]>
Commit | Line | Data |
---|---|---|
b1322259 | 1 | /* |
3c2bdd7d | 2 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. |
d02b48c6 | 3 | * |
0db63de9 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
b1322259 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
d02b48c6 RE |
8 | */ |
9 | ||
650c6687 RB |
10 | #if defined (__TANDEM) && defined (_SPT_MODEL_) |
11 | /* | |
12 | * These definitions have to come first in SPT due to scoping of the | |
13 | * declarations in c99 associated with SPT use of stat. | |
14 | */ | |
15 | # include <sys/types.h> | |
16 | # include <sys/stat.h> | |
17 | #endif | |
18 | ||
fc6076ca | 19 | #include "internal/cryptlib.h" |
ffbfbef9 | 20 | |
7d7d2cbc | 21 | #include <errno.h> |
d02b48c6 | 22 | #include <stdio.h> |
a224de3f BL |
23 | #include <stdlib.h> |
24 | #include <string.h> | |
17e3dd1c | 25 | |
4981372d RL |
26 | #include <openssl/crypto.h> |
27 | #include <openssl/rand.h> | |
de02ec27 | 28 | #include <openssl/buffer.h> |
4981372d | 29 | |
bc36ee62 | 30 | #ifdef OPENSSL_SYS_VMS |
0f113f3e | 31 | # include <unixio.h> |
668ba7d6 | 32 | #endif |
b379fe6c | 33 | #include <sys/types.h> |
49e3c9d8 | 34 | #ifndef OPENSSL_NO_POSIX_IO |
17f389bb | 35 | # include <sys/stat.h> |
7be1d876 | 36 | # include <fcntl.h> |
c35b8535 | 37 | # if defined(_WIN32) && !defined(_WIN32_WCE) |
9d9dc6ac | 38 | # include <windows.h> |
3a63c0ed | 39 | # include <io.h> |
9d9dc6ac AP |
40 | # define stat _stat |
41 | # define chmod _chmod | |
42 | # define open _open | |
43 | # define fdopen _fdopen | |
242fcd69 AP |
44 | # define fstat _fstat |
45 | # define fileno _fileno | |
3a63c0ed | 46 | # endif |
9ee344f5 RS |
47 | #endif |
48 | ||
2e6d7799 AP |
49 | /* |
50 | * Following should not be needed, and we could have been stricter | |
51 | * and demand S_IS*. But some systems just don't comply... Formally | |
52 | * below macros are "anatomically incorrect", because normally they | |
53 | * would look like ((m) & MASK == TYPE), but since MASK availability | |
54 | * is as questionable, we settle for this poor-man fallback... | |
55 | */ | |
9ee344f5 RS |
56 | # if !defined(S_ISREG) |
57 | # define S_ISREG(m) ((m) & S_IFREG) | |
2e6d7799 | 58 | # endif |
17f389bb | 59 | |
6ec6448b | 60 | #define RAND_BUF_SIZE 1024 |
1ef45418 | 61 | #define RFILE ".rnd" |
d02b48c6 | 62 | |
e6b45785 | 63 | #ifdef OPENSSL_SYS_VMS |
8ff889c2 | 64 | /* |
8ff889c2 RL |
65 | * __FILE_ptr32 is a type provided by DEC C headers (types.h specifically) |
66 | * to make sure the FILE* is a 32-bit pointer no matter what. We know that | |
1ef45418 RS |
67 | * stdio functions return this type (a study of stdio.h proves it). |
68 | * | |
0f113f3e | 69 | * This declaration is a nasty hack to get around vms' extension to fopen for |
8ff889c2 | 70 | * passing in sharing options being disabled by /STANDARD=ANSI89 |
0f113f3e | 71 | */ |
8ff889c2 | 72 | static __FILE_ptr32 (*const vms_fopen)(const char *, const char *, ...) = |
9ee344f5 RS |
73 | (__FILE_ptr32 (*)(const char *, const char *, ...))fopen; |
74 | # define VMS_OPEN_ATTRS \ | |
75 | "shr=get,put,upd,del","ctx=bin,stm","rfm=stm","rat=none","mrs=0" | |
1ef45418 | 76 | # define openssl_fopen(fname, mode) vms_fopen((fname), (mode), VMS_OPEN_ATTRS) |
e6b45785 AP |
