/src/Python-3.8.3/Python/bootstrap_hash.c
Line | Count | Source |
1 | | #include "Python.h" |
2 | | #include "pycore_initconfig.h" |
3 | | #ifdef MS_WINDOWS |
4 | | # include <windows.h> |
5 | | /* All sample MSDN wincrypt programs include the header below. It is at least |
6 | | * required with Min GW. */ |
7 | | # include <wincrypt.h> |
8 | | #else |
9 | | # include <fcntl.h> |
10 | | # ifdef HAVE_SYS_STAT_H |
11 | | # include <sys/stat.h> |
12 | | # endif |
13 | | # ifdef HAVE_LINUX_RANDOM_H |
14 | | # include <linux/random.h> |
15 | | # endif |
16 | | # if defined(HAVE_SYS_RANDOM_H) && (defined(HAVE_GETRANDOM) || defined(HAVE_GETENTROPY)) |
17 | | # include <sys/random.h> |
18 | | # endif |
19 | | # if !defined(HAVE_GETRANDOM) && defined(HAVE_GETRANDOM_SYSCALL) |
20 | | # include <sys/syscall.h> |
21 | | # endif |
22 | | #endif |
23 | | |
24 | | #ifdef _Py_MEMORY_SANITIZER |
25 | | # include <sanitizer/msan_interface.h> |
26 | | #endif |
27 | | |
28 | | #ifdef Py_DEBUG |
29 | | int _Py_HashSecret_Initialized = 0; |
30 | | #else |
31 | | static int _Py_HashSecret_Initialized = 0; |
32 | | #endif |
33 | | |
34 | | #ifdef MS_WINDOWS |
35 | | static HCRYPTPROV hCryptProv = 0; |
36 | | |
37 | | static int |
38 | | win32_urandom_init(int raise) |
39 | | { |
40 | | /* Acquire context */ |
41 | | if (!CryptAcquireContext(&hCryptProv, NULL, NULL, |
42 | | PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) |
43 | | goto error; |
44 | | |
45 | | return 0; |
46 | | |
47 | | error: |
48 | | if (raise) { |
49 | | PyErr_SetFromWindowsErr(0); |
50 | | } |
51 | | return -1; |
52 | | } |
53 | | |
54 | | /* Fill buffer with size pseudo-random bytes generated by the Windows CryptoGen |
55 | | API. Return 0 on success, or raise an exception and return -1 on error. */ |
56 | | static int |
57 | | win32_urandom(unsigned char *buffer, Py_ssize_t size, int raise) |
58 | | { |
59 | | if (hCryptProv == 0) |
60 | | { |
61 | | if (win32_urandom_init(raise) == -1) { |
62 | | return -1; |
63 | | } |
64 | | } |
65 | | |
66 | | while (size > 0) |
67 | | { |
68 | | DWORD chunk = (DWORD)Py_MIN(size, PY_DWORD_MAX); |
69 | | if (!CryptGenRandom(hCryptProv, chunk, buffer)) |
70 | | { |
71 | | /* CryptGenRandom() failed */ |
72 | | if (raise) { |
73 | | PyErr_SetFromWindowsErr(0); |
74 | | } |
75 | | return -1; |
76 | | } |
77 | | buffer += chunk; |
78 | | size -= chunk; |
79 | | } |
80 | | return 0; |
81 | | } |
82 | | |
83 | | #else /* !MS_WINDOWS */ |
84 | | |
85 | | #if defined(HAVE_GETRANDOM) || defined(HAVE_GETRANDOM_SYSCALL) |
86 | | #define PY_GETRANDOM 1 |
87 | | |
88 | | /* Call getrandom() to get random bytes: |
89 | | |
90 | | - Return 1 on success |
91 | | - Return 0 if getrandom() is not available (failed with ENOSYS or EPERM), |
92 | | or if getrandom(GRND_NONBLOCK) failed with EAGAIN (system urandom not |
93 | | initialized yet) and raise=0. |
94 | | - Raise an exception (if raise is non-zero) and return -1 on error: |
95 | | if getrandom() failed with EINTR, raise is non-zero and the Python signal |
96 | | handler raised an exception, or if getrandom() failed with a different |
97 | | error. |
98 | | |
99 | | getrandom() is retried if it failed with EINTR: interrupted by a signal. */ |
100 | | static int |
101 | | py_getrandom(void *buffer, Py_ssize_t size, int blocking, int raise) |
102 | 14 | { |
103 | | /* Is getrandom() supported by the running kernel? Set to 0 if getrandom() |
