Issue #29157: enhance py_getrandom() documentation

b27df6fa · Victor Stinner · de2f1ea1 · b27df6fa
Kaydet (Commit) b27df6fa authored Ock 06, 2017 tarafından Victor Stinner
Hide whitespace changes
Inline Side-by-side

Showing with 20 additions and 13 deletions

random.c Python/random.c +20 -13

No files found.
--- a/Python/random.c
+++ b/Python/random.c
@@ -82,14 +82,18 @@ win32_urandom(unsigned char *buffer, Py_ssize_t size, int raise)
 #if defined(HAVE_GETRANDOM) || defined(HAVE_GETRANDOM_SYSCALL)
 #define PY_GETRANDOM 1
-/* Call getrandom()
+/* Call getrandom() to get random bytes:
   - Return 1 on success
-   - Return 0 if getrandom() syscall is not available (failed with ENOSYS or
+   - Return 0 if getrandom() is not available (failed with ENOSYS or EPERM),
-     EPERM) or if getrandom(GRND_NONBLOCK) failed with EAGAIN (system urandom
+     or if getrandom(GRND_NONBLOCK) failed with EAGAIN (system urandom not
-     not initialized yet) and raise=0.
+     initialized yet) and raise=0.
   - Raise an exception (if raise is non-zero) and return -1 on error:
-     getrandom() failed with EINTR and the Python signal handler raised an
+     if getrandom() failed with EINTR, raise is non-zero and the Python signal
-     exception, or getrandom() failed with a different error. */
+     handler raised an exception, or if getrandom() failed with a different
+     error.
+   getrandom() is retried if it failed with EINTR: interrupted by a signal. */
 static int
 py_getrandom(void *buffer, Py_ssize_t size, int blocking, int raise)
 {
@@ -110,7 +114,8 @@ py_getrandom(void *buffer, Py_ssize_t size, int blocking, int raise)
    while (0 < size) {
 #ifdef sun
        /* Issue #26735: On Solaris, getrandom() is limited to returning up
-           to 1024 bytes */
+           to 1024 bytes. Call it multiple times if more bytes are
+           requested. */
        n = Py_MIN(size, 1024);
 #else
        n = Py_MIN(size, LONG_MAX);
@@ -141,18 +146,19 @@ py_getrandom(void *buffer, Py_ssize_t size, int blocking, int raise)
 #endif
        if (n < 0) {
-            /* ENOSYS: getrandom() syscall not supported by the kernel (but
+            /* ENOSYS: the syscall is not supported by the kernel.
-             * maybe supported by the host which built Python). EPERM:
+               EPERM: the syscall is blocked by a security policy (ex: SECCOMP)
-             * getrandom() syscall blocked by SECCOMP or something else. */
+               or something else. */
            if (errno == ENOSYS || errno == EPERM) {
                getrandom_works = 0;
                return 0;
            }
            /* getrandom(GRND_NONBLOCK) fails with EAGAIN if the system urandom
-               is not initialiazed yet. For _PyRandom_Init(), we ignore their
+               is not initialiazed yet. For _PyRandom_Init(), we ignore the
               error and fall back on reading /dev/urandom which never blocks,
-               even if the system urandom is not initialized yet. */
+               even if the system urandom is not initialized yet:
+               see the PEP 524. */
            if (errno == EAGAIN && !raise && !blocking) {
                return 0;
            }
@@ -313,9 +319,10 @@ dev_urandom(char *buffer, Py_ssize_t size, int raise)
            fd = _Py_open("/dev/urandom", O_RDONLY);
            if (fd < 0) {
                if (errno == ENOENT || errno == ENXIO ||
-                    errno == ENODEV || errno == EACCES)
+                    errno == ENODEV || errno == EACCES) {
                    PyErr_SetString(PyExc_NotImplementedError,
                                    "/dev/urandom (or equivalent) not found");
+                }
                /* otherwise, keep the OSError exception raised by _Py_open() */
                return -1;
            }