diff options
author | Werner Koch <wk@gnupg.org> | 2013-12-11 16:59:41 +0100 |
---|---|---|
committer | Werner Koch <wk@gnupg.org> | 2013-12-11 17:01:15 +0100 |
commit | cd548ba2dc777b8b27d8d33182ba733c20222120 (patch) | |
tree | 58b2151b8e12bf23958e946554de4fd0ee86ee97 /doc | |
parent | eae1e7712e1b687bd77eb37d0eb505fc9d46d93c (diff) | |
download | libgcrypt-cd548ba2dc777b8b27d8d33182ba733c20222120.tar.gz |
random: Add a feature to close device file descriptors.
* src/gcrypt.h.in (GCRYCTL_CLOSE_RANDOM_DEVICE): New.
* src/global.c (_gcry_vcontrol): Call _gcry_random_close_fds.
* random/random.c (_gcry_random_close_fds): New.
* random/random-csprng.c (_gcry_rngcsprng_close_fds): New.
* random/random-fips.c (_gcry_rngfips_close_fds): New.
* random/random-system.c (_gcry_rngsystem_close_fds): New.
* random/rndlinux.c (open_device): Add arg retry.
(_gcry_rndlinux_gather_random): Add mode to close open fds.
* tests/random.c (check_close_random_device): New.
(main): Call new test.
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/gcrypt.texi | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index 927634f1..97dac1c8 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -766,6 +766,14 @@ not an issue when using Linux (rndlinux driver), because this one guarantees to read full 16 bytes from /dev/urandom and thus there is no way for an attacker without kernel access to control these 16 bytes. +@item GCRYCTL_CLOSE_RANDOM_DEVICE; Arguments: none +Try to close the random device. If on Unix system you call fork(), +the child process does no call exec(), and you do not intend to use +Libgcrypt in the child, it might be useful to use this control code to +close the inherited file descriptors of the random device. If +Libgcrypt is later used again by the child, the device will be +re-opened. On non-Unix systems this control code is ignored. + @item GCRYCTL_SET_VERBOSITY; Arguments: int level This command sets the verbosity of the logging. A level of 0 disables all extra logging whereas positive numbers enable more verbose logging. @@ -1355,6 +1363,10 @@ values for @var{what} are defined: Not enough entropy is available. @var{total} holds the number of required bytes. +@item wait_dev_random +Waiting to re-open a random device. @var{total} gives the number of +seconds until the next try. + @item primegen Values for @var{printchar}: @table @code |