summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDr. David von Oheimb <David.von.Oheimb@siemens.com>2021-04-03 12:53:51 +0200
committerDr. David von Oheimb <dev@ddvo.net>2021-04-14 16:48:27 +0200
commit3ad6030948ac999de165f6185116459d74644e8d (patch)
treecd1f05f67890bc55b9cab065b963dfa5c7ded721
parentDocument the invariants for the empty X509_NAME encoding (diff)
downloadopenssl-3ad6030948ac999de165f6185116459d74644e8d.tar.xz
openssl-3ad6030948ac999de165f6185116459d74644e8d.zip
APPS: make apps strict on app_RAND_load() and app_RAND_write() failure
Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14840)
-rwxr-xr-xapps/ca.c3
-rw-r--r--apps/cmp.c2
-rw-r--r--apps/cms.c4
-rw-r--r--apps/dgst.c4
-rw-r--r--apps/dhparam.c4
-rw-r--r--apps/dsaparam.c3
-rw-r--r--apps/ecparam.c4
-rw-r--r--apps/enc.c3
-rw-r--r--apps/gendsa.c4
-rw-r--r--apps/genrsa.c4
-rw-r--r--apps/include/apps.h2
-rw-r--r--apps/include/opt.h2
-rw-r--r--apps/lib/app_rand.c11
-rw-r--r--apps/openssl.c3
-rw-r--r--apps/passwd.c4
-rw-r--r--apps/pkcs12.c4
-rw-r--r--apps/pkcs8.c4
-rw-r--r--apps/pkeyutl.c3
-rw-r--r--apps/rand.c4
-rw-r--r--apps/req.c4
-rw-r--r--apps/rsautl.c4
-rw-r--r--apps/s_client.c3
-rw-r--r--apps/s_server.c4
-rw-r--r--apps/smime.c4
-rw-r--r--apps/speed.c4
-rw-r--r--apps/srp.c4
-rw-r--r--apps/ts.c4
-rw-r--r--apps/x509.c4
28 files changed, 75 insertions, 32 deletions
diff --git a/apps/ca.c b/apps/ca.c
index 268bd76912..cec5c8f1ac 100755
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -521,7 +521,8 @@ end_of_options:
goto end;
app_RAND_load_conf(conf, BASE_SECTION);
- app_RAND_load();
+ if (!app_RAND_load())
+ goto end;
f = NCONF_get_string(conf, section, STRING_MASK);
if (f == NULL)
diff --git a/apps/cmp.c b/apps/cmp.c
index 8a996f6dce..135c509831 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -2603,6 +2603,8 @@ int cmp_main(int argc, char **argv)
if (ret <= 0)
goto err;
ret = 0;
+ if (!app_RAND_load())
+ goto err;
if (opt_batch)
set_base_ui_method(UI_null());
diff --git a/apps/cms.c b/apps/cms.c
index b03e981a56..56f0b37bbf 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -697,7 +697,9 @@ int cms_main(int argc, char **argv)
break;
}
}
- app_RAND_load();
+ if (!app_RAND_load())
+ goto end;
+
if (digestname != NULL) {
if (!opt_md(digestname, &sign_md))
goto end;
diff --git a/apps/dgst.c b/apps/dgst.c
index 891cf79279..20626c2b32 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -225,7 +225,9 @@ int dgst_main(int argc, char **argv)
BIO_printf(bio_err, "%s: Can only sign or verify one file.\n", prog);
goto end;
}
- app_RAND_load();
+ if (!app_RAND_load())
+ goto end;
+
if (digestname != NULL) {
if (!opt_md(digestname, &md))
goto opthelp;
diff --git a/apps/dhparam.c b/apps/dhparam.c
index 136dbcff64..b43935eb7f 100644
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -158,8 +158,8 @@ int dhparam_main(int argc, char **argv)
} else if (argc != 0) {
goto opthelp;
}
- app_RAND_load();
-
+ if (!app_RAND_load())
+ goto end;
if (g && !num)
num = DEFBITS;
diff --git a/apps/dsaparam.c b/apps/dsaparam.c
index c83d1fff41..a38dceb255 100644
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -135,7 +135,8 @@ int dsaparam_main(int argc, char **argv)
} else if (argc != 0) {
goto opthelp;
}
- app_RAND_load();
+ if (!app_RAND_load())
+ goto end;
/* generate a key */
numbits = num;
diff --git a/apps/ecparam.c b/apps/ecparam.c
index fc19ab6bf9..c99b8cc909 100644
--- a/apps/ecparam.c
+++ b/apps/ecparam.c
