diff options
| author | Rich Salz <rsalz@akamai.com> | 2015-05-02 10:01:33 -0400 |
|---|---|---|
| committer | Rich Salz <rsalz@openssl.org> | 2015-06-15 18:26:56 -0400 |
| commit | 3b061a00e39d2e4ad524ff01cbdc0c53fe8171ee (patch) | |
| tree | 0389af5c46f6c56ab6f88c737f55aa07493dfd39 /apps/openssl.c | |
| parent | d31fb0b5b341aa7883b487d07e6a56d216224e25 (diff) | |
RT2547: Tighten perms on generated privkey files
When generating a private key, try to make the output file be readable
only by the owner. Put it in CHANGES file since it might be noticeable.
Add "int private" flag to apps that write private keys, and check that it's
set whenever we do write a private key. Checked via assert so that this
bug (security-related) gets fixed. Thanks to Viktor for help in tracing
the code-paths where private keys are written.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Diffstat (limited to 'apps/openssl.c')
| -rw-r--r-- | apps/openssl.c | 71 |
1 files changed, 68 insertions, 3 deletions
diff --git a/apps/openssl.c b/apps/openssl.c index 911772649a..7c202cf8d1 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -122,13 +122,23 @@ #ifndef OPENSSL_NO_ENGINE # include <openssl/engine.h> #endif -/* needed for the _O_BINARY defs in the MS world */ -#define USE_SOCKETS -#include "s_apps.h" #include <openssl/err.h> #ifdef OPENSSL_FIPS # include <openssl/fips.h> #endif +#define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */ +#include "s_apps.h" +/* Needed to get the other O_xxx flags. */ +#ifdef OPENSSL_SYS_VMS +# include <unixio.h> +#endif +#ifndef NO_SYS_TYPES_H +# include <sys/types.h> +#endif +#ifndef OPENSSL_NO_POSIX_IO +# include <sys/stat.h> +# include <fcntl.h> +#endif #define INCLUDE_FUNCTION_TABLE #include "apps.h" @@ -289,6 +299,59 @@ void unbuffer(FILE *fp) setbuf(fp, NULL); } +/* + * Open a file for writing, owner-read-only. + */ +BIO *bio_open_owner(const char *filename, const char *modestr, int private) +{ + FILE *fp = NULL; + BIO *b = NULL; + int fd = -1, bflags, mode, binmode; + + if (!private || filename == NULL || strcmp(filename, "-") == 0) + return bio_open_default(filename, modestr); + + mode = O_WRONLY; +#ifdef O_CREAT + mode |= O_CREAT; +#endif +#ifdef O_TRUNC + mode |= O_TRUNC; +#endif + binmode = strchr(modestr, 'b') != NULL; + if (binmode) { +#ifdef O_BINARY + mode |= O_BINARY; +#elif defined(_O_BINARY) + mode |= _O_BINARY; +#endif + } + + fd = open(filename, mode, 0600); + if (fd < 0) + goto err; + fp = fdopen(fd, modestr); + if (fp == NULL) + goto err; + bflags = BIO_CLOSE; + if (!binmode) + bflags |= BIO_FP_TEXT; + b = BIO_new_fp(fp, bflags); + if (b) + return b; + + err: + BIO_printf(bio_err, "%s: Can't open \"%s\" for writing, %s\n", + opt_getprog(), filename, strerror(errno)); + ERR_print_errors(bio_err); + /* If we have fp, then fdopen took over fd, so don't close both. */ + if (fp) + fclose(fp); + else if (fd >= 0) + close(fd); + return NULL; +} + static BIO *bio_open_default_(const char *filename, const char *mode, int quiet) { BIO *ret; @@ -320,10 +383,12 @@ static BIO *bio_open_default_(const char *filename, const char *mode, int quiet) ERR_print_errors(bio_err); return NULL; } + BIO *bio_open_default(const char *filename, const char *mode) { return bio_open_default_(filename, mode, 0); } + BIO *bio_open_default_quiet(const char *filename, const char *mode) { return bio_open_default_(filename, mode, 1); |