1 files changed, 60 insertions, 11 deletions
diff --git a/src/lib/libcrypto/rand/randfile.c b/src/lib/libcrypto/rand/randfile.c
index 41574768ab..f5d0843d13 100644
--- a/src/lib/libcrypto/rand/randfile.c
+++ b/src/lib/libcrypto/rand/randfile.c
@@ -56,6 +56,9 @@
 * [including the GNU Public Licence.]
 */
+/* We need to define this to get macros like S_IFBLK and S_IFCHR */
+#define _XOPEN_SOURCE 1
 #include <errno.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -64,6 +67,7 @@
 #include "e_os.h"
 #include <openssl/crypto.h>
 #include <openssl/rand.h>
+#include <openssl/buffer.h>
 #ifdef OPENSSL_SYS_VMS
 #include <unixio.h>
@@ -106,6 +110,16 @@ int RAND_load_file(const char *file, long bytes)
        in=fopen(file,"rb");
        if (in == NULL) goto err;
+#if defined(S_IFBLK) && defined(S_IFCHR)
+        if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
+          /* this file is a device. we don't want read an infinite number
+           * of bytes from a random device, nor do we want to use buffered
+           * I/O because we will waste system entropy. 
+           */
+          bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */
+          setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */
+        }
+#endif
        for (;;)
                {
                if (bytes > 0)
@@ -135,7 +149,22 @@ int RAND_write_file(const char *file)
        int i,ret=0,rand_err=0;
        FILE *out = NULL;
        int n;
+        struct stat sb;
        
+        i=stat(file,&sb);
+        if (i != -1) { 
+#if defined(S_IFBLK) && defined(S_IFCHR)
+          if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
+            /* this file is a device. we don't write back to it. 
+             * we "succeed" on the assumption this is some sort 
+             * of random device. Otherwise attempting to write to 
+             * and chmod the device causes problems.
+             */
+            return(1); 
+          }
+#endif
+        }
 #if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32)
        /* For some reason Win32 can't write to files created this way */
        
@@ -197,16 +226,17 @@ err:
 const char *RAND_file_name(char *buf, size_t size)
        {
        char *s=NULL;
-        char *ret=NULL;
+        int ok = 0;
+#ifdef __OpenBSD__
+        struct stat sb;
+#endif
        if (OPENSSL_issetugid() == 0)
                s=getenv("RANDFILE");
-        if (s != NULL)
+        if (s != NULL && *s && strlen(s) + 1 < size)
                {
-                if(strlen(s) >= size)
+                if (BUF_strlcpy(buf,s,size) >= size)
                        return NULL;
-                strcpy(buf,s);
-                ret=buf;
                }
        else
                {
@@ -218,17 +248,36 @@ const char *RAND_file_name(char *buf, size_t size)
                        s = DEFAULT_HOME;
                        }
 #endif
-                if (s != NULL && (strlen(s)+strlen(RFILE)+2 < size))
+                if (s && *s && strlen(s)+strlen(RFILE)+2 < size)
                        {
-                        strcpy(buf,s);
+                        BUF_strlcpy(buf,s,size);
 #ifndef OPENSSL_SYS_VMS
-                        strcat(buf,"/");
+                        BUF_strlcat(buf,"/",size);
 #endif
-                        strcat(buf,RFILE);
+                        BUF_strlcat(buf,RFILE,size);
-                        ret=buf;
+                        ok = 1;
                        }
                else
                        buf[0] = '\0'; /* no file name */
                }
-        return(ret);
+#ifdef __OpenBSD__
+        /* given that all random loads just fail if the file can't be 
+         * seen on a stat, we stat the file we're returning, if it
+         * fails, use /dev/arandom instead. this allows the user to 
+         * use their own source for good random data, but defaults
+         * to something hopefully decent if that isn't available. 
+         */
+        if (!ok)
+                if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {
+                        return(NULL);
+                }       
+        if (stat(buf,&sb) == -1)
+                if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {
+                        return(NULL);
+                }       
+#endif
+        return(buf);
        }