104 | | failed with ENOSYS or EPERM. Need Linux kernel 3.17 or newer, or Solaris |
105 | | 11.3 or newer */ |
106 | 14 | static int getrandom_works = 1; |
107 | 14 | int flags; |
108 | 14 | char *dest; |
109 | 14 | long n; |
110 | | |
111 | 14 | if (!getrandom_works) { |
112 | 0 | return 0; |
113 | 0 | } |
114 | | |
115 | 14 | flags = blocking ? 0 : GRND_NONBLOCK; |
116 | 14 | dest = buffer; |
117 | 28 | while (0 < size) { |
118 | | #if defined(__sun) && defined(__SVR4) |
119 | | /* Issue #26735: On Solaris, getrandom() is limited to returning up |
120 | | to 1024 bytes. Call it multiple times if more bytes are |
121 | | requested. */ |
122 | | n = Py_MIN(size, 1024); |
123 | | #else |
124 | 14 | n = Py_MIN(size, LONG_MAX); |
125 | 14 | #endif |
126 | | |
127 | 14 | errno = 0; |
128 | 14 | #ifdef HAVE_GETRANDOM |
129 | 14 | if (raise) { |
130 | 0 | Py_BEGIN_ALLOW_THREADS |
131 | 0 | n = getrandom(dest, n, flags); |
132 | 0 | Py_END_ALLOW_THREADS |
133 | 0 | } |
134 | 14 | else { |
135 | 14 | n = getrandom(dest, n, flags); |
136 | 14 | } |
137 | | #else |
138 | | /* On Linux, use the syscall() function because the GNU libc doesn't |
139 | | expose the Linux getrandom() syscall yet. See: |
140 | | https://sourceware.org/bugzilla/show_bug.cgi?id=17252 */ |
141 | | if (raise) { |
142 | | Py_BEGIN_ALLOW_THREADS |
143 | | n = syscall(SYS_getrandom, dest, n, flags); |
144 | | Py_END_ALLOW_THREADS |
145 | | } |
146 | | else { |
147 | | n = syscall(SYS_getrandom, dest, n, flags); |
148 | | } |
149 | | # ifdef _Py_MEMORY_SANITIZER |
150 | | if (n > 0) { |
151 | | __msan_unpoison(dest, n); |
152 | | } |
153 | | # endif |
154 | | #endif |
155 | | |
156 | 14 | if (n < 0) { |
157 | | /* ENOSYS: the syscall is not supported by the kernel. |
158 | | EPERM: the syscall is blocked by a security policy (ex: SECCOMP) |
159 | | or something else. */ |
160 | 0 | if (errno == ENOSYS || errno == EPERM) { |
161 | 0 | getrandom_works = 0; |
162 | 0 | return 0; |
163 | 0 | } |
164 | | |
165 | | /* getrandom(GRND_NONBLOCK) fails with EAGAIN if the system urandom |
166 | | is not initialiazed yet. For _PyRandom_Init(), we ignore the |
167 | | error and fall back on reading /dev/urandom which never blocks, |
168 | | even if the system urandom is not initialized yet: |
169 | | see the PEP 524. */ |
170 | 0 | if (errno == EAGAIN && !raise && !blocking) { |
171 | 0 | return 0; |
172 | 0 | } |
173 | | |
174 | 0 | if (errno == EINTR) { |
175 | 0 | if (raise) { |
176 | 0 | if (PyErr_CheckSignals()) { |
177 | 0 | return -1; |
178 | 0 | } |
179 | 0 | } |
180 | | |
181 | | /* retry getrandom() if it was interrupted by a signal */ |
182 | 0 | continue; |
183 | 0 | } |
184 | | |
185 | 0 | if (raise) { |
186 | 0 | PyErr_SetFromErrno(PyExc_OSError); |
187 | 0 | } |
188 | 0 | return -1; |
189 | 0 | } |
190 | | |
191 | 14 | dest += n; |
192 | 14 | size -= n; |
193 | 14 | } |
194 | 14 | return 1; |
195 | 14 | } |
196 | | |
197 | | #elif defined(HAVE_GETENTROPY) |
198 | | #define PY_GETENTROPY 1 |
199 | | |
200 | | /* Fill buffer with size pseudo-random bytes generated by getentropy(): |
201 | | |
202 | | - Return 1 on success |
203 | | - Return 0 if getentropy() syscall is not available (failed with ENOSYS or |
204 | | EPERM). |
205 | | - Raise an exception (if raise is non-zero) and return -1 on error: |
206 | | if getentropy() failed with EINTR, raise is non-zero and the Python signal |
207 | | handler raised an exception, or if getentropy() failed with a different |
