diff options
author | deraadt <> | 2014-07-14 00:01:39 +0000 |
---|---|---|
committer | deraadt <> | 2014-07-14 00:01:39 +0000 |
commit | a46137d3ad2d8637a6c5b8511d1c6cba0bb33794 (patch) | |
tree | 7974c4f4891ebd338a70e4a147980ea8d0af914a /src | |
parent | f3c215bf8d1b8caaa3cde931a718945e8abb7c33 (diff) | |
download | openbsd-a46137d3ad2d8637a6c5b8511d1c6cba0bb33794.tar.gz openbsd-a46137d3ad2d8637a6c5b8511d1c6cba0bb33794.tar.bz2 openbsd-a46137d3ad2d8637a6c5b8511d1c6cba0bb33794.zip |
Improve RAND_write_file(), chmod crud, etc.
ok tedu
Diffstat (limited to '')
-rw-r--r-- | src/lib/libcrypto/rand/randfile.c | 46 | ||||
-rw-r--r-- | src/lib/libssl/src/crypto/rand/randfile.c | 46 |
2 files changed, 38 insertions, 54 deletions
diff --git a/src/lib/libcrypto/rand/randfile.c b/src/lib/libcrypto/rand/randfile.c index ba9bf1d490..dca49b10aa 100644 --- a/src/lib/libcrypto/rand/randfile.c +++ b/src/lib/libcrypto/rand/randfile.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: randfile.c,v 1.38 2014/06/12 15:49:30 deraadt Exp $ */ | 1 | /* $OpenBSD: randfile.c,v 1.39 2014/07/14 00:01:39 deraadt Exp $ */ |
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 | * All rights reserved. | 3 | * All rights reserved. |
4 | * | 4 | * |
@@ -59,6 +59,7 @@ | |||
59 | #include <errno.h> | 59 | #include <errno.h> |
60 | #include <stdio.h> | 60 | #include <stdio.h> |
61 | #include <stdlib.h> | 61 | #include <stdlib.h> |
62 | #include <unistd.h> | ||
62 | #include <string.h> | 63 | #include <string.h> |
63 | 64 | ||
64 | #include <openssl/crypto.h> | 65 | #include <openssl/crypto.h> |
@@ -91,35 +92,28 @@ RAND_write_file(const char *file) | |||
91 | unsigned char buf[BUFSIZE]; | 92 | unsigned char buf[BUFSIZE]; |
92 | int i, ret = 0, rand_err = 0; | 93 | int i, ret = 0, rand_err = 0; |
93 | FILE *out = NULL; | 94 | FILE *out = NULL; |
94 | int n; | 95 | int n, fd; |
95 | struct stat sb; | 96 | struct stat sb; |
96 | 97 | ||
97 | i = stat(file, &sb); | 98 | /* |
98 | if (i != -1) { | 99 | * If this file is a device, avoid opening it. |
99 | if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) { | 100 | * XXX TOCTOU |
100 | /* this file is a device. we don't write back to it. | 101 | */ |
101 | * we "succeed" on the assumption this is some sort | 102 | if (stat(file, &sb) != -1 && |
102 | * of random device. Otherwise attempting to write to | 103 | (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode))) { |
103 | * and chmod the device causes problems. | 104 | return (1); |
104 | */ | ||
105 | return (1); | ||
106 | } | ||
107 | } | 105 | } |
108 | 106 | ||
109 | { | 107 | fd = open(file, O_WRONLY|O_CREAT, 0600); |
110 | /* chmod(..., 0600) is too late to protect the file, | 108 | if (fd == -1) |
111 | * permissions should be restrictive from the start */ | 109 | return (1); |
112 | int fd = open(file, O_WRONLY|O_CREAT, 0600); | 110 | out = fdopen(fd, "wb"); |
113 | if (fd != -1) | ||
114 | out = fdopen(fd, "wb"); | ||
115 | } | ||
116 | 111 | ||
117 | if (out == NULL) | 112 | if (out == NULL) { |
118 | out = fopen(file, "wb"); | 113 | close(fd); |
119 | if (out == NULL) | 114 | return (1); |
120 | goto err; | 115 | } |
121 | 116 | ||
122 | chmod(file, 0600); | ||
123 | n = RAND_DATA; | 117 | n = RAND_DATA; |
124 | for (;;) { | 118 | for (;;) { |
125 | i = (n > BUFSIZE) ? BUFSIZE : n; | 119 | i = (n > BUFSIZE) ? BUFSIZE : n; |
@@ -138,13 +132,11 @@ RAND_write_file(const char *file) | |||
138 | 132 | ||
139 | fclose(out); | 133 | fclose(out); |
140 | OPENSSL_cleanse(buf, BUFSIZE); | 134 | OPENSSL_cleanse(buf, BUFSIZE); |
141 | |||
142 | err: | ||
143 | return (rand_err ? -1 : ret); | 135 | return (rand_err ? -1 : ret); |
