aboutsummaryrefslogtreecommitdiff
path: root/openssl/trunk/doc/crypto/RAND_load_file.pod
blob: d8c134e621d16c994eff677305ad610a4fed2043 (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53

=pod

=head1 NAME

RAND_load_file, RAND_write_file, RAND_file_name - PRNG seed file

=head1 SYNOPSIS

 #include <openssl/rand.h>

 const char *RAND_file_name(char *buf, size_t num);

 int RAND_load_file(const char *filename, long max_bytes);

 int RAND_write_file(const char *filename);

=head1 DESCRIPTION

RAND_file_name() generates a default path for the random seed
file. B<buf> points to a buffer of size B<num> in which to store the
filename. The seed file is $RANDFILE if that environment variable is
set, $HOME/.rnd otherwise. If $HOME is not set either, or B<num> is
too small for the path name, an error occurs.

RAND_load_file() reads a number of bytes from file B<filename> and
adds them to the PRNG. If B<max_bytes> is non-negative,
up to to B<max_bytes> are read; starting with OpenSSL 0.9.5,
if B<max_bytes> is -1, the complete file is read.

RAND_write_file() writes a number of random bytes (currently 1024) to
file B<filename> which can be used to initialize the PRNG by calling
RAND_load_file() in a later session.

=head1 RETURN VALUES

RAND_load_file() returns the number of bytes read.

RAND_write_file() returns the number of bytes written, and -1 if the
bytes written were generated without appropriate seed.

RAND_file_name() returns a pointer to B<buf> on success, and NULL on
error.

=head1 SEE ALSO

L<rand(3)|rand(3)>, L<RAND_add(3)|RAND_add(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)>

=head1 HISTORY

RAND_load_file(), RAND_write_file() and RAND_file_name() are available in
all versions of SSLeay and OpenSSL.

=cut
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-19 05:33:43 +0000
d-color: #FFF0F0 } /* Literal.String.Escape */ .highlight .sh { color: #D20; background-color: #FFF0F0 } /* Literal.String.Heredoc */ .highlight .si { color: #33B; background-color: #FFF0F0 } /* Literal.String.Interpol */ .highlight .sx { color: #2B2; background-color: #F0FFF0 } /* Literal.String.Other */ .highlight .sr { color: #080; background-color: #FFF0FF } /* Literal.String.Regex */ .highlight .s1 { color: #D20; background-color: #FFF0F0 } /* Literal.String.Single */ .highlight .ss { color: #A60; background-color: #FFF0F0 } /* Literal.String.Symbol */ .highlight .bp { color: #038 } /* Name.Builtin.Pseudo */ .highlight .fm { color: #06B; font-weight: bold } /* Name.Function.Magic */ .highlight .vc { color: #369 } /* Name.Variable.Class */ .highlight .vg { color: #D70 } /* Name.Variable.Global */ .highlight .vi { color: #33B } /* Name.Variable.Instance */ .highlight .vm { color: #369 } /* Name.Variable.Magic */ .highlight .il { color: #00D; font-weight: bold } /* Literal.Number.Integer.Long */
#!/bin/sh -
# $Id$
#
# Create a chroot jail for rcynic.
#
# This is approximately what a pkg-install script might do if this were
# a FreeBSD port.  Perhaps some day it will be.

: ${jaildir="/var/rcynic"}
: ${jailuser="rcynic"}
: ${jailgroup="rcynic"}
: ${setupcron="NO"}

echo "Setting up \"${jaildir}\" as a chroot jail for rcynic."

if /usr/sbin/pw groupshow "${jailgroup}" 2>/dev/null; then
    echo "You already have a group \"${jailgroup}\", so I will use it."
elif /usr/sbin/pw groupadd ${jailgroup}; then
    echo "Added group \"${jailgroup}\"."
else
    echo "Adding group \"${jailgroup}\" failed..."
    echo "Please create it, then try again."
    exit 1
fi

if /usr/sbin/pw usershow "${jailuser}" 2>/dev/null; then
    echo "You already have a user \"${jailuser}\", so I will use it."
elif /usr/sbin/pw useradd ${jailuser} -g ${jailgroup} -h - -d /nonexistant -s /usr/sbin/nologin -c "RPKI validation system"; then
    echo "Added user \"${jailuser}\"."
else
    echo "Adding user \"${jailuser}\" failed..."
    echo "Please create it, then try again."
    exit 1
fi

if ! /bin/test -d "${jaildir}"; then
    /bin/mkdir "${jaildir}"
fi

if /usr/bin/install -m 555 -o root -g wheel -p rc.d.rcynic /usr/local/etc/rc.d/rcynic; then
    echo "Installed rc.d.rcynic as /usr/local/etc/rc.d/rcynic"
else
    echo "Installing /usr/local/etc/rc.d/rcynic failed"
    exit 1
fi

