1 files changed, 104 insertions, 37 deletions
diff --git a/src/lib/libcrypto/rand/randfile.c b/src/lib/libcrypto/rand/randfile.c
index f2b3746363..982074c465 100644
--- a/src/lib/libcrypto/rand/randfile.c
+++ b/src/lib/libcrypto/rand/randfile.c
@@ -56,22 +56,41 @@
 * [including the GNU Public Licence.]
 */
+#include <errno.h>
 #include <stdio.h>
-#include "cryptlib.h"
+#include <stdlib.h>
-#include <sys/stat.h>
+#include <string.h>
-#include <sys/types.h>
-#include "rand.h"
+#include "e_os.h"
+#include <openssl/crypto.h>
+#include <openssl/rand.h>
+#ifdef OPENSSL_SYS_VMS
+#include <unixio.h>
+#endif
+#ifndef NO_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#ifdef MAC_OS_pre_X
+# include <stat.h>
+#else
+# include <sys/stat.h>
+#endif
 #undef BUFSIZE
 #define BUFSIZE 1024
 #define RAND_DATA 1024
-/* #define RFILE ".rand" - defined in ../../e_os.h */
+/* #define RFILE ".rnd" - defined in ../../e_os.h */
+/* Note that these functions are intended for seed files only.
+ * Entropy devices and EGD sockets are handled in rand_unix.c */
-int RAND_load_file(file,bytes)
+int RAND_load_file(const char *file, long bytes)
-char *file;
-long bytes;
        {
+        /* If bytes >= 0, read up to 'bytes' bytes.
+         * if bytes == -1, read complete file. */
        MS_STATIC unsigned char buf[BUFSIZE];
        struct stat sb;
        int i,ret=0,n;
@@ -81,23 +100,28 @@ long bytes;
        i=stat(file,&sb);
        /* If the state fails, put some crap in anyway */
-        RAND_seed((unsigned char *)&sb,sizeof(sb));
+        RAND_add(&sb,sizeof(sb),0);
-        ret+=sizeof(sb);
        if (i < 0) return(0);
-        if (bytes <= 0) return(ret);
+        if (bytes == 0) return(ret);
-        in=fopen(file,"r");
+        in=fopen(file,"rb");
        if (in == NULL) goto err;
        for (;;)
                {
-                n=(bytes < BUFSIZE)?(int)bytes:BUFSIZE;
+                if (bytes > 0)
+                        n = (bytes < BUFSIZE)?(int)bytes:BUFSIZE;
+                else
+                        n = BUFSIZE;
                i=fread(buf,1,n,in);
                if (i <= 0) break;
                /* even if n != i, use the full array */
-                RAND_seed(buf,n);
+                RAND_add(buf,n,i);
                ret+=i;
-                bytes-=n;
+                if (bytes > 0)
-                if (bytes <= 0) break;
+                        {
+                        bytes-=n;
+                        if (bytes <= 0) break;
+                        }
                }
        fclose(in);
        memset(buf,0,BUFSIZE);
@@ -105,23 +129,36 @@ err:
        return(ret);
        }
-int RAND_write_file(file)
+int RAND_write_file(const char *file)
-char *file;
        {
        unsigned char buf[BUFSIZE];
-        int i,ret=0;
+        int i,ret=0,rand_err=0;
-        FILE *out;
+        FILE *out = NULL;
        int n;
+        
-        out=fopen(file,"w");
+#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32)
+        /* For some reason Win32 can't write to files created this way */
+        
+        /* chmod(..., 0600) is too late to protect the file,
+         * permissions should be restrictive from the start */
+        int fd = open(file, O_CREAT, 0600);
+        if (fd != -1)
+                out = fdopen(fd, "wb");
+#endif
+        if (out == NULL)
+                out = fopen(file,"wb");
        if (out == NULL) goto err;
+#ifndef NO_CHMOD
        chmod(file,0600);
+#endif
        n=RAND_DATA;
        for (;;)
                {
                i=(n > BUFSIZE)?BUFSIZE:n;
                n-=BUFSIZE;
-                RAND_bytes(buf,i);
+                if (RAND_bytes(buf,i) <= 0)
+                        rand_err=1;
                i=fwrite(buf,1,i,out);
                if (i <= 0)
                        {
@@ -130,21 +167,40 @@ char *file;
                        }
                ret+=i;
                if (n <= 0) break;
+                }
+#ifdef OPENSSL_SYS_VMS
+        /* Try to delete older versions of the file, until there aren't
+           any */
+        {
+        char *tmpf;
