New submission from STINNER Victor: A new getentropy() function was recently added to the glibc: https://sourceware.org/bugzilla/show_bug.cgi?id=17252
When the Python/random.c file was written (by me), the getentropy() function was only supported on OpenBSD. Later, random.c was modified to *not* use getentropy() on Solaris (Issue #25003). The problem is that py_getentropy() doesn't handle ENOSYS, and so Python fails at startup with a fatal error (Python 3.6): Fatal Python error: failed to get random numbers to initialize Python or (Python 3.5): Fatal Python error: getentropy() failed The bug was first reported in Fedora 26 (rawhide): https://bugzilla.redhat.com/show_bug.cgi?id=1410175 Attached patch (written for the default branch) should fix these issues: * Prefer getrandom() syscall over getentropy() function: getrandom() supports blocking and non-blocking mode on Linux, whereas getentropy() doesn't * Enhance py_getentropy() to handle ENOSYS: fallback on reading from /dev/urandom and remember that the function doesn't work I'm not sure that handling ENOSYS is required, since it's no more used on Linux, but it shouldn't hurt. I don't know if py_getentropy() should also handle EPERM? py_getrandom() catchs errors: EAGAIN, EINTR, EPERM and ENOSYS. With the patch, py_getentropy() catchs ENOSYS error. ---------- files: getentropy.patch keywords: patch messages: 284659 nosy: christian.heimes, haypo priority: normal severity: normal status: open title: random.c: Prefer getrandom() over getentropy(), handle ENOSYS in py_getentropy() type: security versions: Python 2.7, Python 3.5, Python 3.6, Python 3.7 Added file: http://bugs.python.org/file46144/getentropy.patch _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue29157> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
