Issue #25003: os.urandom() doesn't use getentropy() on Solaris because

getentropy() is blocking, whereas os.urandom() should not block. getentropy()
is supported since Solaris 11.3.

Misc/NEWS

@@ -10,6 +10,10 @@ What's New in Python 2.7.11?
 Core and Builtins
 -----------------
 
+- Issue #25003: os.urandom() doesn't use getentropy() on Solaris because
+  getentropy() is blocking, whereas os.urandom() should not block. getentropy()
+  is supported since Solaris 11.3.
+
 - Issue #21167: NAN operations are now handled correctly when python is
   compiled with ICC even if -fp-model strict is not specified.
 

Python/random.c

@@ -93,7 +93,11 @@ win32_urandom(unsigned char *buffer, Py_ssize_t size, int raise)
     return 0;
 }
 
-#elif HAVE_GETENTROPY
+/* Issue #25003: Don' use getentropy() on Solaris (available since
+ * Solaris 11.3), it is blocking whereas os.urandom() should not block. */
+#elif defined(HAVE_GETENTROPY) && !defined(sun)
+#define PY_GETENTROPY 1
+
 /* Fill buffer with size pseudo-random bytes generated by getentropy().
    Return 0 on success, or raise an exception and return -1 on error.
    If fatal is nonzero, call Py_FatalError() instead of raising an exception
@@ -333,7 +337,7 @@ _PyOS_URandom(void *buffer, Py_ssize_t size)
 
 #ifdef MS_WINDOWS
     return win32_urandom((unsigned char *)buffer, size, 1);
-#elif HAVE_GETENTROPY
+#elif defined(PY_GETENTROPY)
     return py_getentropy(buffer, size, 0);
 #else
 # ifdef __VMS
@@ -396,7 +400,7 @@ _PyRandom_Init(void)
         (void)win32_urandom((unsigned char *)secret, secret_size, 0);
 #elif __VMS
         vms_urandom((unsigned char *)secret, secret_size, 0);
-#elif HAVE_GETENTROPY
+#elif defined(PY_GETENTROPY)
         (void)py_getentropy(secret, secret_size, 1);
 #else
         dev_urandom_noraise(secret, secret_size);
@@ -412,7 +416,7 @@ _PyRandom_Fini(void)
         CryptReleaseContext(hCryptProv, 0);
         hCryptProv = 0;
     }
-#elif HAVE_GETENTROPY
+#elif defined(PY_GETENTROPY)
     /* nothing to clean */
 #else
     dev_urandom_close();