From 5635d44079e1bbd9c495951ede8d078e7b8d67d5 Mon Sep 17 00:00:00 2001 From: Victor Stinner Date: Mon, 9 Jan 2017 11:10:41 +0100 Subject: [PATCH] Don't use getentropy() on Linux Issue #29188: Support glibc 2.24 on Linux: don't use getentropy() function but read from /dev/urandom to get random bytes, for example in os.urandom(). On Linux, getentropy() is implemented which getrandom() is blocking mode, whereas os.urandom() should not block. --- Python/random.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/Python/random.c b/Python/random.c index af3d0bd0d5..dc6400d3b8 100644 --- a/Python/random.c +++ b/Python/random.c @@ -67,9 +67,16 @@ win32_urandom(unsigned char *buffer, Py_ssize_t size, int raise) return 0; } -/* Issue #25003: Don' use getentropy() on Solaris (available since - * Solaris 11.3), it is blocking whereas os.urandom() should not block. */ -#elif defined(HAVE_GETENTROPY) && !defined(sun) +/* Issue #25003: Don't use getentropy() on Solaris (available since + Solaris 11.3), it is blocking whereas os.urandom() should not block. + + Issue #29188: Don't use getentropy() on Linux since the glibc 2.24 + implements it with the getrandom() syscall which can fail with ENOSYS, + and this error is not supported in py_getentropy() and getrandom() is called + with flags=0 which blocks until system urandom is initialized, which is not + the desired behaviour to seed the Python hash secret nor for os.urandom(): + see the PEP 524 which was only implemented in Python 3.6. */ +#elif defined(HAVE_GETENTROPY) && !defined(sun) && !defined(linux) #define PY_GETENTROPY 1 /* Fill buffer with size pseudo-random bytes generated by getentropy(). -- 2.15.0.rc2