1 /* 2 * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the OpenSSL license (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include "internal/cryptlib.h" 11 12 #include <errno.h> 13 #include <stdio.h> 14 #include <stdlib.h> 15 #include <string.h> 16 17 #include <openssl/crypto.h> 18 #include <openssl/rand.h> 19 #include <openssl/rand_drbg.h> 20 #include <openssl/buffer.h> 21 22 #ifdef OPENSSL_SYS_VMS 23 # include <unixio.h> 24 #endif 25 #include <sys/types.h> 26 #ifndef OPENSSL_NO_POSIX_IO 27 # include <sys/stat.h> 28 # include <fcntl.h> 29 # ifdef _WIN32 30 # include <windows.h> 31 # include <io.h> 32 # define stat _stat 33 # define chmod _chmod 34 # define open _open 35 # define fdopen _fdopen 36 # define fstat _fstat 37 # define fileno _fileno 38 # endif 39 #endif 40 41 /* 42 * Following should not be needed, and we could have been stricter 43 * and demand S_IS*. But some systems just don't comply... Formally 44 * below macros are "anatomically incorrect", because normally they 45 * would look like ((m) & MASK == TYPE), but since MASK availability 46 * is as questionable, we settle for this poor-man fallback... 47 */ 48 # if !defined(S_ISREG) 49 # define S_ISREG(m) ((m) & S_IFREG) 50 # endif 51 52 #define RAND_BUF_SIZE 1024 53 #define RFILE ".rnd" 54 55 #ifdef OPENSSL_SYS_VMS 56 /* 57 * __FILE_ptr32 is a type provided by DEC C headers (types.h specifically) 58 * to make sure the FILE* is a 32-bit pointer no matter what. We know that 59 * stdio functions return this type (a study of stdio.h proves it). 60 * 61 * This declaration is a nasty hack to get around vms' extension to fopen for 62 * passing in sharing options being disabled by /STANDARD=ANSI89 63 */ 64 static __FILE_ptr32 (*const vms_fopen)(const char *, const char *, ...) = 65 (__FILE_ptr32 (*)(const char *, const char *, ...))fopen; 66 # define VMS_OPEN_ATTRS \ 67 "shr=get,put,upd,del","ctx=bin,stm","rfm=stm","rat=none","mrs=0" 68 # define openssl_fopen(fname, mode) vms_fopen((fname), (mode), VMS_OPEN_ATTRS) 69 #endif 70 71 /* 72 * Note that these functions are intended for seed files only. Entropy 73 * devices and EGD sockets are handled in rand_unix.c If |bytes| is 74 * -1 read the complete file; otherwise read the specified amount. 75 */ 76 int RAND_load_file(const char *file, long bytes) 77 { 78 /* 79 * The load buffer size exceeds the chunk size by the comfortable amount 80 * of 'RAND_DRBG_STRENGTH' bytes (not bits!). This is done on purpose 81 * to avoid calling RAND_add() with a small final chunk. Instead, such 82 * a small final chunk will be added together with the previous chunk 83 * (unless it's the only one). 