| OLD | NEW |
|---|
| (Empty) | |
| 1 #include "Python.h" |
| 2 #ifdef MS_WINDOWS |
| 3 #include <windows.h> |
| 4 #else |
| 5 #include <fcntl.h> |
| 6 #endif |
| 7 |
| 8 static int random_initialized = 0; |
| 9 |
| 10 #ifdef MS_WINDOWS |
| 11 typedef BOOL (WINAPI *CRYPTACQUIRECONTEXTA)(HCRYPTPROV *phProv,\ |
| 12 LPCSTR pszContainer, LPCSTR pszProvider, DWORD dwProvType,\ |
| 13 DWORD dwFlags ); |
| 14 typedef BOOL (WINAPI *CRYPTGENRANDOM)(HCRYPTPROV hProv, DWORD dwLen,\ |
| 15 BYTE *pbBuffer ); |
| 16 |
| 17 static CRYPTGENRANDOM pCryptGenRandom = NULL; |
| 18 /* This handle is never explicitly released. Instead, the operating |
| 19 system will release it when the process terminates. */ |
| 20 static HCRYPTPROV hCryptProv = 0; |
| 21 |
| 22 static int |
| 23 win32_urandom_init(int raise) |
| 24 { |
| 25 HINSTANCE hAdvAPI32 = NULL; |
| 26 CRYPTACQUIRECONTEXTA pCryptAcquireContext = NULL; |
| 27 |
| 28 /* Obtain handle to the DLL containing CryptoAPI. This should not fail. */ |
| 29 hAdvAPI32 = GetModuleHandle("advapi32.dll"); |
| 30 if(hAdvAPI32 == NULL) |
| 31 goto error; |
| 32 |
| 33 /* Obtain pointers to the CryptoAPI functions. This will fail on some early |
| 34 versions of Win95. */ |
| 35 pCryptAcquireContext = (CRYPTACQUIRECONTEXTA)GetProcAddress( |
| 36 hAdvAPI32, "CryptAcquireContextA"); |
| 37 if (pCryptAcquireContext == NULL) |
| 38 goto error; |
| 39 |
| 40 pCryptGenRandom = (CRYPTGENRANDOM)GetProcAddress(hAdvAPI32, |
| 41 "CryptGenRandom"); |
| 42 if (pCryptGenRandom == NULL) |
| 43 goto error; |
| 44 |
| 45 /* Acquire context */ |
| 46 if (! pCryptAcquireContext(&hCryptProv, NULL, NULL, |
| 47 PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) |
| 48 goto error; |
| 49 |
| 50 return 0; |
| 51 |
| 52 error: |
| 53 if (raise) |
| 54 PyErr_SetFromWindowsErr(0); |
| 55 else |
| 56 Py_FatalError("Failed to initialize Windows random API (CryptoGen)"); |
| 57 return -1; |
| 58 } |
| 59 |
| 60 /* Fill buffer with size pseudo-random bytes generated by the Windows CryptoGen |
| 61 API. Return 0 on success, or -1 on error. */ |
| 62 static int |
| 63 win32_urandom(unsigned char *buffer, Py_ssize_t size, int raise) |
| 64 { |
| 65 Py_ssize_t chunk; |
| 66 |
| 67 if (hCryptProv == 0) |
| 68 { |
| 69 if (win32_urandom_init(raise) == -1) |
| 70 return -1; |
| 71 } |
| 72 |
| 73 while (size > 0) |
| 74 { |
| 75 chunk = size > INT_MAX ? INT_MAX : size; |
| 76 if (!pCryptGenRandom(hCryptProv, chunk, buffer)) |
| 77 { |
| 78 /* CryptGenRandom() failed */ |
| 79 if (raise) |
| 80 PyErr_SetFromWindowsErr(0); |
| 81 else |
| 82 Py_FatalError("Failed to initialized the randomized hash " |
| 83 "secret using CryptoGen)"); |
| 84 return -1; |
| 85 } |
| 86 buffer += chunk; |
| 87 size -= chunk; |
| 88 } |
| 89 return 0; |
| 90 } |
| 91 #endif /* MS_WINDOWS */ |
| 92 |
| 93 |
| 94 #ifdef __VMS |
| 95 /* Use openssl random routine */ |
| 96 #include <openssl/rand.h> |
