| commit | 3e4dfbb2f81493e1f25b3ce83fee3ed999373a6c | [log] [tgz] |
|---|---|---|
| author | David Benjamin <davidben@google.com> | Tue Apr 21 17:29:50 2020 -0400 |
| committer | CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> | Thu May 14 18:17:12 2020 +0000 |
| tree | 1c80ac7b7e6a8f206a6c6cbf98551dbeab199a27 | |
| parent | 9cf9d3eb0681e0522db89ef5178c7bf8d5e7977f [diff] [blame] |
Add CRYPTO_pre_sandbox_init. The intent is to replace the logic in [0] and allows Chromium to set up the MADV_WIPEONFORK page without increasing sandbox syscall surface. From there we can remove RAND_set_urandom_fd and trim a bit of complexity from the PRNG logic. [0] https://source.chromium.org/chromium/chromium/src/+/master:content/app/content_main_runner_impl.cc;l=333-341;drc=975850fa57e140ec696114477e9416a19f06d29f Change-Id: I9b679e15da551a10302389556c6c77d192be662a Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41326 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h index e539bdb..0dc5373 100644 --- a/include/openssl/crypto.h +++ b/include/openssl/crypto.h
@@ -63,6 +63,14 @@ // success and zero on error. OPENSSL_EXPORT int BORINGSSL_self_test(void); +// CRYPTO_pre_sandbox_init initializes the crypto library, pre-acquiring some +// unusual resources to aid running in sandboxed environments. It is safe to +// call this function multiple times and concurrently from multiple threads. +// +// For more details on using BoringSSL in a sandboxed environment, see +// SANDBOXING.md in the source tree. +OPENSSL_EXPORT void CRYPTO_pre_sandbox_init(void); + // Deprecated functions.