From b8494591d1b1a143f3b192d845c238bbf3bc629d Mon Sep 17 00:00:00 2001 From: Kenny Root Date: Fri, 25 Sep 2015 02:29:14 +0000 Subject: Revert "Revert "external/boringssl: sync with upstream."" This reverts commit a04d78d392463df4e69a64360c952ffa5abd22f7. Underlying issue was fixed. Change-Id: I49685b653d16e728eb38e79e02b2c33ddeefed88 --- src/include/openssl/rand.h | 51 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) (limited to 'src/include/openssl/rand.h') diff --git a/src/include/openssl/rand.h b/src/include/openssl/rand.h index 300bf42..de1bd8d 100644 --- a/src/include/openssl/rand.h +++ b/src/include/openssl/rand.h @@ -33,6 +33,36 @@ OPENSSL_EXPORT int RAND_bytes(uint8_t *buf, size_t len); OPENSSL_EXPORT void RAND_cleanup(void); +/* Obscure functions. */ + +#if !defined(OPENSSL_WINDOWS) +/* RAND_set_urandom_fd causes the module to use a copy of |fd| for system + * randomness rather opening /dev/urandom internally. The caller retains + * ownership of |fd| and is at liberty to close it at any time. This is useful + * if, due to a sandbox, /dev/urandom isn't available. If used, it must be + * called before the first call to |RAND_bytes|, and it is mutually exclusive + * with |RAND_enable_fork_unsafe_buffering|. + * + * |RAND_set_urandom_fd| does not buffer any entropy, so it is safe to call + * |fork| at any time after calling |RAND_set_urandom_fd|. */ +OPENSSL_EXPORT void RAND_set_urandom_fd(int fd); + +/* RAND_enable_fork_unsafe_buffering enables efficient buffered reading of + * /dev/urandom. It adds an overhead of a few KB of memory per thread. It must + * be called before the first call to |RAND_bytes| and it is mutually exclusive + * with calls to |RAND_set_urandom_fd|. + * + * If |fd| is non-negative then a copy of |fd| will be used rather than opening + * /dev/urandom internally. Like |RAND_set_urandom_fd|, the caller retains + * ownership of |fd|. If |fd| is negative then /dev/urandom will be opened and + * any error from open(2) crashes the address space. + * + * It has an unusual name because the buffer is unsafe across calls to |fork|. + * Hence, this function should never be called by libraries. */ +OPENSSL_EXPORT void RAND_enable_fork_unsafe_buffering(int fd); +#endif + + /* Deprecated functions */ /* RAND_pseudo_bytes is a wrapper around |RAND_bytes|. */ @@ -47,12 +77,33 @@ OPENSSL_EXPORT int RAND_load_file(const char *path, long num); /* RAND_add does nothing. */ OPENSSL_EXPORT void RAND_add(const void *buf, int num, double entropy); +/* RAND_egd returns 255. */ +OPENSSL_EXPORT int RAND_egd(const char *); + /* RAND_poll returns one. */ OPENSSL_EXPORT int RAND_poll(void); /* RAND_status returns one. */ OPENSSL_EXPORT int RAND_status(void); +/* rand_meth_st is typedefed to |RAND_METHOD| in base.h. It isn't used; it + * exists only to be the return type of |RAND_SSLeay|. It's + * external so that variables of this type can be initialized. */ +struct rand_meth_st { + void (*seed) (const void *buf, int num); + int (*bytes) (uint8_t *buf, size_t num); + void (*cleanup) (void); + void (*add) (const void *buf, int num, double entropy); + int (*pseudorand) (uint8_t *buf, size_t num); + int (*status) (void); +}; + +/* RAND_SSLeay returns a pointer to a dummy |RAND_METHOD|. */ +OPENSSL_EXPORT RAND_METHOD *RAND_SSLeay(void); + +/* RAND_set_rand_method does nothing. */ +OPENSSL_EXPORT void RAND_set_rand_method(const RAND_METHOD *); + #if defined(__cplusplus) } /* extern C */ -- cgit v1.1