diff options
| author | Christian Heimes <christian@python.org> | 2016-12-09 17:02:26 +0100 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2016-12-09 10:02:26 -0600 |
| commit | 2e717761c364398dd81a3221d724369ebd74db43 (patch) | |
| tree | 51c02fd876afaa098ec5628deab48a3336e28a3f /src/_cffi_src/openssl/src/osrandom_engine.h | |
| parent | 0cf3690df91566c14c0c916f42af790de76e9e57 (diff) | |
| download | cryptography-2e717761c364398dd81a3221d724369ebd74db43.tar.gz cryptography-2e717761c364398dd81a3221d724369ebd74db43.tar.bz2 cryptography-2e717761c364398dd81a3221d724369ebd74db43.zip | |
New osrandom_engine in C (#3229)
* New osrandom_engine in C
Inspired by Python/random.c and the old implementation.
Signed-off-by: Christian Heimes <christian@python.org>
* osrandom_engine
* Fix naming bug caused by search 'n replace mistake
* Make it easier to override osrandom auto-detection
* Add engine ctrl and backend API to get implementation from ENGINE
Signed-off-by: Christian Heimes <christian@python.org>
* Better test coverage, documentation, LICENSE
Signed-off-by: Christian Heimes <christian@python.org>
* Coverage is hard.
Signed-off-by: Christian Heimes <christian@python.org>
* * enable win32 check
* read() returns size_t
Signed-off-by: Christian Heimes <christian@python.org>
* Add macOS to spelling list. Remove dead code from header file.
Signed-off-by: Christian Heimes <christian@python.org>
* remove CCRandomGenerateBytes path and update getentropy to work on macOS
This change allows us to test all the engines in our CI:
* getentropy (tested by macOS sierra)
* getrandom (tested on several linux builders)
* /dev/urandom (tested on FreeBSD, OS X 10.11 and below, & older linux)
* CryptGenRandom (tested on windows builders)
I also fixed bugs preventing compilation in the getentropy code
* getentropy() returns int and is restricted to 256 bytes on macOS, too.
Signed-off-by: Christian Heimes <christian@python.org>
* add versionadded
* Re-add import of os module
* Fixes related to Alex's recent review.
Signed-off-by: Christian Heimes <christian@python.org>
* Add error reporting and fail for EAGAIN
Add error reporting strings for various error cases. This gives us much
nicer and understandable error messages.
SYS_getrandom() EAGAIN is now an error. Cryptography refuses to
initialize its osrandom engine when the Kernel's CPRNG hasn't been
seeded yet.
Signed-off-by: Christian Heimes <christian@python.org>
Diffstat (limited to 'src/_cffi_src/openssl/src/osrandom_engine.h')
| -rw-r--r-- | src/_cffi_src/openssl/src/osrandom_engine.h | 88 |
1 files changed, 88 insertions, 0 deletions
