From a31011e8e0ea18f1cc79d7eb53238768ae9369c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Tue, 26 Oct 1999 01:56:29 +0000 Subject: [PATCH] Various randomness handling bugfixes and improvements -- some utilities that should have used RANDFILE did not, and -rand handling was broken except in genrsa. --- CHANGES | 27 ++++++++++++++++++ apps/Makefile.ssl | 13 +++++---- apps/apps.h | 10 +++++++ apps/ca.c | 10 +++++-- apps/dsaparam.c | 24 ++++++++++++---- apps/gendh.c | 44 +++++------------------------ apps/gendsa.c | 46 +++++------------------------- apps/genrsa.c | 63 ++++++------------------------------------ apps/progs.h | 6 ++-- apps/progs.pl | 4 ++- apps/req.c | 26 +++-------------- apps/s_client.c | 2 ++ apps/s_server.c | 2 ++ apps/x509.c | 13 +++++++++ crypto/rand/randfile.c | 16 +++++++++-- 15 files changed, 134 insertions(+), 172 deletions(-) diff --git a/CHANGES b/CHANGES index 482166c0c1..62f5c90daa 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,33 @@ Changes between 0.9.4 and 0.9.5 [xx XXX 1999] + *) New file apps/app_rand.c with commonly needed functionality + for handling the random seed file. + + Use the random seed file in some applications that previously did not: + ca, + dsaparam -genkey (which also ignored its `-rand' option), + s_client, + s_server, + x509 (when signing). + Except on systems with /dev/urandom, it is crucial to have a random + seed file at least for key creation, DSA signing, and for DH exchanges; + for RSA signatures it might not hurt _that_ much not to have one. + + gendh and gendsa (unlike genrsa) used to read only the first byte + of each file listed in the `-rand' option. The function as previously + found in genrsa is now in app_rand.c and is used by all programs + that support `-rand'. + [Bodo Moeller] + + *) In RAND_write_file, use mode 0600 for creating files; + don't just chmod when it may be too late. + [Bodo Moeller] + + *) Report an error from X509_STORE_load_locations + when X509_LOOKUP_load_file or X509_LOOKUP_add_dir failed. + [Bill Perry] + *) New function ASN1_mbstring_copy() this copies a string in either ASCII, Unicode, Universal (4 bytes per character) or UTF8 format into an ASN1_STRING type. A mask of permissible types is passed diff --git a/apps/Makefile.ssl b/apps/Makefile.ssl index 87f2631685..cebef5fa97 100644 --- a/apps/Makefile.ssl +++ b/apps/Makefile.ssl @@ -13,6 +13,7 @@ OPENSSLDIR= /usr/local/ssl MAKE= make -f Makefile.ssl MAKEDEPEND= $(TOP)/util/domd $(TOP) MAKEFILE= Makefile.ssl +PERL=/usr/local/bin/perl RM= rm -f PEX_LIBS= @@ -45,12 +46,14 @@ A_OBJ=apps.o A_SRC=apps.c S_OBJ= s_cb.o s_socket.o S_SRC= s_cb.c s_socket.c +RAND_OBJ=app_rand.o +RAND_SRC=app_rand.c E_OBJ= verify.o asn1pars.o req.o dgst.o dh.o enc.o gendh.o errstr.o ca.o \ pkcs7.o crl2p7.o crl.o \ rsa.o dsa.o dsaparam.o \ x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \ - s_time.o $(A_OBJ) $(S_OBJ) version.o sess_id.o \ + s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \ ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o # pem_mail.o @@ -59,7 +62,7 @@ E_SRC= verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c \ pkcs7.c crl2p7.c crl.c \ rsa.c dsa.c dsaparam.c \ x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \ - s_time.c $(A_SRC) $(S_SRC) version.c sess_id.c \ + s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \ ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c # pem_mail.c @@ -81,7 +84,7 @@ all: exe exe: $(EXE) req: sreq.o $(A_OBJ) $(DLIBCRYPTO) - $(CC) -o req $(CFLAG) sreq.o $(A_OBJ) $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + $(CC) -o req $(CFLAG) sreq.o $(A_OBJ) $(RAND_OBJ) $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) sreq.o: req.c $(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c @@ -138,8 +141,8 @@ $(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL) $(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS) @(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; sh