diff options
author | Pauli <paul.dale@oracle.com> | 2018-06-07 02:31:44 +0300 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2018-06-27 00:15:36 +0300 |
commit | c7504aeb640a88949dfe3146f7e0f275f517464c (patch) | |
tree | a94b2a6fdcc9c108d22178cebe54de391f204cb9 /CHANGES | |
parent | 41145c35bfee8f2b0822288fcb23a807d06d8e89 (diff) |
Modify the DEVRANDOM source so that the files are kept open persistently.
This allows operation inside a chroot environment without having the
random device present.
A new call, RAND_keep_random_devices_open(), has been introduced that can
be used to control file descriptor use by the random seed sources. Some
seed sources maintain open file descriptors by default, which allows
such sources to operate in a chroot(2) jail without the associated device
nodes being available.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/6432)
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 7 |
1 files changed, 7 insertions, 0 deletions
@@ -9,6 +9,13 @@ Changes between 1.1.0h and 1.1.1 [xx XXX xxxx] + *) Modified the random device based seed sources to keep the relevant + file descriptors open rather than reopening them on each access. + This allows such sources to operate in a chroot() jail without + the associated device nodes being available. This behaviour can be + controlled using RAND_keep_random_devices_open(). + [Paul Dale] + *) Numerous side-channel attack mitigations have been applied. This may have performance impacts for some algorithms for the benefit of improved security. Specific changes are noted in this change log by their respective |