144 | } | 136 | } |
145 | 137 | ||
146 | const char * | 138 | const char * |
147 | RAND_file_name(char *buf, size_t size) | 139 | RAND_file_name(char * buf, size_t size) |
148 | { | 140 | { |
149 | if (strlcpy(buf, "/dev/urandom", size) >= size) | 141 | if (strlcpy(buf, "/dev/urandom", size) >= size) |
150 | return (NULL); | 142 | return (NULL); |
diff --git a/src/lib/libssl/src/crypto/rand/randfile.c b/src/lib/libssl/src/crypto/rand/randfile.c index ba9bf1d490..dca49b10aa 100644 --- a/src/lib/libssl/src/crypto/rand/randfile.c +++ b/src/lib/libssl/src/crypto/rand/randfile.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: randfile.c,v 1.38 2014/06/12 15:49:30 deraadt Exp $ */ | 1 | /* $OpenBSD: randfile.c,v 1.39 2014/07/14 00:01:39 deraadt Exp $ */ |
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 | * All rights reserved. | 3 | * All rights reserved. |
4 | * | 4 | * |
@@ -59,6 +59,7 @@ | |||
59 | #include <errno.h> | 59 | #include <errno.h> |
60 | #include <stdio.h> | 60 | #include <stdio.h> |
61 | #include <stdlib.h> | 61 | #include <stdlib.h> |
62 | #include <unistd.h> | ||
62 | #include <string.h> | 63 | #include <string.h> |
63 | 64 | ||
64 | #include <openssl/crypto.h> | 65 | #include <openssl/crypto.h> |
@@ -91,35 +92,28 @@ RAND_write_file(const char *file) | |||
91 | unsigned char buf[BUFSIZE]; | 92 | unsigned char buf[BUFSIZE]; |
92 | int i, ret = 0, rand_err = 0; | 93 | int i, ret = 0, rand_err = 0; |
93 | FILE *out = NULL; | 94 | FILE *out = NULL; |
94 | int n; | 95 | int n, fd; |
95 | struct stat sb; | 96 | struct stat sb; |
96 | 97 | ||
97 | i = stat(file, &sb); | 98 | /* |
98 | if (i != -1) { | 99 | * If this file is a device, avoid opening it. |
99 | if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) { | 100 | * XXX TOCTOU |
100 | /* this file is a device. we don't write back to it. | 101 | */ |
101 | * we "succeed" on the assumption this is some sort | 102 | if (stat(file, &sb) != -1 && |
102 | * of random device. Otherwise attempting to write to | 103 | (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode))) { |
103 | * and chmod the device causes problems. | 104 | return (1); |
104 | */ | ||
105 | return (1); | ||
106 | } | ||
107 | } | 105 | } |
108 | 106 | ||
109 | { | 107 | fd = open(file, O_WRONLY|O_CREAT, 0600); |
110 | /* chmod(..., 0600) is too late to protect the file, | 108 | if (fd == -1) |
111 | * permissions should be restrictive from the start */ | 109 | return (1); |
112 | int fd = open(file, O_WRONLY|O_CREAT, 0600); | 110 | out = fdopen(fd, "wb"); |
113 | if (fd != -1) | ||
114 | out = fdopen(fd, "wb"); | ||
115 | } | ||
116 | 111 | ||
117 | if (out == NULL) | 112 | if (out == NULL) { |
118 | out = fopen(file, "wb"); | 113 | close(fd); |
119 | if (out == NULL) | 114 | return (1); |
120 | goto err; | 115 | } |
121 | 116 | ||
122 | chmod(file, 0600); | ||
123 | n = RAND_DATA; | 117 | n = RAND_DATA; |
124 | for (;;) { | 118 | for (;;) { |
125 | i = (n > BUFSIZE) ? BUFSIZE : n; | 119 | i = (n > BUFSIZE) ? BUFSIZE : n; |
@@ -138,13 +132,11 @@ RAND_write_file(const char *file) | |||
138 | 132 | ||
139 | fclose(out); | 133 | fclose(out); |
140 | OPENSSL_cleanse(buf, BUFSIZE); | 134 | OPENSSL_cleanse(buf, BUFSIZE); |
141 | |||
142 | err: | ||
143 | return (rand_err ? -1 : ret); | 135 | return (rand_err ? -1 : ret); |
144 | } | 136 | } |
145 | 137 | ||
146 | const char * | 138 | const char * |
147 | RAND_file_name(char *buf, size_t size) | 139 | RAND_file_name(char * buf, size_t size) |
148 | { | 140 | { |
149 | if (strlcpy(buf, "/dev/urandom", size) >= size) | 141 | if (strlcpy(buf, "/dev/urandom", size) >= size) |
150 | return (NULL); | 142 | return (NULL); |