tools/c_rehash certs) -progs.h: - $(PERL) ./progs.pl $(E_EXE) >progs.h +progs.h: progs.pl + $(PERL) progs.pl $(E_EXE) >progs.h $(RM) $(PROGRAM).o # DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/apps/apps.h b/apps/apps.h index 063f9c65be..ce1f0fd9af 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -66,6 +66,16 @@ #include #include "progs.h" +int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn); +int app_RAND_write_file(const char *file, BIO *bio_e); +/* When `file' is NULL, use defaults. + * `bio_e' is for error messages. */ +void app_RAND_allow_write_file(void); +long app_RAND_load_files(char *file); /* `file' is a list of files to read, + * separated by LIST_SEPARATOR_CHAR + * (see e_os.h). The string is + * destroyed! */ + #ifdef NO_STDIO BIO_METHOD *BIO_s_file(); #endif diff --git a/apps/ca.c b/apps/ca.c index 8d33bc91ce..9cafe400e6 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -266,6 +266,7 @@ int MAIN(int argc, char **argv) #undef BSIZE #define BSIZE 256 MS_STATIC char buf[3][BSIZE]; + char *randfile; #ifdef EFENCE EF_PROTECT_FREE=1; @@ -495,12 +496,16 @@ bad: BIO_free(oid_bio); } } - } - if(!add_oid_section(conf)) { + if(!add_oid_section(conf)) + { ERR_print_errors(bio_err); goto err; + } } + randfile = CONF_get_string(conf, BASE_SECTION, "RANDFILE"); + app_RAND_load_file(randfile, bio_err, 0); + in=BIO_new(BIO_s_file()); out=BIO_new(BIO_s_file()); Sout=BIO_new(BIO_s_file()); @@ -1236,6 +1241,7 @@ err: sk_pop_free(cert_sk,X509_free); if (ret) ERR_print_errors(bio_err); + app_RAND_write_file(randfile, bio_err); BN_free(serial); TXT_DB_free(db); EVP_PKEY_free(pkey); diff --git a/apps/dsaparam.c b/apps/dsaparam.c index 9316fb2c8a..1b5380662d 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -57,6 +57,7 @@ */ #ifndef NO_DSA +#include #include #include #include @@ -65,7 +66,6 @@ #include #include #include -#include #include #include #include @@ -93,7 +93,7 @@ int MAIN(int argc, char **argv) int informat,outformat,noout=0,C=0,ret=1; char *infile,*outfile,*prog,*inrand=NULL; int numbits= -1,num,genkey=0; - char buffer[200],*randfile=NULL; + int need_rand=0; apps_startup(); @@ -136,11 +136,15 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv,"-C") == 0) C=1; else if (strcmp(*argv,"-genkey") == 0) + { genkey=1; + need_rand=1; + } else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) goto bad; inrand= *(++argv); + need_rand=1; } else if (strcmp(*argv,"-noout") == 0) noout=1; @@ -148,6 +152,7 @@ int MAIN(int argc, char **argv) { /* generate a key */ numbits=num; + need_rand=1; } else { @@ -207,11 +212,17 @@ bad: } } + if (need_rand) + { + app_RAND_load_file(NULL, bio_err, (inrand != NULL)); + if (inrand != NULL) + BIO_printf(bio_err,"%ld semi-random bytes loaded\n", + app_RAND_load_files(inrand)); + } + if (numbits > 0) { - randfile=RAND_file_name(buffer,200); - RAND_load_file(randfile,1024L*1024L); - + assert(need_rand); BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num); BIO_printf(bio_err,"This could take some time\n"); dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL, @@ -316,6 +327,7 @@ bad: { DSA *dsakey; + assert(need_rand); if ((dsakey=DSAparams_dup(dsa)) == NULL) goto end; if (!DSA_generate_key(dsakey)) goto end; if (outformat == FORMAT_ASN1) @@ -328,6 +340,8 @@ bad: } DSA_free(dsakey); } + if (need_rand) + app_RAND_write_file(NULL, bio_err); ret=0; end: if (in != NULL) BIO_free(in); diff --git a/apps/gendh.c b/apps/gendh.c index 3d50948580..0284faf28d 100644 --- a/apps/gendh.c +++ b/apps/gendh.c @@ -75,7 +75,6 @@ #define PROG gendh_main static void MS_CALLBACK dh_cb(int p, int n, void *arg); -static long dh_load_rand(char *names); int MAIN(int argc, char **argv) { char buffer[200]; @@ -83,7 +82,7 @@ int MAIN(int argc, char **argv) int ret=1,num=DEFBITS; int g=2; char *outfile=NULL; - char *inrand=NULL,*randfile; + char *inrand=NULL; BIO *out=NULL; apps_startup(); @@ -150,17 +149,13 @@ bad: } } - randfile=RAND_file_name(buffer,200); - if ((randfile == NULL)|| !RAND_load_file(randfile,1024L*1024L)) - BIO_printf(bio_err,"unable to load 'random state'\n"); - - if (inrand == NULL) - BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); - else + if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) { - BIO_printf(bio_err,"%ld semi-random bytes loaded\n", - dh_load_rand(inrand)); + BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); } + if (inrand != NULL) + BIO_printf(bio_err,"%ld semi-random bytes loaded\n", + app_RAND_load_files(inrand)); BIO_printf(bio_err,"Generating DH parameters, %d bit long strong prime, generator of %d\n",num,g); BIO_printf(bio_err,"This is going to take a long time\n"); @@ -168,10 +163,7 @@ bad: if (dh == NULL) goto end; - if (randfile == NULL) - BIO_printf(bio_err,"unable to write 'random state'\n"); - else - RAND_write_file(randfile); + app_RAND_write_file(NULL, bio_err); if (!PEM_write_bio_DHparams(out,dh)) goto end; @@ -198,26 +190,4 @@ static void MS_CALLBACK dh_cb(int p, int n, void *arg) p=n; #endif } - -static long dh_load_rand(char *name) - { - char *p,*n; - int last; - long tot=0; - - for (;;) - { - last=0; - for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++); - if (*p == '\0') last=1; - *p='\0'; - n=name; - name=p+1; - if (*n == '\0') break; - - tot+=RAND_load_file(n,1); - if (last) break; - } - return(tot); - } #endif diff --git a/apps/gendsa.c b/apps/gendsa.c index 5f00b89bb0..44d2b42a05 100644 --- a/apps/gendsa.c +++ b/apps/gendsa.c @@ -63,7 +63,6 @@ #include #include "apps.h" #include -#include #include #include #include @@ -74,14 +73,12 @@ #undef PROG #define PROG gendsa_main -static long dsa_load_rand(char *names); int MAIN(int argc, char **argv) { - char buffer[200]; DSA *dsa=NULL; int ret=1; char *outfile=NULL; - char *inrand=NULL,*randfile,*dsaparams=NULL; + char *inrand=NULL,*dsaparams=NULL; BIO *out=NULL,*in=NULL; EVP_CIPHER *enc=NULL; @@ -176,26 +173,19 @@ bad: } } - randfile=RAND_file_name(buffer,200); - if ((randfile == NULL)|| !RAND_load_file(randfile,1024L*1024L)) - BIO_printf(bio_err,"unable to load 'random state'\n"); - - if (inrand == NULL) - BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); - else + if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) { - BIO_printf(bio_err,"%ld semi-random bytes loaded\n", - dsa_load_rand(inrand)); + BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); } + if (inrand != NULL) + BIO_printf(bio_err,"%ld semi-random bytes loaded\n", + app_RAND_load_files(inrand)); BIO_printf(bio_err,"Generating DSA key, %d bits\n", BN_num_bits(dsa->p)); if (!DSA_generate_key(dsa)) goto end; - if (randfile == NULL) - BIO_printf(bio_err,"unable to write 'random state'\n"); - else - RAND_write_file(randfile); + app_RAND_write_file(NULL, bio_err); if (!PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL,NULL)) goto end; @@ -207,26 +197,4 @@ end: if (dsa != NULL) DSA_free(dsa); EXIT(ret); } - -static long dsa_load_rand(char *name) - { - char *p,*n; - int last; - long tot=0; - - for (;;) - { - last=0; - for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++); - if (*p == '\0') last=1; - *p='\0'; - n=name; - name=p+1; - if (*n == '\0') break; - - tot+=RAND_load_file(n,1); - if (last) break; - } - return(tot); - } #endif diff --git a/apps/genrsa.c b/apps/genrsa.c index 67382065fb..96df5703c4 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -63,7 +63,6 @@ #include #include "apps.h" #include -#include #include #include #include @@ -76,18 +75,16 @@ #define PROG genrsa_main static void MS_CALLBACK genrsa_cb(int p, int n, void *arg); -static long gr_load_rand(char *names); int MAIN(int argc, char **argv) { int ret=1; - char buffer[200]; RSA *rsa=NULL; int i,num=DEFBITS; - long rnum=0,l; + long l; EVP_CIPHER *enc=NULL; unsigned long f4=RSA_F4; char *outfile=NULL; - char *inrand=NULL,*randfile; + char *inrand=NULL; BIO *out=NULL; apps_startup(); @@ -165,41 +162,19 @@ bad: } } -#ifdef WINDOWS - BIO_printf(bio_err,"Loading 'screen' into random state -"); - BIO_flush(bio_err); - RAND_screen(); - BIO_printf(bio_err," done\n"); -#endif - randfile=RAND_file_name(buffer,200); - if ((randfile == NULL) || - !