X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=crypto%2Frand%2Frandfile.c;h=ba121eefbf09ddd05066b9e8c071e86bab7137e3;hb=2459dc1bd09468c83f1767b6b6a1ddc45ba60d36;hp=4005f7805e66d60d8b0c6b1294b6996cc0c2098e;hpb=1ef454181394b474ed590c551f659b4ce11aa093;p=oweals%2Fopenssl.git diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c index 4005f7805e..ba121eefbf 100644 --- a/crypto/rand/randfile.c +++ b/crypto/rand/randfile.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -16,17 +16,26 @@ #include #include +#include #include #ifdef OPENSSL_SYS_VMS # include #endif -#ifndef NO_SYS_TYPES_H -# include -#endif +#include #ifndef OPENSSL_NO_POSIX_IO # include # include +# ifdef _WIN32 +# include +# include +# define stat _stat +# define chmod _chmod +# define open _open +# define fdopen _fdopen +# define fstat _fstat +# define fileno _fileno +# endif #endif /* @@ -40,14 +49,7 @@ # define S_ISREG(m) ((m) & S_IFREG) # endif -#ifdef _WIN32 -# define stat _stat -# define chmod _chmod -# define open _open -# define fdopen _fdopen -#endif - -#define RAND_FILE_SIZE 1024 +#define RAND_BUF_SIZE 1024 #define RFILE ".rnd" #ifdef OPENSSL_SYS_VMS @@ -73,7 +75,16 @@ static __FILE_ptr32 (*const vms_fopen)(const char *, const char *, ...) = */ int RAND_load_file(const char *file, long bytes) { - unsigned char buf[RAND_FILE_SIZE]; + /* + * The load buffer size exceeds the chunk size by the comfortable amount + * of 'RAND_DRBG_STRENGTH' bytes (not bits!). This is done on purpose + * to avoid calling RAND_add() with a small final chunk. Instead, such + * a small final chunk will be added together with the previous chunk + * (unless it's the only one). + */ +#define RAND_LOAD_BUF_SIZE (RAND_BUF_SIZE + RAND_DRBG_STRENGTH) + unsigned char buf[RAND_LOAD_BUF_SIZE]; + #ifndef OPENSSL_NO_POSIX_IO struct stat sb; #endif @@ -83,27 +94,64 @@ int RAND_load_file(const char *file, long bytes) if (bytes == 0) return 0; -#ifndef OPENSSL_NO_POSIX_IO - if (stat(file, &sb) < 0 || !S_ISREG(sb.st_mode)) { - RANDerr(RAND_F_RAND_LOAD_FILE, RAND_R_NOT_A_REGULAR_FILE); + if ((in = openssl_fopen(file, "rb")) == NULL) { + RANDerr(RAND_F_RAND_LOAD_FILE, RAND_R_CANNOT_OPEN_FILE); ERR_add_error_data(2, "Filename=", file); return -1; } -#endif - if ((in = openssl_fopen(file, "rb")) == NULL) { - RANDerr(RAND_F_RAND_LOAD_FILE, RAND_R_CANNOT_OPEN_FILE); + +#ifndef OPENSSL_NO_POSIX_IO + if (fstat(fileno(in), &sb) < 0) { + RANDerr(RAND_F_RAND_LOAD_FILE, RAND_R_INTERNAL_ERROR); ERR_add_error_data(2, "Filename=", file); + fclose(in); return -1; } + if (bytes < 0) { + if (S_ISREG(sb.st_mode)) + bytes = sb.st_size; + else + bytes = RAND_DRBG_STRENGTH; + } +#endif + /* + * On VMS, setbuf() will only take 32-bit pointers, and a compilation + * with /POINTER_SIZE=64 will give off a MAYLOSEDATA2 warning here. + * However, we trust that the C RTL will never give us a FILE pointer + * above the first 4 GB of memory, so we simply turn off the warning + * temporarily. + */ +#if defined(OPENSSL_SYS_VMS) && defined(__DECC) +# pragma environment save +# pragma message disable maylosedata2 +#endif + /* + * Don't buffer, because even if |file| is regular file, we have + * no control over the buffer, so why would we want a copy of its + * contents lying around? + */ + setbuf(in, NULL); +#if defined(OPENSSL_SYS_VMS) && defined(__DECC) +# pragma environment restore +#endif + for ( ; ; ) { if (bytes > 0) - n = (bytes < RAND_FILE_SIZE) ? (int)bytes : RAND_FILE_SIZE; + n = (bytes <= RAND_LOAD_BUF_SIZE) ? (int)bytes : RAND_BUF_SIZE; else - n = RAND_FILE_SIZE; + n = RAND_LOAD_BUF_SIZE; i = fread(buf, 1, n, in); - if (i <= 0) +#ifdef EINTR + if (ferror(in) && errno == EINTR){ + clearerr(in); + if (i == 0) + continue; + } +#endif + if (i == 0) break; + RAND_add(buf, i, (double)i); ret += i; @@ -114,12 +162,18 @@ int RAND_load_file(const char *file, long bytes) OPENSSL_cleanse(buf, sizeof(buf)); fclose(in); + if (!RAND_status()) { + RANDerr(RAND_F_RAND_LOAD_FILE, RAND_R_RESEED_ERROR); + ERR_add_error_data(2, "Filename=", file); + return -1; + } + return ret; } int RAND_write_file(const char *file) { - unsigned char buf[RAND_FILE_SIZE]; + unsigned char buf[RAND_BUF_SIZE]; int ret = -1; FILE *out = NULL; #ifndef OPENSSL_NO_POSIX_IO @@ -133,7 +187,7 @@ int RAND_write_file(const char *file) #endif /* Collect enough random data. */ - if (RAND_bytes(buf, (int)sizeof(buf)) != 1) + if (RAND_priv_bytes(buf, (int)sizeof(buf)) != 1) return -1; #if defined(O_CREAT) && !defined(OPENSSL_NO_POSIX_IO) && \ @@ -175,8 +229,11 @@ int RAND_write_file(const char *file) if (out == NULL) out = openssl_fopen(file, "wb"); - if (out == NULL) + if (out == NULL) { + RANDerr(RAND_F_RAND_WRITE_FILE, RAND_R_CANNOT_OPEN_FILE); + ERR_add_error_data(2, "Filename=", file); return -1; + } #if !defined(NO_CHMOD) && !defined(OPENSSL_NO_POSIX_IO) /* @@ -185,9 +242,9 @@ int RAND_write_file(const char *file) chmod(file, 0600); #endif - ret = fwrite(buf, 1, RAND_FILE_SIZE, out); + ret = fwrite(buf, 1, RAND_BUF_SIZE, out); fclose(out); - OPENSSL_cleanse(buf, RAND_FILE_SIZE); + OPENSSL_cleanse(buf, RAND_BUF_SIZE); return ret; } @@ -197,7 +254,7 @@ const char *RAND_file_name(char *buf, size_t size) size_t len; int use_randfile = 1; -#if defined(_WIN32) && defined(CP_UTF8) +#if defined(_WIN32) && defined(CP_UTF8) && !defined(_WIN32_WCE) DWORD envlen; WCHAR *var; @@ -225,11 +282,9 @@ const char *RAND_file_name(char *buf, size_t size) } } #else - if (OPENSSL_issetugid() != 0) { - use_randfile = 0; - } else if ((s = getenv("RANDFILE")) == NULL || *s == '\0') { + if ((s = ossl_safe_getenv("RANDFILE")) == NULL || *s == '\0') { use_randfile = 0; - s = getenv("HOME"); + s = ossl_safe_getenv("HOME"); } #endif