From cd548ba2dc777b8b27d8d33182ba733c20222120 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 11 Dec 2013 16:59:41 +0100
Subject: random: Add a feature to close device file descriptors.

* src/gcrypt.h.in (GCRYCTL_CLOSE_RANDOM_DEVICE): New.
* src/global.c (_gcry_vcontrol): Call _gcry_random_close_fds.
* random/random.c (_gcry_random_close_fds): New.
* random/random-csprng.c (_gcry_rngcsprng_close_fds): New.
* random/random-fips.c (_gcry_rngfips_close_fds): New.
* random/random-system.c (_gcry_rngsystem_close_fds): New.
* random/rndlinux.c (open_device): Add arg retry.
(_gcry_rndlinux_gather_random): Add mode to close open fds.

* tests/random.c (check_close_random_device): New.
(main): Call new test.

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 random/random.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

(limited to 'random/random.c')

diff --git a/random/random.c b/random/random.c
index 46793013..97018c42 100644
--- a/random/random.c
+++ b/random/random.c
@@ -165,6 +165,27 @@ _gcry_random_initialize (int full)
 }
 
 
+/* If possible close file descriptors used by the RNG. */
+void
+_gcry_random_close_fds (void)
+{
+  /* Note that we can't do that directly because each random system
+     has its own lock functions which need to be used for accessing
+     the entropy gatherer.  */
+
+  if (fips_mode ())
+    _gcry_rngfips_close_fds ();
+  else if (rng_types.standard)
+    _gcry_rngcsprng_close_fds ();
+  else if (rng_types.fips)
+    _gcry_rngfips_close_fds ();
+  else if (rng_types.system)
+    _gcry_rngsystem_close_fds ();
+  else
+    _gcry_rngcsprng_close_fds ();
+}
+
+
 /* Return the current RNG type.  IGNORE_FIPS_MODE is a flag used to
    skip the test for FIPS.  This is useful, so that we are able to
    return the type of the RNG even before we have setup FIPS mode
-- 
cgit v1.2.1