77 | #endif |
78 | ||
0f113f3e MC |
79 | /* |
80 | * Note that these functions are intended for seed files only. Entropy | |
9ee344f5 RS |
81 | * devices and EGD sockets are handled in rand_unix.c If |bytes| is |
82 | * -1 read the complete file; otherwise read the specified amount. | |
0f113f3e | 83 | */ |
6b691a5c | 84 | int RAND_load_file(const char *file, long bytes) |
0f113f3e | 85 | { |
6ec6448b DMSP |
86 | /* |
87 | * The load buffer size exceeds the chunk size by the comfortable amount | |
88 | * of 'RAND_DRBG_STRENGTH' bytes (not bits!). This is done on purpose | |
89 | * to avoid calling RAND_add() with a small final chunk. Instead, such | |
90 | * a small final chunk will be added together with the previous chunk | |
91 | * (unless it's the only one). | |
92 | */ | |
93 | #define RAND_LOAD_BUF_SIZE (RAND_BUF_SIZE + RAND_DRBG_STRENGTH) | |
94 | unsigned char buf[RAND_LOAD_BUF_SIZE]; | |
95 | ||
49e3c9d8 | 96 | #ifndef OPENSSL_NO_POSIX_IO |
0f113f3e | 97 | struct stat sb; |
49e3c9d8 | 98 | #endif |
9ee344f5 RS |
99 | int i, n, ret = 0; |
100 | FILE *in; | |
fc6076ca AP |
101 | |
102 | if (bytes == 0) | |
9ee344f5 | 103 | return 0; |
d02b48c6 | 104 | |
242fcd69 | 105 | if ((in = openssl_fopen(file, "rb")) == NULL) { |
a150f8e1 RL |
106 | ERR_raise_data(ERR_LIB_RAND, RAND_R_CANNOT_OPEN_FILE, |
107 | "Filename=%s", file); | |
9ee344f5 RS |
108 | return -1; |
109 | } | |
242fcd69 AP |
110 | |
111 | #ifndef OPENSSL_NO_POSIX_IO | |
112 | if (fstat(fileno(in), &sb) < 0) { | |
a150f8e1 RL |
113 | ERR_raise_data(ERR_LIB_RAND, RAND_R_INTERNAL_ERROR, |
114 | "Filename=%s", file); | |
b791355b | 115 | fclose(in); |
9ee344f5 RS |
116 | return -1; |
117 | } | |
118 | ||
6ec6448b DMSP |
119 | if (bytes < 0) { |
120 | if (S_ISREG(sb.st_mode)) | |
040a0347 | 121 | bytes = sb.st_size; |
6ec6448b DMSP |
122 | else |
123 | bytes = RAND_DRBG_STRENGTH; | |
124 | } | |
5848be04 RL |
125 | #endif |
126 | /* | |
127 | * On VMS, setbuf() will only take 32-bit pointers, and a compilation | |
128 | * with /POINTER_SIZE=64 will give off a MAYLOSEDATA2 warning here. | |
129 | * However, we trust that the C RTL will never give us a FILE pointer | |
130 | * above the first 4 GB of memory, so we simply turn off the warning | |
131 | * temporarily. | |
132 | */ | |
133 | #if defined(OPENSSL_SYS_VMS) && defined(__DECC) | |
134 | # pragma environment save | |
135 | # pragma message disable maylosedata2 | |
242fcd69 AP |
136 | #endif |
137 | /* | |
138 | * Don't buffer, because even if |file| is regular file, we have | |
139 | * no control over the buffer, so why would we want a copy of its | |
140 | * contents lying around? | |
141 | */ | |
142 | setbuf(in, NULL); | |
5848be04 RL |
143 | #if defined(OPENSSL_SYS_VMS) && defined(__DECC) |
144 | # pragma environment restore | |
145 | #endif | |
242fcd69 | 146 | |
1287dabd | 147 | for (;;) { |
0f113f3e | 148 | if (bytes > 0) |
6ec6448b | 149 | n = (bytes <= RAND_LOAD_BUF_SIZE) ? (int)bytes : RAND_BUF_SIZE; |
0f113f3e | 150 | else |
6ec6448b | 151 | n = RAND_LOAD_BUF_SIZE; |
0f113f3e | 152 | i = fread(buf, 1, n, in); |
242fcd69 | 153 | #ifdef EINTR |
1287dabd | 154 | if (ferror(in) && errno == EINTR) { |
242fcd69 AP |
155 | clearerr(in); |
156 | if (i == 0) | |
157 | continue; | |
158 | } | |
