random: Add a feature to close device file descriptors.

* src/gcrypt.h.in (GCRYCTL_CLOSE_RANDOM_DEVICE): New.
* src/global.c (_gcry_vcontrol): Call _gcry_random_close_fds.
* random/random.c (_gcry_random_close_fds): New.
* random/random-csprng.c (_gcry_rngcsprng_close_fds): New.
* random/random-fips.c (_gcry_rngfips_close_fds): New.
* random/random-system.c (_gcry_rngsystem_close_fds): New.
* random/rndlinux.c (open_device): Add arg retry.
(_gcry_rndlinux_gather_random): Add mode to close open fds.

* tests/random.c (check_close_random_device): New.
(main): Call new test.

Signed-off-by: Werner Koch <wk@gnupg.org>

1 files changed, 15 insertions, 1 deletions

diff --git a/random/random-csprng.c b/random/random-csprng.c
index 9921c4fd..b6d7f667 100644
--- a/random/random-csprng.c
+++ b/random/random-csprng.c
@@ -154,7 +154,7 @@ static int allow_seed_file_update;
 static int secure_alloc;
 
 /* This function pointer is set to the actual entropy gathering
-   function during initailization.  After initialization it is
+   function during initialization.  After initialization it is
    guaranteed to point to function.  (On systems without a random
    gatherer module a dummy function is used).*/
 static int (*slow_gather_fnc)(void (*)(const void*, size_t,
@@ -361,6 +361,20 @@ _gcry_rngcsprng_initialize (int full)
 }
 
 
+/* Try to close the FDs of the random gather module.  This is
+   currently only implemented for rndlinux. */
+void
+_gcry_rngcsprng_close_fds (void)
+{
+  lock_pool ();
+#if USE_RNDLINUX
+  _gcry_rndlinux_gather_random (NULL, 0, 0, 0);
+  pool_filled = 0; /* Force re-open on next use.  */
+#endif
+  unlock_pool ();
+}
+
+
 void
 _gcry_rngcsprng_dump_stats (void)
 {