| 97 static int |
| 98 vms_urandom(unsigned char *buffer, Py_ssize_t size, int raise) |
| 99 { |
| 100 if (RAND_pseudo_bytes(buffer, size) < 0) { |
| 101 if (raise) { |
| 102 PyErr_Format(PyExc_ValueError, |
| 103 "RAND_pseudo_bytes"); |
| 104 } else { |
| 105 Py_FatalError("Failed to initialize the randomized hash " |
| 106 "secret using RAND_pseudo_bytes"); |
| 107 } |
| 108 return -1; |
| 109 } |
| 110 return 0; |
| 111 } |
| 112 #endif /* __VMS */ |
| 113 |
| 114 |
| 115 #if !defined(MS_WINDOWS) && !defined(__VMS) |
| 116 |
| 117 /* Read size bytes from /dev/urandom into buffer. |
| 118 Call Py_FatalError() on error. */ |
| 119 static void |
| 120 dev_urandom_noraise(char *buffer, Py_ssize_t size) |
| 121 { |
| 122 int fd; |
| 123 Py_ssize_t n; |
| 124 |
| 125 assert (0 < size); |
| 126 |
| 127 fd = open("/dev/urandom", O_RDONLY); |
| 128 if (fd < 0) |
| 129 Py_FatalError("Failed to open /dev/urandom"); |
| 130 |
| 131 while (0 < size) |
| 132 { |
| 133 do { |
| 134 n = read(fd, buffer, (size_t)size); |
| 135 } while (n < 0 && errno == EINTR); |
| 136 if (n <= 0) |
| 137 { |
| 138 /* stop on error or if read(size) returned 0 */ |
| 139 Py_FatalError("Failed to read bytes from /dev/urandom"); |
| 140 break; |
| 141 } |
| 142 buffer += n; |
| 143 size -= (Py_ssize_t)n; |
| 144 } |
| 145 close(fd); |
| 146 } |
| 147 |
| 148 /* Read size bytes from /dev/urandom into buffer. |
| 149 Return 0 on success, raise an exception and return -1 on error. */ |
| 150 static int |
| 151 dev_urandom_python(char *buffer, Py_ssize_t size) |
| 152 { |
| 153 int fd; |
| 154 Py_ssize_t n; |
| 155 |
| 156 if (size <= 0) |
| 157 return 0; |
| 158 |
| 159 Py_BEGIN_ALLOW_THREADS |
| 160 fd = open("/dev/urandom", O_RDONLY); |
| 161 Py_END_ALLOW_THREADS |
| 162 if (fd < 0) |
| 163 { |
| 164 PyErr_SetFromErrnoWithFilename(PyExc_OSError, "/dev/urandom"); |
| 165 return -1; |
| 166 } |
| 167 |
| 168 Py_BEGIN_ALLOW_THREADS |
| 169 do { |
| 170 do { |
| 171 n = read(fd, buffer, (size_t)size); |
| 172 } while (n < 0 && errno == EINTR); |
| 173 if (n <= 0) |
| 174 break; |
| 175 buffer += n; |
| 176 size -= (Py_ssize_t)n; |
| 177 } while (0 < size); |
| 178 Py_END_ALLOW_THREADS |
| 179 |
| 180 if (n <= 0) |
| 181 { |
| 182 /* stop on error or if read(size) returned 0 */ |
| 183 if (n < 0) |
| 184 PyErr_SetFromErrno(PyExc_OSError); |
| 185 else |
| 186 PyErr_Format(PyExc_RuntimeError, |
| 187 "Failed to read %zi bytes from /dev/urandom", |
| 188 size); |
| 189 close(fd); |
| 190 return -1; |
| 191 } |
| 192 close(fd); |
| 193 return 0; |
| 194 } |
| 195 #endif /* !defined(MS_WINDOWS) && !defined(__VMS) */ |
| 196 |
| 197 /* Fill buffer with pseudo-random bytes generated by a linear congruent |
| 198 generator (LCG): |
| 199 |
| 200 x(n+1) = (x(n) * 214013 + 2531011) % 2^32 |
| 201 |
| 202 Use bits 23..16 of x(n) to generate a byte. */ |
| 203 static void |