(rnum=(long)RAND_load_file(randfile,1024L*1024L))) + if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) { - BIO_printf(bio_err,"unable to load 'random state'\n"); + BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); } - - if (inrand == NULL) - { - if (rnum == 0) - { - BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); - } - } - else - { - rnum+=gr_load_rand(inrand); - } - if (rnum != 0) - BIO_printf(bio_err,"%ld semi-random bytes loaded\n",rnum); + if (inrand != NULL) + BIO_printf(bio_err,"%ld semi-random bytes loaded\n", + app_RAND_load_files(inrand)); BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n", num); rsa=RSA_generate_key(num,f4,genrsa_cb,bio_err); - if (randfile == NULL) - BIO_printf(bio_err,"unable to write 'random state'\n"); - else - RAND_write_file(randfile); + app_RAND_write_file(NULL, bio_err); if (rsa == NULL) goto err; @@ -241,26 +216,4 @@ static void MS_CALLBACK genrsa_cb(int p, int n, void *arg) p=n; #endif } - -static long gr_load_rand(char *name) - { - char *p,*n; - int last; - long tot=0; - - for (;;) - { - last=0; - for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++); - if (*p == '\0') last=1; - *p='\0'; - n=name; - name=p+1; - if (*n == '\0') break; - - tot+=RAND_load_file(n,1024L*1024L); - if (last) break; - } - return(tot); - } #endif diff --git a/apps/progs.h b/apps/progs.h index 47a4d6b83b..422dcedfb9 100644 --- a/apps/progs.h +++ b/apps/progs.h @@ -73,14 +73,14 @@ FUNCTION functions[] = { #ifndef NO_DSA {FUNC_TYPE_GENERAL,"gendsa",gendsa_main}, #endif -#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3)) +#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3)) {FUNC_TYPE_GENERAL,"s_server",s_server_main}, #endif -#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3)) +#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3)) {FUNC_TYPE_GENERAL,"s_client",s_client_main}, #endif {FUNC_TYPE_GENERAL,"speed",speed_main}, -#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3)) +#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3)) {FUNC_TYPE_GENERAL,"s_time",s_time_main}, #endif {FUNC_TYPE_GENERAL,"version",version_main}, diff --git a/apps/progs.pl b/apps/progs.pl index 7a69fc7b18..ffcb8b696f 100644 --- a/apps/progs.pl +++ b/apps/progs.pl @@ -29,13 +29,15 @@ foreach (@ARGV) push(@files,$_); $str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n"; if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/)) - { print "#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))\n${str}#endif\n"; } + { print "#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3))\n${str}#endif\n"; } elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) ) { print "#ifndef NO_RSA\n${str}#endif\n"; } elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/)) { print "#ifndef NO_DSA\n${str}#endif\n"; } elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/)) { print "#ifndef NO_DH\n${str}#endif\n"; } + elsif ( ($_ =~ /^pkcs12$/)) + { print "#if !defined(NO_DES) && !defined(NO_SHA1)\n${str}#endif\n"; } else { print $str; } } diff --git a/apps/req.c b/apps/req.c index ce2e190b39..a945610f92 100644 --- a/apps/req.c +++ b/apps/req.c @@ -66,7 +66,6 @@ #include "apps.h" #include #include -#include #include #include #include @@ -501,25 +500,9 @@ bad: if (newreq && (pkey == NULL)) { - char *randfile; - char buffer[200]; - - if ((randfile=CONF_get_string(req_conf,SECTION,"RANDFILE")) == NULL) - randfile=RAND_file_name(buffer,200); -#ifdef WINDOWS - BIO_printf(bio_err,"Loading 'screen' into random state -"); - BIO_flush(bio_err); - RAND_screen(); - BIO_printf(bio_err," done\n"); -#endif - if ((randfile == NULL) || !RAND_load_file(randfile,1024L*1024L)) - { - BIO_printf(bio_err,"unable to load 'random state'\n"); - BIO_printf(bio_err,"What this means is that the random number generator has not been seeded\n"); - BIO_printf(bio_err,"with much random data.