From 3b061a00e39d2e4ad524ff01cbdc0c53fe8171ee Mon Sep 17 00:00:00 2001
From: Rich Salz <rsalz@akamai.com>
Date: Sat, 2 May 2015 10:01:33 -0400
Subject: RT2547: Tighten perms on generated privkey files

When generating a private key, try to make the output file be readable
only by the owner.  Put it in CHANGES file since it might be noticeable.

Add "int private" flag to apps that write private keys, and check that it's
set whenever we do write a private key.  Checked via assert so that this
bug (security-related) gets fixed.  Thanks to Viktor for help in tracing
the code-paths where private keys are written.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
---
 apps/genrsa.c | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

(limited to 'apps/genrsa.c')

diff --git a/apps/genrsa.c b/apps/genrsa.c
index 80d9ea6f01..bb8437fa48 100644
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -102,12 +102,13 @@ OPTIONS genrsa_options[] = {
 int genrsa_main(int argc, char **argv)
 {
     BN_GENCB *cb = BN_GENCB_new();
+    PW_CB_DATA cb_data;
     ENGINE *e = NULL;
     BIGNUM *bn = BN_new();
     BIO *out = NULL;
     RSA *rsa = NULL;
     const EVP_CIPHER *enc = NULL;
-    int ret = 1, non_fips_allow = 0, num = DEFBITS;
+    int ret = 1, non_fips_allow = 0, num = DEFBITS, private = 0;
     unsigned long f4 = RSA_F4;
     char *outfile = NULL, *passoutarg = NULL, *passout = NULL;
     char *inrand = NULL, *prog, *hexe, *dece;
@@ -157,6 +158,7 @@ int genrsa_main(int argc, char **argv)
     }
     argc = opt_num_rest();
     argv = opt_rest();
+    private = 1;
 
     if (argv[0] && (!opt_int(argv[0], &num) || num <= 0))
         goto end;
@@ -169,7 +171,7 @@ int genrsa_main(int argc, char **argv)
     if (!app_load_modules(NULL))
         goto end;
 
-    out = bio_open_default(outfile, "w");
+    out = bio_open_owner(outfile, "w", private);
     if (out == NULL)
         goto end;
 
@@ -203,15 +205,13 @@ int genrsa_main(int argc, char **argv)
     }
     OPENSSL_free(hexe);
     OPENSSL_free(dece);
-    {
-        PW_CB_DATA cb_data;
-        cb_data.password = passout;
-        cb_data.prompt_info = outfile;
-        if (!PEM_write_bio_RSAPrivateKey(out, rsa, enc, NULL, 0,
-                                         (pem_password_cb *)password_callback,
-                                         &cb_data))
-            goto end;
-    }
+    cb_data.password = passout;
+    cb_data.prompt_info = outfile;
+    assert(private);
+    if (!PEM_write_bio_RSAPrivateKey(out, rsa, enc, NULL, 0,
+                                     (pem_password_cb *)password_callback,
+                                     &cb_data))
+        goto end;
 
     ret = 0;
  end:
-- 
cgit v1.2.3