159 | #endif | |
160 | if (i == 0) | |
0f113f3e | 161 | break; |
242fcd69 | 162 | |
0f113f3e | 163 | RAND_add(buf, i, (double)i); |
0f113f3e | 164 | ret += i; |
9ee344f5 RS |
165 | |
166 | /* If given a bytecount, and we did it, break. */ | |
167 | if (bytes > 0 && (bytes -= i) <= 0) | |
168 | break; | |
0f113f3e | 169 | } |
9ee344f5 RS |
170 | |
171 | OPENSSL_cleanse(buf, sizeof(buf)); | |
172 | fclose(in); | |
ec2d099f | 173 | if (!RAND_status()) { |
a150f8e1 | 174 | ERR_raise_data(ERR_LIB_RAND, RAND_R_RESEED_ERROR, "Filename=%s", file); |
ec2d099f DMSP |
175 | return -1; |
176 | } | |
177 | ||
fc6076ca | 178 | return ret; |
0f113f3e | 179 | } |
d02b48c6 | 180 | |
6b691a5c | 181 | int RAND_write_file(const char *file) |
0f113f3e | 182 | { |
6ec6448b | 183 | unsigned char buf[RAND_BUF_SIZE]; |
9ee344f5 | 184 | int ret = -1; |
0f113f3e | 185 | FILE *out = NULL; |
49e3c9d8 | 186 | #ifndef OPENSSL_NO_POSIX_IO |
9ee344f5 | 187 | struct stat sb; |
0f113f3e | 188 | |
9ee344f5 | 189 | if (stat(file, &sb) >= 0 && !S_ISREG(sb.st_mode)) { |
a150f8e1 RL |
190 | ERR_raise_data(ERR_LIB_RAND, RAND_R_NOT_A_REGULAR_FILE, |
191 | "Filename=%s", file); | |
9ee344f5 RS |
192 | return -1; |
193 | } | |
8bd62abe | 194 | #endif |
de02ec27 | 195 | |
9ee344f5 | 196 | /* Collect enough random data. */ |
4cffafe9 | 197 | if (RAND_priv_bytes(buf, (int)sizeof(buf)) != 1) |
9ee344f5 RS |
198 | return -1; |
199 | ||
fc6076ca AP |
200 | #if defined(O_CREAT) && !defined(OPENSSL_NO_POSIX_IO) && \ |
201 | !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS) | |
0f113f3e MC |
202 | { |
203 | # ifndef O_BINARY | |
204 | # define O_BINARY 0 | |
205 | # endif | |
206 | /* | |
207 | * chmod(..., 0600) is too late to protect the file, permissions | |
208 | * should be restrictive from the start | |
209 | */ | |
210 | int fd = open(file, O_WRONLY | O_CREAT | O_BINARY, 0600); | |
211 | if (fd != -1) | |
212 | out = fdopen(fd, "wb"); | |
213 | } | |
17f389bb | 214 | #endif |
e6b45785 AP |
215 | |
216 | #ifdef OPENSSL_SYS_VMS | |
0f113f3e MC |
217 | /* |
218 | * VMS NOTE: Prior versions of this routine created a _new_ version of | |
219 | * the rand file for each call into this routine, then deleted all | |
220 | * existing versions named ;-1, and finally renamed the current version | |
221 | * as ';1'. Under concurrent usage, this resulted in an RMS race | |
222 | * condition in rename() which could orphan files (see vms message help | |
223 | * for RMS$_REENT). With the fopen() calls below, openssl/VMS now shares | |
224 | * the top-level version of the rand file. Note that there may still be | |
225 | * conditions where the top-level rand file is locked. If so, this code | |
226 | * will then create a new version of the rand file. Without the delete | |
227 | * and rename code, this can result in ascending file versions that stop | |
228 | * at version 32767, and this routine will then return an error. The | |
229 | * remedy for this is to recode the calling application to avoid | |
230 | * concurrent use of the rand file, or synchronize usage at the | |
231 | * application level. Also consider whether or not you NEED a persistent | |
232 | * rand file in a concurrent use situation. | |
233 | */ | |
fc6076ca | 234 | out = openssl_fopen(file, "rb+"); |