diff --git a/src/_cffi_src/openssl/src/osrandom_engine.h b/src/_cffi_src/openssl/src/osrandom_engine.h new file mode 100644 index 00000000..d28ebf39 --- /dev/null +++ b/src/_cffi_src/openssl/src/osrandom_engine.h @@ -0,0 +1,88 @@ +#ifdef _WIN32 + #include <Wincrypt.h> +#else + #include <fcntl.h> + #include <unistd.h> + /* for defined(BSD) */ + #include <sys/param.h> + + #ifdef BSD + /* for SYS_getentropy */ + #include <sys/syscall.h> + #endif + + #ifdef __APPLE__ + #include <sys/random.h> + #endif + + #ifdef __linux__ + /* for SYS_getrandom */ + #include <sys/syscall.h> + #ifndef GRND_NONBLOCK + #define GRND_NONBLOCK 0x0001 + #endif /* GRND_NONBLOCK */ + #endif /* __linux__ */ +#endif /* _WIN32 */ + +#define CRYPTOGRAPHY_OSRANDOM_ENGINE_CRYPTGENRANDOM 1 +#define CRYPTOGRAPHY_OSRANDOM_ENGINE_GETENTROPY 2 +#define CRYPTOGRAPHY_OSRANDOM_ENGINE_GETRANDOM 3 +#define CRYPTOGRAPHY_OSRANDOM_ENGINE_DEV_URANDOM 4 + +#ifndef CRYPTOGRAPHY_OSRANDOM_ENGINE + #if defined(_WIN32) + /* Windows */ + #define CRYPTOGRAPHY_OSRANDOM_ENGINE CRYPTOGRAPHY_OSRANDOM_ENGINE_CRYPTGENRANDOM + #elif defined(BSD) && defined(SYS_getentropy) + /* OpenBSD 5.6+ or macOS 10.12+ */ + #define CRYPTOGRAPHY_OSRANDOM_ENGINE CRYPTOGRAPHY_OSRANDOM_ENGINE_GETENTROPY + #elif defined(__linux__) && defined(SYS_getrandom) + /* Linux 3.4.17+ */ + #define CRYPTOGRAPHY_OSRANDOM_ENGINE CRYPTOGRAPHY_OSRANDOM_ENGINE_GETRANDOM + #else + /* Keep this as last entry, fall back to /dev/urandom */ + #define CRYPTOGRAPHY_OSRANDOM_ENGINE CRYPTOGRAPHY_OSRANDOM_ENGINE_DEV_URANDOM + #endif +#endif /* CRYPTOGRAPHY_OSRANDOM_ENGINE */ + +/* Fallbacks need /dev/urandom helper functions. */ +#if CRYPTOGRAPHY_OSRANDOM_ENGINE == CRYPTOGRAPHY_OSRANDOM_ENGINE_GETRANDOM || \ + CRYPTOGRAPHY_OSRANDOM_ENGINE == CRYPTOGRAPHY_OSRANDOM_ENGINE_DEV_URANDOM + #define CRYPTOGRAPHY_OSRANDOM_NEEDS_DEV_URANDOM 1 +#endif + +enum { + CRYPTOGRAPHY_OSRANDOM_GETRANDOM_INIT_FAILED = -2, + CRYPTOGRAPHY_OSRANDOM_GETRANDOM_NOT_INIT, + CRYPTOGRAPHY_OSRANDOM_GETRANDOM_FALLBACK, + CRYPTOGRAPHY_OSRANDOM_GETRANDOM_WORKS +}; + +/* engine ctrl */ +#define CRYPTOGRAPHY_OSRANDOM_GET_IMPLEMENTATION ENGINE_CMD_BASE + +/* error reporting */ +static void ERR_load_Cryptography_OSRandom_strings(void); +static void ERR_Cryptography_OSRandom_error(int function, int reason, + char *file, int line); + +#define CRYPTOGRAPHY_OSRANDOM_F_INIT 100 +#define CRYPTOGRAPHY_OSRANDOM_F_RAND_BYTES 101 +#define CRYPTOGRAPHY_OSRANDOM_F_FINISH 102 +#define CRYPTOGRAPHY_OSRANDOM_F_DEV_URANDOM_FD 300 +#define CRYPTOGRAPHY_OSRANDOM_F_DEV_URANDOM_READ 301 + +#define CRYPTOGRAPHY_OSRANDOM_R_CRYPTACQUIRECONTEXT 100 +#define CRYPTOGRAPHY_OSRANDOM_R_CRYPTGENRANDOM 101 +#define CRYPTOGRAPHY_OSRANDOM_R_CRYPTRELEASECONTEXT 102 + +#define CRYPTOGRAPHY_OSRANDOM_R_GETENTROPY_FAILED 200 + +#define CRYPTOGRAPHY_OSRANDOM_R_DEV_URANDOM_OPEN_FAILED 300 +#define CRYPTOGRAPHY_OSRANDOM_R_DEV_URANDOM_READ_FAILED 301 + +#define CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_INIT_FAILED 400 +#define CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_INIT_FAILED_EAGAIN 401 +#define CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_INIT_FAILED_UNEXPECTED 402 +#define CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_FAILED 403 +#define CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_NOT_INIT 404 |