| 204 lcg_urandom(unsigned int x0, unsigned char *buffer, size_t size) |
| 205 { |
| 206 size_t index; |
| 207 unsigned int x; |
| 208 |
| 209 x = x0; |
| 210 for (index=0; index < size; index++) { |
| 211 x *= 214013; |
| 212 x += 2531011; |
| 213 /* modulo 2 ^ (8 * sizeof(int)) */ |
| 214 buffer[index] = (x >> 16) & 0xff; |
| 215 } |
| 216 } |
| 217 |
| 218 /* Fill buffer with size pseudo-random bytes, not suitable for cryptographic |
| 219 use, from the operating random number generator (RNG). |
| 220 |
| 221 Return 0 on success, raise an exception and return -1 on error. */ |
| 222 int |
| 223 _PyOS_URandom(void *buffer, Py_ssize_t size) |
| 224 { |
| 225 if (size < 0) { |
| 226 PyErr_Format(PyExc_ValueError, |
| 227 "negative argument not allowed"); |
| 228 return -1; |
| 229 } |
| 230 if (size == 0) |
| 231 return 0; |
| 232 |
| 233 #ifdef MS_WINDOWS |
| 234 return win32_urandom((unsigned char *)buffer, size, 1); |
| 235 #else |
| 236 # ifdef __VMS |
| 237 return vms_urandom((unsigned char *)buffer, size, 1); |
| 238 # else |
| 239 return dev_urandom_python((char*)buffer, size); |
| 240 # endif |
| 241 #endif |
| 242 } |
| 243 |
| 244 void |
| 245 _PyRandom_Init(void) |
| 246 { |
| 247 char *env; |
| 248 void *secret = &_Py_HashSecret; |
| 249 Py_ssize_t secret_size = sizeof(_Py_HashSecret); |
| 250 |
| 251 if (random_initialized) |
| 252 return; |
| 253 random_initialized = 1; |
| 254 |
| 255 /* |
| 256 By default, hash randomization is disabled, and only |
| 257 enabled if PYTHONHASHSEED is set to non-empty or if |
| 258 "-R" is provided at the command line: |
| 259 */ |
| 260 if (!Py_HashRandomizationFlag) { |
| 261 /* Disable the randomized hash: */ |
| 262 memset(secret, 0, secret_size); |
| 263 return; |
| 264 } |
| 265 |
| 266 /* |
| 267 Hash randomization is enabled. Generate a per-process secret, |
| 268 using PYTHONHASHSEED if provided. |
| 269 */ |
| 270 |
| 271 env = Py_GETENV("PYTHONHASHSEED"); |
| 272 if (env && *env != '\0' & strcmp(env, "random") != 0) { |
| 273 char *endptr = env; |
| 274 unsigned long seed; |
| 275 seed = strtoul(env, &endptr, 10); |
| 276 if (*endptr != '\0' |
| 277 || seed > 4294967295UL |
| 278 || (errno == ERANGE && seed == ULONG_MAX)) |
| 279 { |
| 280 Py_FatalError("PYTHONHASHSEED must be \"random\" or an integer " |
| 281 "in range [0; 4294967295]"); |
| 282 } |
| 283 if (seed == 0) { |
| 284 /* disable the randomized hash */ |
| 285 memset(secret, 0, secret_size); |
| 286 } |
| 287 else { |
| 288 lcg_urandom(seed, (unsigned char*)secret, secret_size); |
| 289 } |
| 290 } |
| 291 else { |
| 292 #ifdef MS_WINDOWS |
| 293 (void)win32_urandom((unsigned char *)secret, secret_size, 0); |
| 294 #else /* #ifdef MS_WINDOWS */ |
| 295 # ifdef __VMS |
| 296 vms_urandom((unsigned char *)secret, secret_size, 0); |
| 297 # else |
| 298 dev_urandom_noraise((char*)secret, secret_size); |
| 299 # endif |
| 300 #endif |
| 301 } |
| 302 } |
| OLD | NEW |
|---|
