de24aadc5b
Chromium uses a zygote process and a sandbox on Linux. In order for RAND_bytes to be functional and guaranteed fork-safe inside the renderers, /dev/urandom must be prewarmed. Calling RAND_bytes initializes a thread-local ChaCha20 key when rdrand is available. So that key is fork-safe and to avoid tempting any dragons by touching pthreads APIs before a non-exec fork, add a RAND_set_urandom_fd API. It allows the consumer to supply the /dev/urandom fd and promises to be fork-safe, both in initializing key material and use of pthreads. This doesn't affect any current shipping versions of Chrome. BUG=462040 Change-Id: I1037e21e525918971380e4ea1371703c8237a0b0 Reviewed-on: https://boringssl-review.googlesource.com/5302 Reviewed-by: Adam Langley <agl@google.com> |
||
|---|---|---|
| .. | ||
| asm | ||
| CMakeLists.txt | ||
| hwrand.c | ||
| internal.h | ||
| rand.c | ||
| urandom.c | ||
| windows.c | ||