\n"); - BIO_printf(bio_err,"Consider setting the RANDFILE environment variable to point at a file that\n"); - BIO_printf(bio_err,"'random' data can be kept in.\n"); - } + char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE"); + app_RAND_load_file(randfile, bio_err, 0); + if (newkey <= 0) { newkey=(int)CONF_get_number(req_conf,SECTION,BITS); @@ -557,8 +540,7 @@ bad: } #endif - if ((randfile == NULL) || (RAND_write_file(randfile) == 0)) - BIO_printf(bio_err,"unable to write 'random state'\n"); + app_RAND_write_file(randfile, bio_err); if (pkey == NULL) goto end; diff --git a/apps/s_client.c b/apps/s_client.c index 6fcad17913..60a8728c9b 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -323,6 +323,8 @@ bad: goto end; } + app_RAND_load_file(NULL, bio_err, 0); + if (bio_c_out == NULL) { if (c_quiet) diff --git a/apps/s_server.c b/apps/s_server.c index ca22b2f2ca..a33e0ff147 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -583,6 +583,8 @@ bad: goto end; } + app_RAND_load_file(NULL, bio_err, 0); + if (bio_s_out == NULL) { if (s_quiet && !s_debug) diff --git a/apps/x509.c b/apps/x509.c index 9d2a0c8d2a..d88eb56c04 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#include #include #include #include @@ -161,6 +162,7 @@ int MAIN(int argc, char **argv) const EVP_MD *md_alg,*digest=EVP_md5(); LHASH *extconf = NULL; char *extsect = NULL, *extfile = NULL; + int need_rand = 0; reqfile=0; @@ -201,7 +203,10 @@ int MAIN(int argc, char **argv) keyformat=str2fmt(*(++argv)); } else if (strcmp(*argv,"-req") == 0) + { reqfile=1; + need_rand = 1; + } else if (strcmp(*argv,"-CAform") == 0) { if (--argc < 1) goto bad; @@ -247,6 +252,7 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; keyfile= *(++argv); sign_flag= ++num; + need_rand = 1; } else if (strcmp(*argv,"-CA") == 0) { @@ -320,6 +326,9 @@ bad: goto end; } + if (need_rand) + app_RAND_load_file(NULL, bio_err, 0); + ERR_load_crypto_strings(); X509V3_add_standard_extensions(); X509_PURPOSE_add_standard(); @@ -651,6 +660,7 @@ bad: digest=EVP_dss1(); #endif + assert(need_rand); if (!sign(x,Upkey,days,digest, extconf, extsect)) goto end; } @@ -667,6 +677,7 @@ bad: digest=EVP_dss1(); #endif + assert(need_rand); if (!x509_certify(ctx,CAfile,digest,x,xca, CApkey, CAserial,CA_createserial,days, extconf, extsect)) @@ -742,6 +753,8 @@ bad: } ret=0; end: + if (need_rand) + app_RAND_write_file(NULL, bio_err); OBJ_cleanup(); CONF_free(extconf); BIO_free(out); diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c index e1ed4e3a98..942a963e83 100644 --- a/crypto/rand/randfile.c +++ b/crypto/rand/randfile.c @@ -78,7 +78,7 @@ #define BUFSIZE 1024 #define RAND_DATA 1024 -/* #define RFILE ".rand" - defined in ../../e_os.h */ +/* #define RFILE ".rnd" - defined in ../../e_os.h */ int RAND_load_file(const char *file, long bytes) { @@ -119,7 +119,7 @@ int RAND_write_file(const char *file) { unsigned char buf[BUFSIZE]; int i,ret=0; - FILE *out; + FILE *out = NULL; int n; /* Under VMS, fopen(file, "wb") will create a new version of the @@ -130,12 +130,22 @@ int RAND_write_file(const char *file) out=fopen(file,"rb+"); if (out == NULL #ifdef ENOENT - && errno == ENOENT + && errno == ENOENT #endif ) { errno = 0; +#if defined O_CREAT && defined O_EXCL + /* chmod(..., 0600) is too late to protect the file, + * permissions should be restrictive from the start */ + { + int fd = open(file, O_CREAT | O_EXCL, 0600); + if (fd != -1) + out = fdopen(fd, "wb"); + } +#else out=fopen(file,"wb"); +#endif } if (out == NULL) goto err; #ifndef NO_CHMOD