+        tmpf = OPENSSL_malloc(strlen(file) + 4);  /* to add ";-1" and a nul */
+        if (tmpf)
+                {
+                strcpy(tmpf, file);
+                strcat(tmpf, ";-1");
+                while(delete(tmpf) == 0)
+                        ;
+                rename(file,";1"); /* Make sure it's version 1, or we
+                                      will reach the limit (32767) at
+                                      some point... */
                }
+        }
+#endif /* OPENSSL_SYS_VMS */
        fclose(out);
        memset(buf,0,BUFSIZE);
 err:
-        return(ret);
+        return (rand_err ? -1 : ret);
        }
-char *RAND_file_name(buf,size)
+const char *RAND_file_name(char *buf, size_t size)
-char *buf;
-int size;
        {
-        char *s;
+        char *s=NULL;
        char *ret=NULL;
-        s=getenv("RANDFILE");
+        if (OPENSSL_issetugid() == 0)
+                s=getenv("RANDFILE");
        if (s != NULL)
                {
                strncpy(buf,s,size-1);
@@ -153,14 +209,25 @@ int size;
                }
        else
                {
-                s=getenv("HOME");
+                if (OPENSSL_issetugid() == 0)
-                if (s == NULL) return(RFILE);
+                        s=getenv("HOME");
-                if (((int)(strlen(s)+strlen(RFILE)+2)) > size)
+#ifdef DEFAULT_HOME
-                        return(RFILE);
+                if (s == NULL)
-                strcpy(buf,s);
+                        {
-                strcat(buf,"/");
+                        s = DEFAULT_HOME;
-                strcat(buf,RFILE);
+                        }
-                ret=buf;
+#endif
+                if (s != NULL && (strlen(s)+strlen(RFILE)+2 < size))
+                        {
+                        strcpy(buf,s);
+#ifndef OPENSSL_SYS_VMS
+                        strcat(buf,"/");
+#endif
+                        strcat(buf,RFILE);
+                        ret=buf;
+                        }
+                else
+                        buf[0] = '\0'; /* no file name */
                }
        return(ret);
        }

diff --git a/src/lib/libcrypto/rand/randfile.c b/src/lib/libcrypto/rand/randfile.c index f2b3746363..982074c465 100644 --- a/src/lib/libcrypto/rand/randfile.c +++ b/src/lib/libcrypto/rand/randfile.c
@@ -56,22 +56,41 @@
56	* [including the GNU Public Licence.]	56	* [including the GNU Public Licence.]
57	*/	57	*/
58		58
		59	#include <errno.h>
59	#include <stdio.h>	60	#include <stdio.h>
60	#include "cryptlib.h"	61	#include <stdlib.h>
61	#include <sys/stat.h>	62	#include <string.h>
62	#include <sys/types.h>	63
63	#include "rand.h"	64	#include "e_os.h"
		65	#include <openssl/crypto.h>
		66	#include <openssl/rand.h>
		67
		68	#ifdef OPENSSL_SYS_VMS
		69	#include <unixio.h>
		70	#endif
		71	#ifndef NO_SYS_TYPES_H
		72	# include <sys/types.h>
		73	#endif
		74	#ifdef MAC_OS_pre_X
		75	# include <stat.h>
		76	#else
		77	# include <sys/stat.h>
		78	#endif
64		79
65	#undef BUFSIZE	80	#undef BUFSIZE
66	#define BUFSIZE 1024	81	#define BUFSIZE 1024
67	#define RAND_DATA 1024	82	#define RAND_DATA 1024
68		83
69	/* #define RFILE ".rand" - defined in ../../e_os.h */	84	/* #define RFILE ".rnd" - defined in ../../e_os.h */
		85
		86	/* Note that these functions are intended for seed files only.
		87	* Entropy devices and EGD sockets are handled in rand_unix.c */
70		88
71	int RAND_load_file(file,bytes)	89	int RAND_load_file(const char *file, long bytes)
72	char *file;
73	long bytes;
74	{	90	{
		91	/* If bytes >= 0, read up to 'bytes' bytes.
		92	* if bytes == -1, read complete file. */
		93
75	MS_STATIC unsigned char buf[BUFSIZE];	94	MS_STATIC unsigned char buf[BUFSIZE];
76	struct stat sb;	95	struct stat sb;
77	int i,ret=0,n;	96	int i,ret=0,n;
@@ -81,23 +100,28 @@ long bytes;
81		100
82	i=stat(file,&sb);	101	i=stat(file,&sb);
83	/* If the state fails, put some crap in anyway */	102	/* If the state fails, put some crap in anyway */
84	RAND_seed((unsigned char *)&sb,sizeof(sb));	103	RAND_add(&sb,sizeof(sb),0);
85	ret+=sizeof(sb);
86	if (i < 0) return(0);	104	if (i < 0) return(0);
