Unify obtaining SecureRandom instance

msimacek · msimacek · commit d347597a8f76 · 2021-11-16T14:50:46.000+01:00
diff --git a/graalpython/com.oracle.graal.python/src/com/oracle/graal/python/builtins/modules/PosixModuleBuiltins.java b/graalpython/com.oracle.graal.python/src/com/oracle/graal/python/builtins/modules/PosixModuleBuiltins.java
@@ -33,7 +33,6 @@
 import static com.oracle.graal.python.runtime.exception.PythonErrorType.ValueError;
 
 import java.math.BigInteger;
-import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.util.ArrayList;
 import java.util.Collections;
@@ -1998,27 +1997,18 @@ int system(PBytes command,
     @GenerateNodeFactory
     @TypeSystemReference(PythonArithmeticTypes.class)
     abstract static class URandomNode extends PythonUnaryClinicBuiltinNode {
-        private static SecureRandom secureRandom;
-
-        private static SecureRandom createRandomInstance() {
-            try {
-                return SecureRandom.getInstance("NativePRNGNonBlocking");
-            } catch (NoSuchAlgorithmException e) {
-                throw new IllegalStateException(e);
-            }
-        }
-
         @Specialization
-        @TruffleBoundary(allowInlining = true)
         PBytes urandom(int size) {
-            if (secureRandom == null) {
-                secureRandom = createRandomInstance();
-            }
             byte[] bytes = new byte[size];
-            secureRandom.nextBytes(bytes);
+            nextBytes(getContext().getSecureRandom(), bytes);
             return factory().createBytes(bytes);
         }
 
+        @TruffleBoundary
+        private static void nextBytes(SecureRandom secureRandom, byte[] bytes) {
+            secureRandom.nextBytes(bytes);
+        }
+
         @Override
         protected ArgumentClinicProvider getArgumentClinic() {
             return PosixModuleBuiltinsClinicProviders.URandomNodeClinicProviderGen.INSTANCE;
diff --git a/graalpython/com.oracle.graal.python/src/com/oracle/graal/python/builtins/objects/random/RandomBuiltins.java b/graalpython/com.oracle.graal.python/src/com/oracle/graal/python/builtins/objects/random/RandomBuiltins.java
@@ -46,7 +46,6 @@
 import java.math.BigInteger;
 import java.nio.ByteBuffer;
 import java.nio.ByteOrder;
-import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.util.List;
 
@@ -89,20 +88,10 @@ protected List<? extends NodeFactory<? extends PythonBuiltinBaseNode>> getNodeFa
     @GenerateNodeFactory
     @TypeSystemReference(PythonArithmeticTypes.class)
     public abstract static class SeedNode extends PythonBuiltinNode {
-
-        private static SecureRandom secureRandom;
-
         @Specialization
         @TruffleBoundary
         PNone seedNone(PRandom random, @SuppressWarnings("unused") PNone none) {
-            if (secureRandom == null) {
-                try {
-                    secureRandom = SecureRandom.getInstance("NativePRNGNonBlocking");
-                } catch (NoSuchAlgorithmException e) {
-                    seedLong(random, System.currentTimeMillis());
-                    return PNone.NONE;
-                }
-            }
+            SecureRandom secureRandom = getContext().getSecureRandom();
             int[] seed = new int[PRandom.N];
             for (int i = 0; i < seed.length; ++i) {
                 seed[i] = secureRandom.nextInt();
diff --git a/graalpython/com.oracle.graal.python/src/com/oracle/graal/python/runtime/PythonContext.java b/graalpython/com.oracle.graal.python/src/com/oracle/graal/python/runtime/PythonContext.java
@@ -421,6 +421,8 @@ PythonThreadState getThreadState() {
     private final ThreadGroup threadGroup = new ThreadGroup(GRAALPYTHON_THREADS);
     private final IDUtils idUtils = new IDUtils();
 
+    @CompilationFinal private SecureRandom secureRandom;
+
     // Equivalent of _Py_HashSecret
     @CompilationFinal(dimensions = 1) private byte[] hashSecret = new byte[24];
 
@@ -1079,6 +1081,22 @@ public long getPerfCounterStart() {
         return perfCounterStart;
     }
 
+    /**
+     * Get a SecureRandom instance using a non-blocking source.
+     */
+    public SecureRandom getSecureRandom() {
+        assert !ImageInfo.inImageBuildtimeCode();
+        if (secureRandom == null) {
+            CompilerDirectives.transferToInterpreterAndInvalidate();
+            try {
+                secureRandom = SecureRandom.getInstance("NativePRNGNonBlocking");
+            } catch (NoSuchAlgorithmException e) {
+                throw new RuntimeException("Unable to obtain entropy source for random number generation (NativePRNGNonBlocking)", e);
+            }
+        }
+        return secureRandom;
+    }
+
     public byte[] getHashSecret() {
         assert !ImageInfo.inImageBuildtimeCode();
         return hashSecret;
@@ -1271,11 +1289,7 @@ private void setupRuntimeInformation(boolean isPatching) {
     private void initializeHashSecret() {
         String hashSeed = getOption(PythonOptions.HashSeed);
         if (hashSeed.equals("random")) {
-            try {
-                SecureRandom.getInstance("NativePRNGNonBlocking").nextBytes(hashSecret);
-            } catch (NoSuchAlgorithmException e) {
-                throw new RuntimeException("Unable to obtain entropy source for hash randomization (NativePRNGNonBlocking)");
-            }
+            getSecureRandom().nextBytes(hashSecret);
         } else {
             try {
                 long hashSeedValue = Long.parseLong(hashSeed);
