From 3b061a00e39d2e4ad524ff01cbdc0c53fe8171ee Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Sat, 2 May 2015 10:01:33 -0400 Subject: RT2547: Tighten perms on generated privkey files When generating a private key, try to make the output file be readable only by the owner. Put it in CHANGES file since it might be noticeable. Add "int private" flag to apps that write private keys, and check that it's set whenever we do write a private key. Checked via assert so that this bug (security-related) gets fixed. Thanks to Viktor for help in tracing the code-paths where private keys are written. Reviewed-by: Viktor Dukhovni --- apps/ecparam.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'apps/ecparam.c') diff --git a/apps/ecparam.c b/apps/ecparam.c index ae755735b7..a0781c525b 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -70,7 +70,6 @@ #include #ifndef OPENSSL_NO_EC -# include # include # include # include @@ -142,8 +141,8 @@ int ecparam_main(int argc, char **argv) unsigned char *buffer = NULL; OPTION_CHOICE o; int asn1_flag = OPENSSL_EC_NAMED_CURVE, new_asn1_flag = 0; - int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0, C = 0, ret = - 1; + int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0, C = 0; + int ret = 1, private = 0; int list_curves = 0, no_seed = 0, check = 0, new_form = 0; int text = 0, i, need_rand = 0, genkey = 0; @@ -219,6 +218,7 @@ int ecparam_main(int argc, char **argv) } argc = opt_num_rest(); argv = opt_rest(); + private = genkey ? 1 : 0; if (!app_load_modules(NULL)) goto end; @@ -226,7 +226,7 @@ int ecparam_main(int argc, char **argv) in = bio_open_default(infile, RB(informat)); if (in == NULL) goto end; - out = bio_open_default(outfile, WB(outformat)); + out = bio_open_owner(outfile, WB(outformat), private); if (out == NULL) goto end; @@ -473,6 +473,7 @@ int ecparam_main(int argc, char **argv) EC_KEY_free(eckey); goto end; } + assert(private); if (outformat == FORMAT_ASN1) i = i2d_ECPrivateKey_bio(out, eckey); else -- cgit v1.2.3