echo "Running /usr/local/etc/rc.d/rcynic to set up directories"

if ! rcynic_jaildir="$jaildir" rcynic_user="$jailuser" rcynic_group="$jailgroup" /bin/sh /usr/local/etc/rc.d/rcynic start; then
    echo "Directory setup failed"
    exit 1
fi

if /bin/test -r "$jaildir/etc/rcynic.conf"; then
    echo "You already have config file \"${jaildir}/etc/rcynic.conf\", so I will use it."
elif /usr/bin/install -m 444 -o root -g wheel -p ../sample-rcynic.conf "${jaildir}/etc/rcynic.conf"; then
    echo "Installed minimal ${jaildir}/etc/rcynic.conf, adding SAMPLE trust anchors"
    for i in ../../sample-trust-anchors/*.cer; do
	j="$jaildir/etc/trust-anchors/${i##*/}"
	/bin/test -r "$i" || continue
	/bin/test -r "$j" && continue
	echo "Installing $i as $j"
	/usr/bin/install -m 444 -o root -g wheel -p "$i" "$j"
    done
    j=1
    for i in $jaildir/etc/trust-anchors/*.cer; do
	echo >>"${jaildir}/etc/rcynic.conf" "trust-anchor.$j		= /etc/trust-anchors/${i##*/}"
	j=$((j+1))
    done
else
    echo "Installing minimal ${jaildir}/etc/rcynic.conf failed"
    exit 1
fi

echo "Installing rcynic as ${jaildir}/bin/rcynic"

/usr/bin/install -m 555 -o root -g wheel -p ../../rcynic "${jaildir}/bin/rcynic"

if /bin/test ! -x "$jaildir/bin/rsync" -a ! -x ../../static-rsync/rsync; then
    echo "Building static rsync for jail, this may take a little while"
    (cd ../../static-rsync && exec make)
fi

if /bin/test -x "$jaildir/bin/rsync"; then
    echo "You already have an executable \"$jaildir/bin/rsync\", so I will use it"
elif /usr/bin/install -m 555 -o root -g wheel -p ../../static-rsync/rsync "${jaildir}/bin/rsync"; then
    echo "Installed static rsync as \"${jaildir}/bin/rsync\""
else
    echo "Installing static rsync failed"
    exit 1
fi

if /usr/bin/install -m 444 -o root -g wheel -p ../../rcynic.xsl "${jaildir}/etc/rcynic.xsl"; then
    echo "Installed rcynic.xsl as \"${jaildir}/etc/rcynic.xsl\""
else
    echo "Installing rcynic.xsl failed"
    exit 1
fi

echo "Setting up root's crontab to run jailed rcynic"

case "$setupcron" in
YES|yes)
    /usr/bin/crontab -l -u root 2>/dev/null |
    /usr/bin/awk -v "jailuser=$jailuser" -v "jailgroup=$jailgroup" -v "jaildir=$jaildir" '
	BEGIN {
	    cmd = "exec /usr/sbin/chroot -u " jailuser " -g " jailgroup " " jaildir;
	    cmd = cmd " /bin/rcynic -c /etc/rcynic.conf";
	}
	$0 !~ cmd {
	    print;
	}
	END {
	    "/usr/bin/hexdump -n 2 -e \"\\\"%u\\\\\\n\\\"\" /dev/random" | getline;
	    printf "%u * * * *\t%s\n", $1 % 60, cmd;
	}' |
    /usr/bin/crontab -u root -
    /bin/cat <<EOF

	crontab is set up to run rcynic hourly, at a randomly selected
	minute (to spread load on the rsync servers).  Please do NOT
	adjust this to run on the hour.  In particular please do NOT
	adjust this to run at midnight UTC.
EOF
    ;;

*)
    /bin/cat <<EOF

	You'll need to add a crontab entry running the following command as root:

	    /usr/sbin/chroot -u $jailuser -g $jailgroup $jaildir /bin/rcynic -c /etc/rcynic.conf

	Please try to pick a random time for this, don't just run it on the hour,
	or at local midnight, or, worst of all, at midnight UTC.

EOF
    ;;

esac

/bin/cat <<EOF

	Jail set up. You may need to customize $jaildir/etc/rcynic.conf.
	If you did not install your own trust anchors, a default set
	of SAMPLE trust anchors may have been installed for you, but
	you, the relying party, are the only one who can decide
	whether you trust those anchors.  rcynic will not do anything
	useful without good trust anchors.

EOF
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-19 05:33:42 +0000