diff options
| author | Pauli <paul.dale@oracle.com> | 2018-06-07 09:31:44 +1000 |
|---|---|---|
| committer | Pauli <paul.dale@oracle.com> | 2018-06-27 07:15:36 +1000 |
| commit | c7504aeb640a88949dfe3146f7e0f275f517464c (patch) | |
| tree | a94b2a6fdcc9c108d22178cebe54de391f204cb9 /doc | |
| parent | 41145c35bfee8f2b0822288fcb23a807d06d8e89 (diff) | |
Modify the DEVRANDOM source so that the files are kept open persistently.
This allows operation inside a chroot environment without having the
random device present.
A new call, RAND_keep_random_devices_open(), has been introduced that can
be used to control file descriptor use by the random seed sources. Some
seed sources maintain open file descriptors by default, which allows
such sources to operate in a chroot(2) jail without the associated device
nodes being available.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/6432)
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/man3/RAND_add.pod | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/doc/man3/RAND_add.pod b/doc/man3/RAND_add.pod index 1b06d1be87..b6753fd2ed 100644 --- a/doc/man3/RAND_add.pod +++ b/doc/man3/RAND_add.pod @@ -2,7 +2,8 @@ =head1 NAME -RAND_add, RAND_poll, RAND_seed, RAND_status, RAND_event, RAND_screen +RAND_add, RAND_poll, RAND_seed, RAND_status, RAND_event, RAND_screen, +RAND_keep_random_devices_open - add randomness to the PRNG or get its status =head1 SYNOPSIS @@ -15,6 +16,8 @@ RAND_add, RAND_poll, RAND_seed, RAND_status, RAND_event, RAND_screen void RAND_add(const void *buf, int num, double randomness); void RAND_seed(const void *buf, int num); + void RAND_keep_random_devices_open(int keep); + Deprecated: #if OPENSSL_API_COMPAT < 0x10100000L @@ -54,6 +57,15 @@ should consider using L<RAND_load_file(3)> instead. RAND_seed() is equivalent to RAND_add() with B<randomness> set to B<num>. +RAND_keep_random_devices_open() is used to control file descriptor +usage by the random seed sources. Some seed sources maintain open file +descriptors by default, which allows such sources to operate in a +chroot(2) jail without the associated device nodes being available. When +the B<keep> argument is zero, this call disables the retention of file +descriptors. Conversely, a non-zero argument enables the retention of +file descriptors. This function is usually called during initialization +and it takes effect immediately. + RAND_event() and RAND_screen() are equivalent to RAND_poll() and exist for compatibility reasons only. See HISTORY section below. |