84 */ 85 #define RAND_LOAD_BUF_SIZE (RAND_BUF_SIZE + RAND_DRBG_STRENGTH) 86 unsigned char buf[RAND_LOAD_BUF_SIZE]; 87 88 #ifndef OPENSSL_NO_POSIX_IO 89 struct stat sb; 90 #endif 91 int i, n, ret = 0; 92 FILE *in; 93 94 if (bytes == 0) 95 return 0; 96 97 if ((in = openssl_fopen(file, "rb")) == NULL) { 98 RANDerr(RAND_F_RAND_LOAD_FILE, RAND_R_CANNOT_OPEN_FILE); 99 ERR_add_error_data(2, "Filename=", file); 100 return -1; 101 } 102 103 #ifndef OPENSSL_NO_POSIX_IO 104 if (fstat(fileno(in), &sb) < 0) { 105 RANDerr(RAND_F_RAND_LOAD_FILE, RAND_R_INTERNAL_ERROR); 106 ERR_add_error_data(2, "Filename=", file); 107 fclose(in); 108 return -1; 109 } 110 111 if (bytes < 0) { 112 if (S_ISREG(sb.st_mode)) 113 bytes = sb.st_size; 114 else 115 bytes = RAND_DRBG_STRENGTH; 116 } 117 #endif 118 /* 119 * On VMS, setbuf() will only take 32-bit pointers, and a compilation 120 * with /POINTER_SIZE=64 will give off a MAYLOSEDATA2 warning here. 121 * However, we trust that the C RTL will never give us a FILE pointer 122 * above the first 4 GB of memory, so we simply turn off the warning 123 * temporarily. 124 */ 125 #if defined(OPENSSL_SYS_VMS) && defined(__DECC) 126 # pragma environment save 127 # pragma message disable maylosedata2 128 #endif 129 /* 130 * Don't buffer, because even if |file| is regular file, we have 131 * no control over the buffer, so why would we want a copy of its 132 * contents lying around? 133 */ 134 setbuf(in, NULL); 135 #if defined(OPENSSL_SYS_VMS) && defined(__DECC) 136 # pragma environment restore 137 #endif 138 139 for ( ; ; ) { 140 if (bytes > 0) 141 n = (bytes <= RAND_LOAD_BUF_SIZE) ? (int)bytes : RAND_BUF_SIZE; 142 else 143 n = RAND_LOAD_BUF_SIZE; 144 i = fread(buf, 1, n, in); 145 #ifdef EINTR 146 if (ferror(in) && errno == EINTR){ 147 clearerr(in); 148 if (i == 0) 149 continue; 150 } 151 #endif 152 if (i == 0) 153 break; 154 155 RAND_add(buf, i, (double)i); 156 ret += i; 157 158 /* If given a bytecount, and we did it, break. */ 159 if (bytes > 0 && (bytes -= i) <= 0) 160 break; 161 } 162 163 OPENSSL_cleanse(buf, sizeof(buf)); 164 fclose(in); 165 if (!RAND_status()) { 166 RANDerr(RAND_F_RAND_LOAD_FILE, RAND_R_RESEED_ERROR); 167 ERR_add_error_data(2, "Filename=", file); 168 return -1; 169 } 170 171 return ret; 172 } 173 174 int RAND_write_file(const char *file) 175 { 176 unsigned char buf[RAND_BUF_SIZE]; 177 int ret = -1; 178 FILE *out = NULL; 179 #ifndef OPENSSL_NO_POSIX_IO 180 struct stat sb; 181 182 if (stat(file, &sb) >= 0 && !S_ISREG(sb.st_mode)) { 183 RANDerr(RAND_F_RAND_WRITE_FILE, RAND_R_NOT_A_REGULAR_FILE); 184 ERR_add_error_data(2, "Filename=", file); 185 return -1; 186 } 187 #endif 188 189 /* Collect enough random data. */ 190 if (RAND_priv_bytes(buf, (int)sizeof(buf)) != 1) 191 return -1; 192 193 #if defined(O_CREAT) && !defined(OPENSSL_NO_POSIX_IO) && \ 194 !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS) 195 { 196 # ifndef O_BINARY 197 # define O_BINARY 0 198 # endif 199 /* 200 * chmod(..., 0600) is too late to protect the file, permissions 201 * should be restrictive from the start 202 */ 203 int fd = open(file, O_WRONLY | O_CREAT | O_BINARY, 0600); 204 if (fd != -1) 205 out = fdopen(fd, "wb"); 206 } 207 #endif 208 209 #ifdef OPENSSL_SYS_VMS 210 /* 211 * VMS NOTE: Prior versions of this routine created a _new_ version of 212 * the rand file for each call into this routine, then deleted all 213 * existing versions named ;-1, and finally renamed the current version 214 * as ';1'. Under concurrent usage, this