208 | | error. |
209 | | |
210 | | getentropy() is retried if it failed with EINTR: interrupted by a signal. */ |
211 | | static int |
212 | | py_getentropy(char *buffer, Py_ssize_t size, int raise) |
213 | | { |
214 | | /* Is getentropy() supported by the running kernel? Set to 0 if |
215 | | getentropy() failed with ENOSYS or EPERM. */ |
216 | | static int getentropy_works = 1; |
217 | | |
218 | | if (!getentropy_works) { |
219 | | return 0; |
220 | | } |
221 | | |
222 | | while (size > 0) { |
223 | | /* getentropy() is limited to returning up to 256 bytes. Call it |
224 | | multiple times if more bytes are requested. */ |
225 | | Py_ssize_t len = Py_MIN(size, 256); |
226 | | int res; |
227 | | |
228 | | if (raise) { |
229 | | Py_BEGIN_ALLOW_THREADS |
230 | | res = getentropy(buffer, len); |
231 | | Py_END_ALLOW_THREADS |
232 | | } |
233 | | else { |
234 | | res = getentropy(buffer, len); |
235 | | } |
236 | | |
237 | | if (res < 0) { |
238 | | /* ENOSYS: the syscall is not supported by the running kernel. |
239 | | EPERM: the syscall is blocked by a security policy (ex: SECCOMP) |
240 | | or something else. */ |
241 | | if (errno == ENOSYS || errno == EPERM) { |
242 | | getentropy_works = 0; |
243 | | return 0; |
244 | | } |
245 | | |
246 | | if (errno == EINTR) { |
247 | | if (raise) { |
248 | | if (PyErr_CheckSignals()) { |
249 | | return -1; |
250 | | } |
251 | | } |
252 | | |
253 | | /* retry getentropy() if it was interrupted by a signal */ |
254 | | continue; |
255 | | } |
256 | | |
257 | | if (raise) { |
258 | | PyErr_SetFromErrno(PyExc_OSError); |
259 | | } |
260 | | return -1; |
261 | | } |
262 | | |
263 | | buffer += len; |
264 | | size -= len; |
265 | | } |
266 | | return 1; |
267 | | } |
268 | | #endif /* defined(HAVE_GETENTROPY) && !(defined(__sun) && defined(__SVR4)) */ |
269 | | |
270 | | |
271 | | static struct { |
272 | | int fd; |
273 | | dev_t st_dev; |
274 | | ino_t st_ino; |
275 | | } urandom_cache = { -1 }; |
276 | | |
277 | | /* Read random bytes from the /dev/urandom device: |
278 | | |
279 | | - Return 0 on success |
280 | | - Raise an exception (if raise is non-zero) and return -1 on error |
281 | | |
282 | | Possible causes of errors: |
283 | | |
284 | | - open() failed with ENOENT, ENXIO, ENODEV, EACCES: the /dev/urandom device |
285 | | was not found. For example, it was removed manually or not exposed in a |
286 | | chroot or container. |
287 | | - open() failed with a different error |
288 | | - fstat() failed |
289 | | - read() failed or returned 0 |
290 | | |
291 | | read() is retried if it failed with EINTR: interrupted by a signal. |
292 | | |
293 | | The file descriptor of the device is kept open between calls to avoid using |
294 | | many file descriptors when run in parallel from multiple threads: |
295 | | see the issue #18756. |
296 | | |
297 | | st_dev and st_ino fields of the file descriptor (from fstat()) are cached to |
298 | | check if the file descriptor was replaced by a different file (which is |
299 | | likely a bug in the application): see the issue #21207. |
300 | | |
301 | | If the file descriptor was closed or replaced, open a new file descriptor |
302 | | but don't close the old file descriptor: it probably points to something |
303 | | important for some third-party code. */ |
304 | | static int |
305 | | dev_urandom(char *buffer, Py_ssize_t size, int raise) |
306 | 0 | { |
307 | 0 | int fd; |
