[New-bugs-announce] [issue29157] random.c: Prefer getrandom() over getentropy(), handle ENOSYS in py_getentropy()

[STINNER Victor]

New submission from STINNER Victor:

A new getentropy() function was recently added to the glibc:
https://sourceware.org/bugzilla/show_bug.cgi?id=17252

When the Python/random.c file was written (by me), the getentropy() function was only supported on OpenBSD. Later, random.c was modified to *not* use getentropy() on Solaris (Issue #25003).

The problem is that py_getentropy() doesn't handle ENOSYS, and so Python fails at startup with a fatal error (Python 3.6):
   Fatal Python error: failed to get random numbers to initialize Python
or (Python 3.5):
   Fatal Python error: getentropy() failed

The bug was first reported in Fedora 26 (rawhide):
https://bugzilla.redhat.com/show_bug.cgi?id=1410175

Attached patch (written for the default branch) should fix these issues:

* Prefer getrandom() syscall over getentropy() function: getrandom() supports blocking and non-blocking mode on Linux, whereas getentropy() doesn't
* Enhance py_getentropy() to handle ENOSYS: fallback on reading from /dev/urandom and remember that the function doesn't work

I'm not sure that handling ENOSYS is required, since it's no more used on Linux, but it shouldn't hurt. I don't know if py_getentropy() should also handle EPERM?

py_getrandom() catchs errors: EAGAIN, EINTR, EPERM and ENOSYS.

With the patch, py_getentropy() catchs ENOSYS error.

----------
files: getentropy.patch
keywords: patch
messages: 284659
nosy: christian.heimes, haypo
priority: normal
severity: normal
status: open
title: random.c: Prefer getrandom() over getentropy(), handle ENOSYS in py_getentropy()
type: security
versions: Python 2.7, Python 3.5, Python 3.6, Python 3.7
Added file: http://bugs.python.org/file46144/getentropy.patch

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue29157>
_______________________________________