e96a720f04
Python's bytecode compiler has a peephole optimizer which, among other things, can recognize constant expressions and replace them with a constant.
In `Random.byte` the expression `t2b('\0')` is recognized as a constant and is replaced with a single constant compiled into the function's bytecode.
This means that every time you run `Random.byte`, rather than creating a new `str` object (or `bytes` in Python 3) it's reusing the same one each time, and `wc_RNG_GenerateByte` is writing right into that constant object's buffer; hence the following behavior:
```
In [55]: rng = Random()
In [56]: a = rng.byte()
In [57]: a
Out[57]: "'"
In [58]: rng.byte()
Out[58]: '\x11'
In [59]: a
Out[59]: '\x11'
In [60]: rng.byte()
Out[60]: '\x16'
In [61]: a
Out[61]: '\x16'
In [62]: rng.byte.__func__.__code__.co_consts
Out[62]:
('\n Generate and return a random byte.\n ',
'\x16',
0,
'RNG generate byte error (%d)')
In [63]: rng.byte()
Out[63]: '\xad'
In [64]: rng.byte.__func__.__code__.co_consts
Out[64]:
('\n Generate and return a random byte.\n ',
'\xad',
0,
'RNG generate byte error (%d)')
```
`Random.bytes` does not necessarily have this problem since its result buffer is not a constant expression, though I feel like it could also in principle be affected if the string were interned (though I couldn't produce such a result). Nevertheless, it doesn't seem like a good idea to be updating `str` objects' buffers directly.
69 lines
2.1 KiB
Python
69 lines
2.1 KiB
Python
# random.py
|
|
#
|
|
# Copyright (C) 2006-2016 wolfSSL Inc.
|
|
#
|
|
# This file is part of wolfSSL. (formerly known as CyaSSL)
|
|
#
|
|
# wolfSSL is free software; you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation; either version 2 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# wolfSSL is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program; if not, write to the Free Software
|
|
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
|
|
from wolfcrypt._ffi import ffi as _ffi
|
|
from wolfcrypt._ffi import lib as _lib
|
|
from wolfcrypt.utils import t2b
|
|
|
|
from wolfcrypt.exceptions import *
|
|
|
|
|
|
class Random(object):
|
|
"""
|
|
A Cryptographically Secure Pseudo Random Number Generator - CSPRNG
|
|
"""
|
|
def __init__(self):
|
|
self.native_object = _ffi.new("WC_RNG *")
|
|
|
|
ret = _lib.wc_InitRng(self.native_object)
|
|
if ret < 0:
|
|
self.native_object = None
|
|
raise WolfCryptError("RNG init error (%d)" % ret)
|
|
|
|
|
|
def __del__(self):
|
|
if self.native_object:
|
|
_lib.wc_FreeRng(self.native_object)
|
|
|
|
|
|
def byte(self):
|
|
"""
|
|
Generate and return a random byte.
|
|
"""
|
|
result = _ffi.new('byte[1]')
|
|
|
|
ret = _lib.wc_RNG_GenerateByte(self.native_object, result)
|
|
if ret < 0:
|
|
raise WolfCryptError("RNG generate byte error (%d)" % ret)
|
|
|
|
return _ffi.string(result, 1)
|
|
|
|
|
|
def bytes(self, length):
|
|
"""
|
|
Generate and return a random sequence of length bytes.
|
|
"""
|
|
result = _ffi.new('byte[%d]' % length)
|
|
|
|
ret = _lib.wc_RNG_GenerateBlock(self.native_object, result, length)
|
|
if ret < 0:
|
|
raise WolfCryptError("RNG generate block error (%d)" % ret)
|
|
|
|
return _ffi.string(result, length)
|