randfile.c revision 296341
1/* crypto/rand/randfile.c */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59/* We need to define this to get macros like S_IFBLK and S_IFCHR */ 60#if !defined(OPENSSL_SYS_VXWORKS) 61# define _XOPEN_SOURCE 500 62#endif 63 64#include <errno.h> 65#include <stdio.h> 66#include <stdlib.h> 67#include <string.h> 68 69#include "e_os.h" 70#include <openssl/crypto.h> 71#include <openssl/rand.h> 72#include <openssl/buffer.h> 73 74#ifdef OPENSSL_SYS_VMS 75# include <unixio.h> 76#endif 77#ifndef NO_SYS_TYPES_H 78# include <sys/types.h> 79#endif 80#ifndef OPENSSL_NO_POSIX_IO 81# include <sys/stat.h> 82# include <fcntl.h> 83#endif 84 85#ifdef _WIN32 86# define stat _stat 87# define chmod _chmod 88# define open _open 89# define fdopen _fdopen 90#endif 91 92#undef BUFSIZE 93#define BUFSIZE 1024 94#define RAND_DATA 1024 95 96#ifdef OPENSSL_SYS_VMS 97/* 98 * This declaration is a nasty hack to get around vms' extension to fopen for 99 * passing in sharing options being disabled by our /STANDARD=ANSI89 100 */ 101static FILE *(*const vms_fopen)(const char *, const char *, ...) = 102 (FILE *(*)(const char *, const char *, ...))fopen; 103# define VMS_OPEN_ATTRS "shr=get,put,upd,del","ctx=bin,stm","rfm=stm","rat=none","mrs=0" 104#endif 105 106/* #define RFILE ".rnd" - defined in ../../e_os.h */ 107 108/* 109 * Note that these functions are intended for seed files only. Entropy 110 * devices and EGD sockets are handled in rand_unix.c 111 */ 112 113int RAND_load_file(const char *file, long bytes) 114{ 115 /*- 116 * If bytes >= 0, read up to 'bytes' bytes. 117 * if bytes == -1, read complete file. 118 */ 119 120 MS_STATIC unsigned char buf[BUFSIZE]; 121#ifndef OPENSSL_NO_POSIX_IO 122 struct stat sb; 123#endif 124 int i, ret = 0, n; 125 FILE *in; 126 127 if (file == NULL) 128 return (0); 129 130#ifndef OPENSSL_NO_POSIX_IO 131# ifdef PURIFY 132 /* 133 * struct stat can have padding and unused fields that may not be 134 * initialized in the call to stat(). We need to clear the entire 135 * structure before calling RAND_add() to avoid complaints from 136 * applications such as Valgrind. 137 */ 138 memset(&sb, 0, sizeof(sb)); 139# endif 140 if (stat(file, &sb) < 0) 141 return (0); 142 RAND_add(&sb, sizeof(sb), 0.0); 143#endif 144 if (bytes == 0) 145 return (ret); 146 147#ifdef OPENSSL_SYS_VMS 148 in = vms_fopen(file, "rb", VMS_OPEN_ATTRS); 149#else 150 in = fopen(file, "rb"); 151#endif 152 if (in == NULL) 153 goto err; 154#if defined(S_IFBLK) && defined(S_IFCHR) && !defined(OPENSSL_NO_POSIX_IO) 155 if (sb.st_mode & (S_IFBLK | S_IFCHR)) { 156 /* 157 * this file is a device. we don't want read an infinite number of 158 * bytes from a random device, nor do we want to use buffered I/O 159 * because we will waste system entropy. 160 */ 161 bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */ 162# ifndef OPENSSL_NO_SETVBUF_IONBF 163 setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */ 164# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */ 165 } 166#endif 167 for (;;) { 168 if (bytes > 0) 169 n = (bytes < BUFSIZE) ? (int)bytes : BUFSIZE; 170 else 171 n = BUFSIZE; 172 i = fread(buf, 1, n, in); 173 if (i <= 0) 174 break; 175#ifdef PURIFY 176 RAND_add(buf, i, (double)i); 177#else 178 /* even if n != i, use the full array */ 179 RAND_add(buf, n, (double)i); 180#endif 181 ret += i; 182 if (bytes > 0) { 183 bytes -= n; 184 if (bytes <= 0) 185 break; 186 } 187 } 188 fclose(in); 189 OPENSSL_cleanse(buf, BUFSIZE); 190 err: 191 return (ret); 192} 193 194int RAND_write_file(const char *file) 195{ 196 unsigned char buf[BUFSIZE]; 197 int i, ret = 0, rand_err = 0; 198 FILE *out = NULL; 199 int n; 200#ifndef OPENSSL_NO_POSIX_IO 201 struct stat sb; 202 203 i = stat(file, &sb); 204 if (i != -1) { 205# if defined(S_ISBLK) && defined(S_ISCHR) 206 if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) { 207 /* 208 * this file is a device. we don't write back to it. we 209 * "succeed" on the assumption this is some sort of random 210 * device. Otherwise attempting to write to and chmod the device 211 * causes problems. 