87	if (bytes <= 0) return(ret);	105	if (bytes == 0) return(ret);
88		106
89	in=fopen(file,"r");	107	in=fopen(file,"rb");
90	if (in == NULL) goto err;	108	if (in == NULL) goto err;
91	for (;;)	109	for (;;)
92	{	110	{
93	n=(bytes < BUFSIZE)?(int)bytes:BUFSIZE;	111	if (bytes > 0)
		112	n = (bytes < BUFSIZE)?(int)bytes:BUFSIZE;
		113	else
		114	n = BUFSIZE;
94	i=fread(buf,1,n,in);	115	i=fread(buf,1,n,in);
95	if (i <= 0) break;	116	if (i <= 0) break;
96	/* even if n != i, use the full array */	117	/* even if n != i, use the full array */
97	RAND_seed(buf,n);	118	RAND_add(buf,n,i);
98	ret+=i;	119	ret+=i;
99	bytes-=n;	120	if (bytes > 0)
100	if (bytes <= 0) break;	121	{
		122	bytes-=n;
		123	if (bytes <= 0) break;
		124	}
101	}	125	}
102	fclose(in);	126	fclose(in);
103	memset(buf,0,BUFSIZE);	127	memset(buf,0,BUFSIZE);
@@ -105,23 +129,36 @@ err:
105	return(ret);	129	return(ret);
106	}	130	}
107		131
108	int RAND_write_file(file)	132	int RAND_write_file(const char *file)
109	char *file;
110	{	133	{
111	unsigned char buf[BUFSIZE];	134	unsigned char buf[BUFSIZE];
112	int i,ret=0;	135	int i,ret=0,rand_err=0;
113	FILE *out;	136	FILE *out = NULL;
114	int n;	137	int n;
115		138
116	out=fopen(file,"w");	139	#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32)
		140	/* For some reason Win32 can't write to files created this way */
		141
		142	/* chmod(..., 0600) is too late to protect the file,
		143	* permissions should be restrictive from the start */
		144	int fd = open(file, O_CREAT, 0600);
		145	if (fd != -1)
		146	out = fdopen(fd, "wb");
		147	#endif
		148	if (out == NULL)
		149	out = fopen(file,"wb");
117	if (out == NULL) goto err;	150	if (out == NULL) goto err;
		151
		152	#ifndef NO_CHMOD
118	chmod(file,0600);	153	chmod(file,0600);
		154	#endif
119	n=RAND_DATA;	155	n=RAND_DATA;
120	for (;;)	156	for (;;)
121	{	157	{
122	i=(n > BUFSIZE)?BUFSIZE:n;	158	i=(n > BUFSIZE)?BUFSIZE:n;
123	n-=BUFSIZE;	159	n-=BUFSIZE;
124	RAND_bytes(buf,i);	160	if (RAND_bytes(buf,i) <= 0)
		161	rand_err=1;
125	i=fwrite(buf,1,i,out);	162	i=fwrite(buf,1,i,out);
126	if (i <= 0)	163	if (i <= 0)
127	{	164	{
@@ -130,21 +167,40 @@ char *file;
130	}	167	}
131	ret+=i;	168	ret+=i;
132	if (n <= 0) break;	169	if (n <= 0) break;
		170	}
		171	#ifdef OPENSSL_SYS_VMS
		172	/* Try to delete older versions of the file, until there aren't
		173	any */
		174	{
		175	char *tmpf;
		176
		177	tmpf = OPENSSL_malloc(strlen(file) + 4); /* to add ";-1" and a nul */
		178	if (tmpf)
		179	{
		180	strcpy(tmpf, file);
		181	strcat(tmpf, ";-1");
		182	while(delete(tmpf) == 0)
		183	;
		184	rename(file,";1"); /* Make sure it's version 1, or we
		185	will reach the limit (32767) at
		186	some point... */
133	}	187	}
		188	}
		189	#endif /* OPENSSL_SYS_VMS */
		190
134	fclose(out);	191	fclose(out);
135	memset(buf,0,BUFSIZE);	192	memset(buf,0,BUFSIZE);
136	err:	193	err:
137	return(ret);	194	return (rand_err ? -1 : ret);
138	}	195	}
139		196
140	char *RAND_file_name(buf,size)	197	const char RAND_file_name(char buf, size_t size)
141	char *buf;
142	int size;
143	{	198	{
144	char *s;	199	char *s=NULL;
145	char *ret=NULL;	200	char *ret=NULL;
146		201
147	s=getenv("RANDFILE");	202	if (OPENSSL_issetugid() == 0)
		203	s=getenv("RANDFILE");
148	if (s != NULL)	204	if (s != NULL)
149	{	205	{
150	strncpy(buf,s,size-1);	206	strncpy(buf,s,size-1);
@@ -153,14 +209,25 @@ int size;
153	}	209	}
154	else	210	else
155	{	211	{
156	s=getenv("HOME");	212	if (OPENSSL_issetugid() == 0)
157	if (s == NULL) return(RFILE);	213	s=getenv("HOME");
158	if (((int)(strlen(s)+strlen(RFILE)+2)) > size)	214	#ifdef DEFAULT_HOME
159	return(RFILE);	215	if (s == NULL)
160	strcpy(buf,s);	216	{
161	strcat(buf,"/");	217	s = DEFAULT_HOME;
162	strcat(buf,RFILE);	218	}
163	ret=buf;	219	#endif
		220	if (s != NULL && (strlen(s)+strlen(RFILE)+2 < size))
		221	{
		222	strcpy(buf,s);
		223	#ifndef OPENSSL_SYS_VMS
		224	strcat(buf,"/");
		225	#endif
		226	strcat(buf,RFILE);
		227	ret=buf;
		228	}
		229	else
		230	buf[0] = '\0'; /* no file name */
164	}	231	}
165	return(ret);	232	return(ret);
166	}	233	}