From d6f284d1c37bfaf9b63718f6416ac692a2097247 Mon Sep 17 00:00:00 2001 From: RUANG Date: Tue, 10 Dec 2024 13:11:38 +0800 Subject: [PATCH 1/2] Add GRND_INSECURE constant to os module --- Doc/library/os.rst | 16 ++++++++++++++-- Doc/whatsnew/3.14.rst | 3 +++ ...024-12-10-13-09-46.gh-issue-127776.7T-Yxn.rst | 1 + Modules/posixmodule.c | 2 ++ 4 files changed, 20 insertions(+), 2 deletions(-) create mode 100644 Misc/NEWS.d/next/Library/2024-12-10-13-09-46.gh-issue-127776.7T-Yxn.rst diff --git a/Doc/library/os.rst b/Doc/library/os.rst index dfe5ef0726ff7d..d0c9c053fb0576 100644 --- a/Doc/library/os.rst +++ b/Doc/library/os.rst @@ -5732,8 +5732,8 @@ Random numbers ``/dev/urandom`` devices. The flags argument is a bit mask that can contain zero or more of the - following values ORed together: :py:const:`os.GRND_RANDOM` and - :py:data:`GRND_NONBLOCK`. + following values ORed together: :py:const:`os.GRND_RANDOM`, + :py:data:`GRND_NONBLOCK` and :py:data:`GRND_INSECURE`. See also the `Linux getrandom() manual page `_. @@ -5803,3 +5803,15 @@ Random numbers ``/dev/random`` pool instead of the ``/dev/urandom`` pool. .. versionadded:: 3.6 + +.. data:: GRND_INSECURE + + If this flag is set, then :func:`getrandom` will return pseudo-random data + even if the entropy pool has not yet been initialized. + (It cannot be used with :py:const:`os.GRND_RANDOM`.) + + .. note:: + + It is not suitable for scenarios requiring secure cryptography. + + .. versionadded:: next diff --git a/Doc/whatsnew/3.14.rst b/Doc/whatsnew/3.14.rst index 0e4b9eb0cf0b9c..c5a982132b3216 100644 --- a/Doc/whatsnew/3.14.rst +++ b/Doc/whatsnew/3.14.rst @@ -491,6 +491,9 @@ os same process. (Contributed by Victor Stinner in :gh:`120057`.) +* Add the :data:`~os.GRND_INSECURE` constant to the :mod:`os` module. + (Contributed by James Roy in :gh:`127776`.) + pathlib ------- diff --git a/Misc/NEWS.d/next/Library/2024-12-10-13-09-46.gh-issue-127776.7T-Yxn.rst b/Misc/NEWS.d/next/Library/2024-12-10-13-09-46.gh-issue-127776.7T-Yxn.rst new file mode 100644 index 00000000000000..d4685e01ad9a1c --- /dev/null +++ b/Misc/NEWS.d/next/Library/2024-12-10-13-09-46.gh-issue-127776.7T-Yxn.rst @@ -0,0 +1 @@ +Add the :data:`~os.GRND_INSECURE` constant to the :mod:`os` module. diff --git a/Modules/posixmodule.c b/Modules/posixmodule.c index 6eb7054b566e3f..bf7459f4a3afc0 100644 --- a/Modules/posixmodule.c +++ b/Modules/posixmodule.c @@ -17613,6 +17613,8 @@ all_ins(PyObject *m) #ifdef HAVE_GETRANDOM_SYSCALL if (PyModule_AddIntMacro(m, GRND_RANDOM)) return -1; if (PyModule_AddIntMacro(m, GRND_NONBLOCK)) return -1; + /* Linux 5.6+ */ + if (PyModule_AddIntMacro(m, GRND_INSECURE)) return -1; #endif #ifdef HAVE_MEMFD_CREATE if (PyModule_AddIntMacro(m, MFD_CLOEXEC)) return -1; From 72ea5de1ca6d89af90f290cf0abe8ecbcd12c6bd Mon Sep 17 00:00:00 2001 From: "RUANG (James Roy)" Date: Sat, 11 Jan 2025 11:21:53 +0800 Subject: [PATCH 2/2] Remove whats NEWS --- Doc/whatsnew/3.14.rst | 3 --- 1 file changed, 3 deletions(-) diff --git a/Doc/whatsnew/3.14.rst b/Doc/whatsnew/3.14.rst index c5a982132b3216..0e4b9eb0cf0b9c 100644 --- a/Doc/whatsnew/3.14.rst +++ b/Doc/whatsnew/3.14.rst @@ -491,9 +491,6 @@ os same process. (Contributed by Victor Stinner in :gh:`120057`.) -* Add the :data:`~os.GRND_INSECURE` constant to the :mod:`os` module. - (Contributed by James Roy in :gh:`127776`.) - pathlib -------