308 | 0 | Py_ssize_t n; |
309 | |
|
310 | 0 | if (raise) { |
311 | 0 | struct _Py_stat_struct st; |
312 | 0 | int fstat_result; |
313 | |
|
314 | 0 | if (urandom_cache.fd >= 0) { |
315 | 0 | Py_BEGIN_ALLOW_THREADS |
316 | 0 | fstat_result = _Py_fstat_noraise(urandom_cache.fd, &st); |
317 | 0 | Py_END_ALLOW_THREADS |
318 | | |
319 | | /* Does the fd point to the same thing as before? (issue #21207) */ |
320 | 0 | if (fstat_result |
321 | 0 | || st.st_dev != urandom_cache.st_dev |
322 | 0 | || st.st_ino != urandom_cache.st_ino) { |
323 | | /* Something changed: forget the cached fd (but don't close it, |
324 | | since it probably points to something important for some |
325 | | third-party code). */ |
326 | 0 | urandom_cache.fd = -1; |
327 | 0 | } |
328 | 0 | } |
329 | 0 | if (urandom_cache.fd >= 0) |
330 | 0 | fd = urandom_cache.fd; |
331 | 0 | else { |
332 | 0 | fd = _Py_open("/dev/urandom", O_RDONLY); |
333 | 0 | if (fd < 0) { |
334 | 0 | if (errno == ENOENT || errno == ENXIO || |
335 | 0 | errno == ENODEV || errno == EACCES) { |
336 | 0 | PyErr_SetString(PyExc_NotImplementedError, |
337 | 0 | "/dev/urandom (or equivalent) not found"); |
338 | 0 | } |
339 | | /* otherwise, keep the OSError exception raised by _Py_open() */ |
340 | 0 | return -1; |
341 | 0 | } |
342 | 0 | if (urandom_cache.fd >= 0) { |
343 | | /* urandom_fd was initialized by another thread while we were |
344 | | not holding the GIL, keep it. */ |
345 | 0 | close(fd); |
346 | 0 | fd = urandom_cache.fd; |
347 | 0 | } |
348 | 0 | else { |
349 | 0 | if (_Py_fstat(fd, &st)) { |
350 | 0 | close(fd); |
351 | 0 | return -1; |
352 | 0 | } |
353 | 0 | else { |
354 | 0 | urandom_cache.fd = fd; |
355 | 0 | urandom_cache.st_dev = st.st_dev; |
356 | 0 | urandom_cache.st_ino = st.st_ino; |
357 | 0 | } |
358 | 0 | } |
359 | 0 | } |
360 | | |
361 | 0 | do { |
362 | 0 | n = _Py_read(fd, buffer, (size_t)size); |
363 | 0 | if (n == -1) |
364 | 0 | return -1; |
365 | 0 | if (n == 0) { |
366 | 0 | PyErr_Format(PyExc_RuntimeError, |
367 | 0 | "Failed to read %zi bytes from /dev/urandom", |
368 | 0 | size); |
369 | 0 | return -1; |
370 | 0 | } |
371 | | |
372 | 0 | buffer += n; |
373 | 0 | size -= n; |
374 | 0 | } while (0 < size); |
375 | 0 | } |
376 | 0 | else { |
377 | 0 | fd = _Py_open_noraise("/dev/urandom", O_RDONLY); |
378 | 0 | if (fd < 0) { |
379 | 0 | return -1; |
380 | 0 | } |
381 | | |
382 | 0 | while (0 < size) |
383 | 0 | { |
384 | 0 | do { |
385 | 0 | n = read(fd, buffer, (size_t)size); |
386 | 0 | } while (n < 0 && errno == EINTR); |
387 | |
|
388 | 0 | if (n <= 0) { |
389 | | /* stop on error or if read(size) returned 0 */ |
390 | 0 | close(fd); |
391 | 0 | return -1; |
392 | 0 | } |
393 | | |
394 | 0 | buffer += n; |
395 | 0 | size -= n; |
396 | 0 | } |
397 | 0 | close(fd); |
398 | 0 | } |
399 | 0 | return 0; |
400 | 0 | } |
401 | | |
402 | | static void |
403 | | dev_urandom_close(void) |
404 | 0 | { |
405 | 0 | if (urandom_cache.fd >= 0) { |
406 | 0 | close(urandom_cache.fd); |
407 | 0 | urandom_cache.fd = -1; |
408 | 0 | } |
409 | 0 | } |
410 | | #endif /* !MS_WINDOWS */ |
411 | | |
412 | | |
413 | | /* Fill buffer with pseudo-random bytes generated by a linear congruent |
414 | | generator (LCG): |
415 | | |
416 | | x(n+1) = (x(n) * 214013 + 2531011) % 2^32 |
417 | | |
418 | | Use bits 23..16 of x(n) to generate a byte. */ |
419 | | static void |
420 | | lcg_urandom(unsigned int x0, unsigned char *buffer, size_t size) |
