diff options
| author | Pauli <paul.dale@oracle.com> | 2018-06-07 01:31:44 +0200 |
|---|---|---|
| committer | Pauli <paul.dale@oracle.com> | 2018-06-26 23:15:36 +0200 |
| commit | c7504aeb640a88949dfe3146f7e0f275f517464c (patch) | |
| tree | a94b2a6fdcc9c108d22178cebe54de391f204cb9 /crypto/include | |
| parent | Document changes to SSL_OP_NO_TICKET for TLSv1.3 (diff) | |
| download | openssl-c7504aeb640a88949dfe3146f7e0f275f517464c.tar.xz openssl-c7504aeb640a88949dfe3146f7e0f275f517464c.zip | |
Modify the DEVRANDOM source so that the files are kept open persistently.
This allows operation inside a chroot environment without having the
random device present.
A new call, RAND_keep_random_devices_open(), has been introduced that can
be used to control file descriptor use by the random seed sources. Some
seed sources maintain open file descriptors by default, which allows
such sources to operate in a chroot(2) jail without the associated device
nodes being available.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/6432)
Diffstat (limited to 'crypto/include')
| -rw-r--r-- | crypto/include/internal/rand_int.h | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/crypto/include/internal/rand_int.h b/crypto/include/internal/rand_int.h index daec926c67..d91ee4c934 100644 --- a/crypto/include/internal/rand_int.h +++ b/crypto/include/internal/rand_int.h @@ -111,4 +111,21 @@ int rand_pool_add_nonce_data(RAND_POOL *pool); */ int rand_pool_add_additional_data(RAND_POOL *pool); +/* + * Initialise the random pool reseeding sources. + * + * Returns 1 on success and 0 on failure. + */ +int rand_pool_init(void); + +/* + * Finalise the random pool reseeding sources. + */ +void rand_pool_cleanup(void); + +/* + * Control the random pool use of open file descriptors. + */ +void rand_pool_keep_random_devices_open(int keep); + #endif |