
+
 /* Define to 1 if you have the `getgrouplist' function. */
 #undef HAVE_GETGROUPLIST