421 | 0 | { |
422 | 0 | size_t index; |
423 | 0 | unsigned int x; |
424 | |
|
425 | 0 | x = x0; |
426 | 0 | for (index=0; index < size; index++) { |
427 | 0 | x *= 214013; |
428 | 0 | x += 2531011; |
429 | | /* modulo 2 ^ (8 * sizeof(int)) */ |
430 | 0 | buffer[index] = (x >> 16) & 0xff; |
431 | 0 | } |
432 | 0 | } |
433 | | |
434 | | /* Read random bytes: |
435 | | |
436 | | - Return 0 on success |
437 | | - Raise an exception (if raise is non-zero) and return -1 on error |
438 | | |
439 | | Used sources of entropy ordered by preference, preferred source first: |
440 | | |
441 | | - CryptGenRandom() on Windows |
442 | | - getrandom() function (ex: Linux and Solaris): call py_getrandom() |
443 | | - getentropy() function (ex: OpenBSD): call py_getentropy() |
444 | | - /dev/urandom device |
445 | | |
446 | | Read from the /dev/urandom device if getrandom() or getentropy() function |
447 | | is not available or does not work. |
448 | | |
449 | | Prefer getrandom() over getentropy() because getrandom() supports blocking |
450 | | and non-blocking mode: see the PEP 524. Python requires non-blocking RNG at |
451 | | startup to initialize its hash secret, but os.urandom() must block until the |
452 | | system urandom is initialized (at least on Linux 3.17 and newer). |
453 | | |
454 | | Prefer getrandom() and getentropy() over reading directly /dev/urandom |
455 | | because these functions don't need file descriptors and so avoid ENFILE or |
456 | | EMFILE errors (too many open files): see the issue #18756. |
457 | | |
458 | | Only the getrandom() function supports non-blocking mode. |
459 | | |
460 | | Only use RNG running in the kernel. They are more secure because it is |
461 | | harder to get the internal state of a RNG running in the kernel land than a |
462 | | RNG running in the user land. The kernel has a direct access to the hardware |
463 | | and has access to hardware RNG, they are used as entropy sources. |
464 | | |
465 | | Note: the OpenSSL RAND_pseudo_bytes() function does not automatically reseed |
466 | | its RNG on fork(), two child processes (with the same pid) generate the same |
467 | | random numbers: see issue #18747. Kernel RNGs don't have this issue, |
468 | | they have access to good quality entropy sources. |
469 | | |
470 | | If raise is zero: |
471 | | |
472 | | - Don't raise an exception on error |
473 | | - Don't call the Python signal handler (don't call PyErr_CheckSignals()) if |
474 | | a function fails with EINTR: retry directly the interrupted function |
475 | | - Don't release the GIL to call functions. |
476 | | */ |
477 | | static int |
478 | | pyurandom(void *buffer, Py_ssize_t size, int blocking, int raise) |
479 | 14 | { |
480 | 14 | #if defined(PY_GETRANDOM) || defined(PY_GETENTROPY) |
481 | 14 | int res; |
482 | 14 | #endif |
483 | | |
484 | 14 | if (size < 0) { |
485 | 0 | if (raise) { |
486 | 0 | PyErr_Format(PyExc_ValueError, |
487 | 0 | "negative argument not allowed"); |
488 | 0 | } |
489 | 0 | return -1; |
490 | 0 | } |
491 | | |
492 | 14 | if (size == 0) { |
493 | 0 | return 0; |
494 | 0 | } |
495 | | |
496 | | #ifdef MS_WINDOWS |
497 | | return win32_urandom((unsigned char *)buffer, size, raise); |
498 | | #else |
499 | | |
500 | 14 | #if defined(PY_GETRANDOM) || defined(PY_GETENTROPY) |
501 | 14 | #ifdef PY_GETRANDOM |
502 | 14 | res = py_getrandom(buffer, size, blocking, raise); |
503 | | #else |
504 | | res = py_getentropy(buffer, size, raise); |