06593767 | 235 | #endif |
9ee344f5 | 236 | |
0f113f3e | 237 | if (out == NULL) |
fc6076ca | 238 | out = openssl_fopen(file, "wb"); |
3ee1eac2 | 239 | if (out == NULL) { |
a150f8e1 RL |
240 | ERR_raise_data(ERR_LIB_RAND, RAND_R_CANNOT_OPEN_FILE, |
241 | "Filename=%s", file); | |
9ee344f5 | 242 | return -1; |
3ee1eac2 | 243 | } |
e84c2d26 | 244 | |
3012e650 | 245 | #if !defined(NO_CHMOD) && !defined(OPENSSL_NO_POSIX_IO) |
9ee344f5 RS |
246 | /* |
247 | * Yes it's late to do this (see above comment), but better than nothing. | |
248 | */ | |
0f113f3e | 249 | chmod(file, 0600); |
17f389bb | 250 | #endif |
ce052b6c | 251 | |
6ec6448b | 252 | ret = fwrite(buf, 1, RAND_BUF_SIZE, out); |
0f113f3e | 253 | fclose(out); |
6ec6448b | 254 | OPENSSL_cleanse(buf, RAND_BUF_SIZE); |
9ee344f5 | 255 | return ret; |
0f113f3e | 256 | } |
d02b48c6 | 257 | |
627774fd | 258 | const char *RAND_file_name(char *buf, size_t size) |
0f113f3e MC |
259 | { |
260 | char *s = NULL; | |
9ee344f5 | 261 | size_t len; |
fc6076ca | 262 | int use_randfile = 1; |
d02b48c6 | 263 | |
3d098890 | 264 | #if defined(_WIN32) && defined(CP_UTF8) && !defined(_WIN32_WCE) |
9ee344f5 RS |
265 | DWORD envlen; |
266 | WCHAR *var; | |
267 | ||
268 | /* Look up various environment variables. */ | |
269 | if ((envlen = GetEnvironmentVariableW(var = L"RANDFILE", NULL, 0)) == 0) { | |
270 | use_randfile = 0; | |
271 | if ((envlen = GetEnvironmentVariableW(var = L"HOME", NULL, 0)) == 0 | |
272 | && (envlen = GetEnvironmentVariableW(var = L"USERPROFILE", | |
273 | NULL, 0)) == 0) | |
274 | envlen = GetEnvironmentVariableW(var = L"SYSTEMROOT", NULL, 0); | |
fc6076ca AP |
275 | } |
276 | ||
9ee344f5 RS |
277 | /* If we got a value, allocate space to hold it and then get it. */ |
278 | if (envlen != 0) { | |
fc6076ca | 279 | int sz; |
9ee344f5 | 280 | WCHAR *val = _alloca(envlen * sizeof(WCHAR)); |
fc6076ca | 281 | |
9ee344f5 RS |
282 | if (GetEnvironmentVariableW(var, val, envlen) < envlen |
283 | && (sz = WideCharToMultiByte(CP_UTF8, 0, val, -1, NULL, 0, | |
284 | NULL, NULL)) != 0) { | |
fc6076ca AP |
285 | s = _alloca(sz); |
286 | if (WideCharToMultiByte(CP_UTF8, 0, val, -1, s, sz, | |
287 | NULL, NULL) == 0) | |
288 | s = NULL; | |
13c03c8d | 289 | } |
fc6076ca | 290 | } |
13c03c8d | 291 | #else |
5c39a55d | 292 | if ((s = ossl_safe_getenv("RANDFILE")) == NULL || *s == '\0') { |
fc6076ca | 293 | use_randfile = 0; |
5c39a55d | 294 | s = ossl_safe_getenv("HOME"); |
fc6076ca | 295 | } |
13c03c8d | 296 | #endif |
9ee344f5 | 297 | |
f0b54fef | 298 | #ifdef DEFAULT_HOME |
9ee344f5 | 299 | if (!use_randfile && s == NULL) |
fc6076ca | 300 | s = DEFAULT_HOME; |
f0b54fef | 301 | #endif |
9ee344f5 RS |
302 | if (s == NULL || *s == '\0') |
303 | return NULL; | |
304 | ||
305 | len = strlen(s); | |
306 | if (use_randfile) { | |
307 | if (len + 1 >= size) | |
308 | return NULL; | |
309 | strcpy(buf, s); | |
310 | } else { | |
311 | if (len + 1 + strlen(RFILE) + 1 >= size) | |
312 | return NULL; | |
313 | strcpy(buf, s); | |
bc36ee62 | 314 | #ifndef OPENSSL_SYS_VMS |
9ee344f5 | 315 | strcat(buf, "/"); |
7d7d2cbc | 316 | #endif |
9ee344f5 | 317 | strcat(buf, RFILE); |
0f113f3e | 318 | } |
de02ec27 | 319 | |
9ee344f5 | 320 | return buf; |
0f113f3e | 321 | } |