Issue #22585: On OpenBSD 5.6 and newer, os.urandom() now calls getentropy(),

instead of reading /dev/urandom, to get pseudo-random bytes.
2025-07-23 03:05:38 +00:00 · 2014-12-21 01:16:38 +01:00 · 2014-12-21 01:16:38 +01:00 · 4d6a3d6c01
commit 4d6a3d6c01
parent 3c6fe4da88
6 changed files with 50 additions and 6 deletions
--- a/Python/random.c
+++ b/Python/random.c
@ -36,7 +36,7 @@ error:
 }

 /* Fill buffer with size pseudo-random bytes generated by the Windows CryptoGen
-   API. Return 0 on success, or -1 on error. */
+   API. Return 0 on success, or raise an exception and return -1 on error. */
 static int
 win32_urandom(unsigned char *buffer, Py_ssize_t size, int raise)
 {
@ -66,10 +66,35 @@ win32_urandom(unsigned char *buffer, Py_ssize_t size, int raise)
    }
    return 0;
 }
-#endif /* MS_WINDOWS */

+#elif HAVE_GETENTROPY
+/* Fill buffer with size pseudo-random bytes generated by getentropy().
+   Return 0 on success, or raise an exception and return -1 on error.

-#ifndef MS_WINDOWS
+   If fatal is nonzero, call Py_FatalError() instead of raising an exception
+   on error. */
+static int
+py_getentropy(unsigned char *buffer, Py_ssize_t size, int fatal)
+{
+    while (size > 0) {
+        Py_ssize_t len = Py_MIN(size, 256);
+        int res = getentropy(buffer, len);
+        if (res < 0) {
+            if (fatal) {
+                Py_FatalError("getentropy() failed");
+            }
+            else {
+                PyErr_SetFromErrno(PyExc_OSError);
+                return -1;
+            }
+        }
+        buffer += len;
+        size -= len;
+    }
+    return 0;
+}
+
+#else
 static struct {
    int fd;
    dev_t st_dev;
@ -201,7 +226,7 @@ dev_urandom_close(void)
    }
 }

-#endif /* MS_WINDOWS */
+#endif /* HAVE_GETENTROPY */

 /* Fill buffer with pseudo-random bytes generated by a linear congruent
   generator (LCG):
@ -242,6 +267,8 @@ _PyOS_URandom(void *buffer, Py_ssize_t size)

 #ifdef MS_WINDOWS
    return win32_urandom((unsigned char *)buffer, size, 1);
+#elif HAVE_GETENTROPY
+    return py_getentropy(buffer, size, 0);
 #else
    return dev_urandom_python((char*)buffer, size);
 #endif
@ -287,6 +314,8 @@ _PyRandom_Init(void)
    else {
 #ifdef MS_WINDOWS
        (void)win32_urandom(secret, secret_size, 0);
+#elif HAVE_GETENTROPY
+        (void)py_getentropy(secret, secret_size, 1);
 #else
        dev_urandom_noraise(secret, secret_size);
 #endif
@ -301,6 +330,8 @@ _PyRandom_Fini(void)
        CryptReleaseContext(hCryptProv, 0);
        hCryptProv = 0;
    }
+#elif HAVE_GETENTROPY
+    /* nothing to clean */
 #else
    dev_urandom_close();
 #endif