diff --git a/src/lib/libcrypto/rand/randfile.c b/src/lib/libcrypto/rand/randfile.c index 41574768ab..f5d0843d13 100644 --- a/src/lib/libcrypto/rand/randfile.c +++ b/src/lib/libcrypto/rand/randfile.c
@@ -56,6 +56,9 @@
56	* [including the GNU Public Licence.]	56	* [including the GNU Public Licence.]
57	*/	57	*/
58		58
		59	/* We need to define this to get macros like S_IFBLK and S_IFCHR */
		60	#define _XOPEN_SOURCE 1
		61
59	#include <errno.h>	62	#include <errno.h>
60	#include <stdio.h>	63	#include <stdio.h>
61	#include <stdlib.h>	64	#include <stdlib.h>
@@ -64,6 +67,7 @@
64	#include "e_os.h"	67	#include "e_os.h"
65	#include <openssl/crypto.h>	68	#include <openssl/crypto.h>
66	#include <openssl/rand.h>	69	#include <openssl/rand.h>
		70	#include <openssl/buffer.h>
67		71
68	#ifdef OPENSSL_SYS_VMS	72	#ifdef OPENSSL_SYS_VMS
69	#include <unixio.h>	73	#include <unixio.h>
@@ -106,6 +110,16 @@ int RAND_load_file(const char *file, long bytes)
106		110
107	in=fopen(file,"rb");	111	in=fopen(file,"rb");
108	if (in == NULL) goto err;	112	if (in == NULL) goto err;
		113	#if defined(S_IFBLK) && defined(S_IFCHR)
		114	if (sb.st_mode & (S_IFBLK \| S_IFCHR)) {
		115	/* this file is a device. we don't want read an infinite number
		116	* of bytes from a random device, nor do we want to use buffered
		117	* I/O because we will waste system entropy.
		118	*/
		119	bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */
		120	setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */
		121	}
		122	#endif
109	for (;;)	123	for (;;)
110	{	124	{
111	if (bytes > 0)	125	if (bytes > 0)
@@ -135,7 +149,22 @@ int RAND_write_file(const char *file)
135	int i,ret=0,rand_err=0;	149	int i,ret=0,rand_err=0;
136	FILE *out = NULL;	150	FILE *out = NULL;
137	int n;	151	int n;
		152	struct stat sb;
138		153
		154	i=stat(file,&sb);
		155	if (i != -1) {
		156	#if defined(S_IFBLK) && defined(S_IFCHR)
		157	if (sb.st_mode & (S_IFBLK \| S_IFCHR)) {
		158	/* this file is a device. we don't write back to it.
		159	* we "succeed" on the assumption this is some sort
		160	* of random device. Otherwise attempting to write to
		161	* and chmod the device causes problems.
		162	*/
		163	return(1);
		164	}
		165	#endif
		166	}
		167
139	#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32)	168	#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32)
140	/* For some reason Win32 can't write to files created this way */	169	/* For some reason Win32 can't write to files created this way */
141		170
@@ -197,16 +226,17 @@ err:
197	const char RAND_file_name(char buf, size_t size)	226	const char RAND_file_name(char buf, size_t size)
198	{	227	{
199	char *s=NULL;	228	char *s=NULL;
200	char *ret=NULL;	229	int ok = 0;
		230	#ifdef __OpenBSD__
		231	struct stat sb;
		232	#endif
201		233
202	if (OPENSSL_issetugid() == 0)	234	if (OPENSSL_issetugid() == 0)
203	s=getenv("RANDFILE");	235	s=getenv("RANDFILE");
204	if (s != NULL)	236	if (s != NULL && *s && strlen(s) + 1 < size)
205	{	237	{
206	if(strlen(s) >= size)	238	if (BUF_strlcpy(buf,s,size) >= size)
207	return NULL;	239	return NULL;
208	strcpy(buf,s);
209	ret=buf;
210	}	240	}
211	else	241	else
212	{	242	{
@@ -218,17 +248,36 @@ const char RAND_file_name(char buf, size_t size)
218	s = DEFAULT_HOME;	248	s = DEFAULT_HOME;
219	}	249	}
220	#endif	250	#endif
221	if (s != NULL && (strlen(s)+strlen(RFILE)+2 < size))	251	if (s && *s && strlen(s)+strlen(RFILE)+2 < size)
222	{	252	{
223	strcpy(buf,s);	253	BUF_strlcpy(buf,s,size);
224	#ifndef OPENSSL_SYS_VMS	254	#ifndef OPENSSL_SYS_VMS
225	strcat(buf,"/");	255	BUF_strlcat(buf,"/",size);
226	#endif	256	#endif
227	strcat(buf,RFILE);	257	BUF_strlcat(buf,RFILE,size);
228	ret=buf;	258	ok = 1;
229	}	259	}
230	else	260	else
231	buf[0] = '\0'; /* no file name */	261	buf[0] = '\0'; /* no file name */
232	}	262	}
233	return(ret);	263
		264	#ifdef __OpenBSD__
		265	/* given that all random loads just fail if the file can't be
		266	* seen on a stat, we stat the file we're returning, if it
		267	* fails, use /dev/arandom instead. this allows the user to
		268	* use their own source for good random data, but defaults
		269	* to something hopefully decent if that isn't available.
		270	*/
		271
		272	if (!ok)
		273	if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {
		274	return(NULL);
		275	}
		276	if (stat(buf,&sb) == -1)
		277	if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {
		278	return(NULL);
		279	}
		280
		281	#endif
		282	return(buf);
234	}	283	}