505 | | #endif |
506 | 14 | if (res < 0) { |
507 | 0 | return -1; |
508 | 0 | } |
509 | 14 | if (res == 1) { |
510 | 14 | return 0; |
511 | 14 | } |
512 | | /* getrandom() or getentropy() function is not available: failed with |
513 | | ENOSYS or EPERM. Fall back on reading from /dev/urandom. */ |
514 | 0 | #endif |
515 | | |
516 | 0 | return dev_urandom(buffer, size, raise); |
517 | 14 | #endif |
518 | 14 | } |
519 | | |
520 | | /* Fill buffer with size pseudo-random bytes from the operating system random |
521 | | number generator (RNG). It is suitable for most cryptographic purposes |
522 | | except long living private keys for asymmetric encryption. |
523 | | |
524 | | On Linux 3.17 and newer, the getrandom() syscall is used in blocking mode: |
525 | | block until the system urandom entropy pool is initialized (128 bits are |
526 | | collected by the kernel). |
527 | | |
528 | | Return 0 on success. Raise an exception and return -1 on error. */ |
529 | | int |
530 | | _PyOS_URandom(void *buffer, Py_ssize_t size) |
531 | 0 | { |
532 | 0 | return pyurandom(buffer, size, 1, 1); |
533 | 0 | } |
534 | | |
535 | | /* Fill buffer with size pseudo-random bytes from the operating system random |
536 | | number generator (RNG). It is not suitable for cryptographic purpose. |
537 | | |
538 | | On Linux 3.17 and newer (when getrandom() syscall is used), if the system |
539 | | urandom is not initialized yet, the function returns "weak" entropy read |
540 | | from /dev/urandom. |
541 | | |
542 | | Return 0 on success. Raise an exception and return -1 on error. */ |
543 | | int |
544 | | _PyOS_URandomNonblock(void *buffer, Py_ssize_t size) |
545 | 0 | { |
546 | 0 | return pyurandom(buffer, size, 0, 1); |
547 | 0 | } |
548 | | |
549 | | |
550 | | PyStatus |
551 | | _Py_HashRandomization_Init(const PyConfig *config) |
552 | 14 | { |
553 | 14 | void *secret = &_Py_HashSecret; |
554 | 14 | Py_ssize_t secret_size = sizeof(_Py_HashSecret_t); |
555 | | |
556 | 14 | if (_Py_HashSecret_Initialized) { |
557 | 0 | return _PyStatus_OK(); |
558 | 0 | } |
559 | 14 | _Py_HashSecret_Initialized = 1; |
560 | | |
561 | 14 | if (config->use_hash_seed) { |
562 | 0 | if (config->hash_seed == 0) { |
563 | | /* disable the randomized hash */ |
564 | 0 | memset(secret, 0, secret_size); |
565 | 0 | } |
566 | 0 | else { |
567 | | /* use the specified hash seed */ |
568 | 0 | lcg_urandom(config->hash_seed, secret, secret_size); |
569 | 0 | } |
570 | 0 | } |
571 | 14 | else { |
572 | | /* use a random hash seed */ |
573 | 14 | int res; |
574 | | |
575 | | /* _PyRandom_Init() is called very early in the Python initialization |
576 | | and so exceptions cannot be used (use raise=0). |
577 | | |
578 | | _PyRandom_Init() must not block Python initialization: call |
579 | | pyurandom() is non-blocking mode (blocking=0): see the PEP 524. */ |
580 | 14 | res = pyurandom(secret, secret_size, 0, 0); |
581 | 14 | if (res < 0) { |
582 | 0 | return _PyStatus_ERR("failed to get random numbers " |
583 | 0 | "to initialize Python"); |
584 | 0 | } |
585 | 14 | } |
586 | 14 | return _PyStatus_OK(); |
587 | 14 | } |
588 | | |
589 | | |
590 | | void |
591 | | _Py_HashRandomization_Fini(void) |
592 | 0 | { |
593 | | #ifdef MS_WINDOWS |
594 | | if (hCryptProv) { |
595 | | CryptReleaseContext(hCryptProv, 0); |
596 | | hCryptProv = 0; |
597 | | } |
598 | | #else |
599 | 0 | dev_urandom_close(); |
600 | 0 | #endif |
601 | 0 | } |