resulted in an RMS race 215 * condition in rename() which could orphan files (see vms message help 216 * for RMS$_REENT). With the fopen() calls below, openssl/VMS now shares 217 * the top-level version of the rand file. Note that there may still be 218 * conditions where the top-level rand file is locked. If so, this code 219 * will then create a new version of the rand file. Without the delete 220 * and rename code, this can result in ascending file versions that stop 221 * at version 32767, and this routine will then return an error. The 222 * remedy for this is to recode the calling application to avoid 223 * concurrent use of the rand file, or synchronize usage at the 224 * application level. Also consider whether or not you NEED a persistent 225 * rand file in a concurrent use situation. 226 */ 227 out = openssl_fopen(file, "rb+"); 228 #endif 229 230 if (out == NULL) 231 out = openssl_fopen(file, "wb"); 232 if (out == NULL) { 233 RANDerr(RAND_F_RAND_WRITE_FILE, RAND_R_CANNOT_OPEN_FILE); 234 ERR_add_error_data(2, "Filename=", file); 235 return -1; 236 } 237 238 #if !defined(NO_CHMOD) && !defined(OPENSSL_NO_POSIX_IO) 239 /* 240 * Yes it's late to do this (see above comment), but better than nothing. 241 */ 242 chmod(file, 0600); 243 #endif 244 245 ret = fwrite(buf, 1, RAND_BUF_SIZE, out); 246 fclose(out); 247 OPENSSL_cleanse(buf, RAND_BUF_SIZE); 248 return ret; 249 } 250 251 const char *RAND_file_name(char *buf, size_t size) 252 { 253 char *s = NULL; 254 size_t len; 255 int use_randfile = 1; 256 257 #if defined(_WIN32) && defined(CP_UTF8) && !defined(_WIN32_WCE) 258 DWORD envlen; 259 WCHAR *var; 260 261 /* Look up various environment variables. */ 262 if ((envlen = GetEnvironmentVariableW(var = L"RANDFILE", NULL, 0)) == 0) { 263 use_randfile = 0; 264 if ((envlen = GetEnvironmentVariableW(var = L"HOME", NULL, 0)) == 0 265 && (envlen = GetEnvironmentVariableW(var = L"USERPROFILE", 266 NULL, 0)) == 0) 267 envlen = GetEnvironmentVariableW(var = L"SYSTEMROOT", NULL, 0); 268 } 269 270 /* If we got a value, allocate space to hold it and then get it. */ 271 if (envlen != 0) { 272 int sz; 273 WCHAR *val = _alloca(envlen * sizeof(WCHAR)); 274 275 if (GetEnvironmentVariableW(var, val, envlen) < envlen 276 && (sz = WideCharToMultiByte(CP_UTF8, 0, val, -1, NULL, 0, 277 NULL, NULL)) != 0) { 278 s = _alloca(sz); 279 if (WideCharToMultiByte(CP_UTF8, 0, val, -1, s, sz, 280 NULL, NULL) == 0) 281 s = NULL; 282 } 283 } 284 #else 285 if ((s = ossl_safe_getenv("RANDFILE")) == NULL || *s == '\0') { 286 use_randfile = 0; 287 s = ossl_safe_getenv("HOME"); 288 } 289 #endif 290 291 #ifdef DEFAULT_HOME 292 if (!use_randfile && s == NULL) 293 s = DEFAULT_HOME; 294 #endif 295 if (s == NULL || *s == '\0') 296 return NULL; 297 298 len = strlen(s); 299 if (use_randfile) { 300 if (len + 1 >= size) 301 return NULL; 302 strcpy(buf, s); 303 } else { 304 if (len + 1 + strlen(RFILE) + 1 >= size) 305 return NULL; 306 strcpy(buf, s); 307 #ifndef OPENSSL_SYS_VMS 308 strcat(buf, "/"); 309 #endif 310 strcat(buf, RFILE); 311 } 312 313 return buf; 314 } 315