212 */ 213 return (1); 214 } 215# endif 216 } 217#endif 218 219#if defined(O_CREAT) && !defined(OPENSSL_NO_POSIX_IO) && !defined(OPENSSL_SYS_VMS) 220 { 221# ifndef O_BINARY 222# define O_BINARY 0 223# endif 224 /* 225 * chmod(..., 0600) is too late to protect the file, permissions 226 * should be restrictive from the start 227 */ 228 int fd = open(file, O_WRONLY | O_CREAT | O_BINARY, 0600); 229 if (fd != -1) 230 out = fdopen(fd, "wb"); 231 } 232#endif 233 234#ifdef OPENSSL_SYS_VMS 235 /* 236 * VMS NOTE: Prior versions of this routine created a _new_ version of 237 * the rand file for each call into this routine, then deleted all 238 * existing versions named ;-1, and finally renamed the current version 239 * as ';1'. Under concurrent usage, this resulted in an RMS race 240 * condition in rename() which could orphan files (see vms message help 241 * for RMS$_REENT). With the fopen() calls below, openssl/VMS now shares 242 * the top-level version of the rand file. Note that there may still be 243 * conditions where the top-level rand file is locked. If so, this code 244 * will then create a new version of the rand file. Without the delete 245 * and rename code, this can result in ascending file versions that stop 246 * at version 32767, and this routine will then return an error. The 247 * remedy for this is to recode the calling application to avoid 248 * concurrent use of the rand file, or synchronize usage at the 249 * application level. Also consider whether or not you NEED a persistent 250 * rand file in a concurrent use situation. 251 */ 252 253 out = vms_fopen(file, "rb+", VMS_OPEN_ATTRS); 254 if (out == NULL) 255 out = vms_fopen(file, "wb", VMS_OPEN_ATTRS); 256#else 257 if (out == NULL) 258 out = fopen(file, "wb"); 259#endif 260 if (out == NULL) 261 goto err; 262 263#ifndef NO_CHMOD 264 chmod(file, 0600); 265#endif 266 n = RAND_DATA; 267 for (;;) { 268 i = (n > BUFSIZE) ? BUFSIZE : n; 269 n -= BUFSIZE; 270 if (RAND_bytes(buf, i) <= 0) 271 rand_err = 1; 272 i = fwrite(buf, 1, i, out); 273 if (i <= 0) { 274 ret = 0; 275 break; 276 } 277 ret += i; 278 if (n <= 0) 279 break; 280 } 281 282 fclose(out); 283 OPENSSL_cleanse(buf, BUFSIZE); 284 err: 285 return (rand_err ? -1 : ret); 286} 287 288const char *RAND_file_name(char *buf, size_t size) 289{ 290 char *s = NULL; 291#ifdef __OpenBSD__ 292 struct stat sb; 293#endif 294 295 if (OPENSSL_issetugid() == 0) 296 s = getenv("RANDFILE"); 297 if (s != NULL && *s && strlen(s) + 1 < size) { 298 if (BUF_strlcpy(buf, s, size) >= size) 299 return NULL; 300 } else { 301 if (OPENSSL_issetugid() == 0) 302 s = getenv("HOME"); 303#ifdef DEFAULT_HOME 304 if (s == NULL) { 305 s = DEFAULT_HOME; 306 } 307#endif 308 if (s && *s && strlen(s) + strlen(RFILE) + 2 < size) { 309 BUF_strlcpy(buf, s, size); 310#ifndef OPENSSL_SYS_VMS 311 BUF_strlcat(buf, "/", size); 312#endif 313 BUF_strlcat(buf, RFILE, size); 314 } else 315 buf[0] = '\0'; /* no file name */ 316 } 317 318#ifdef __OpenBSD__ 319 /* 320 * given that all random loads just fail if the file can't be seen on a 321 * stat, we stat the file we're returning, if it fails, use /dev/arandom 322 * instead. this allows the user to use their own source for good random 323 * data, but defaults to something hopefully decent if that isn't 324 * available. 325 */ 326 327 if (!buf[0]) 328 if (BUF_strlcpy(buf, "/dev/arandom", size) >= size) { 329 return (NULL); 330 } 331 if (stat(buf, &sb) == -1) 332 if (BUF_strlcpy(buf, "/dev/arandom", size) >= size) { 333 return (NULL); 334 } 335#endif 336 return (buf); 337} 338