@@ -190,7 +190,9 @@ int ecparam_main(int argc, char **argv)
if (argc != 0)
goto opthelp;
- app_RAND_load();
+ if (!app_RAND_load())
+ goto end;
+
private = genkey ? 1 : 0;
in = bio_open_default(infile, 'r', informat);
diff --git a/apps/enc.c b/apps/enc.c
index 498d0d500b..3647a1ce61 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -293,7 +293,8 @@ int enc_main(int argc, char **argv)
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
- app_RAND_load();
+ if (!app_RAND_load())
+ goto end;
/* Get the cipher name, either from progname (if set) or flag. */
if (ciphername != NULL) {
diff --git a/apps/gendsa.c b/apps/gendsa.c
index 482191d8bf..97904d2c82 100644
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -107,7 +107,9 @@ int gendsa_main(int argc, char **argv)
goto opthelp;
dsaparams = argv[0];
- app_RAND_load();
+ if (!app_RAND_load())
+ goto end;
+
if (ciphername != NULL) {
if (!opt_cipher(ciphername, &enc))
goto end;
diff --git a/apps/genrsa.c b/apps/genrsa.c
index 469b0a0b2f..ab991d2385 100644
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -163,7 +163,9 @@ opthelp:
goto opthelp;
}
- app_RAND_load();
+ if (!app_RAND_load())
+ goto end;
+
private = 1;
if (ciphername != NULL) {
if (!opt_cipher(ciphername, &enc))
diff --git a/apps/include/apps.h b/apps/include/apps.h
index 96b37ef95c..2709b0ccaf 100644
--- a/apps/include/apps.h
+++ b/apps/include/apps.h
@@ -46,7 +46,7 @@
# define _UC(c) ((unsigned char)(c))
void app_RAND_load_conf(CONF *c, const char *section);
-void app_RAND_write(void);
+int app_RAND_write(void);
int app_RAND_load(void);
extern char *default_config_file; /* may be "" */
diff --git a/apps/include/opt.h b/apps/include/opt.h
index d23bf262fc..3d79224d04 100644
--- a/apps/include/opt.h
+++ b/apps/include/opt.h
@@ -258,7 +258,7 @@
# define OPT_R_OPTIONS \
OPT_SECTION("Random state"), \
- {"rand", OPT_R_RAND, 's', "Load the file(s) into the random number generator"}, \
+ {"rand", OPT_R_RAND, 's', "Load the given file(s) into the random number generator"}, \
{"writerand", OPT_R_WRITERAND, '>', "Write random data to the specified file"}
# define OPT_R_CASES \
diff --git a/apps/lib/app_rand.c b/apps/lib/app_rand.c
index c521979570..e38d3a72fc 100644
--- a/apps/lib/app_rand.c
+++ b/apps/lib/app_rand.c
@@ -63,9 +63,6 @@ int app_RAND_load(void)
char *p;
int i, ret = 1;
- if (randfiles == NULL)
- return 1;
-
for (i = 0; i < sk_OPENSSL_STRING_num(randfiles); i++) {
p = sk_OPENSSL_STRING_value(randfiles, i);
if (!loadfiles(p))
@@ -75,16 +72,20 @@ int app_RAND_load(void)
return ret;
}
-void app_RAND_write(void)
+int app_RAND_write(void)
{
+ int ret = 1;
+
if (save_rand_file == NULL)
- return;
+ return 1;
if (RAND_write_file(save_rand_file) == -1) {
BIO_printf(bio_err, "Cannot write random bytes:\n");
ERR_print_errors(bio_err);
+ ret = 0;
}
OPENSSL_free(save_rand_file);
save_rand_file = NULL;
+ return ret;
}
diff --git a/apps/openssl.c b/apps/openssl.c
index 6ef7d0ace1..30e1e755e0 100644
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -298,7 +298,8 @@ int main(int argc, char *argv[])
OPENSSL_free(default_config_file);
lh_FUNCTION_free(prog);
OPENSSL_free(arg.argv);
- app_RAND_write();
+ if (!app_RAND_write())
+ ret = EXIT_FAILURE;
BIO_free(bio_in);
BIO_free_all(bio_out);
diff --git a/apps/passwd.c b/apps/passwd.c
index 6e58112363..1203b7443e 100644
--- a/apps/passwd.c
+++ b/apps/passwd.c
@@ -195,7 +195,9 @@ int passwd_main(int argc, char **argv)
passwds = argv;
}
- app_RAND_load();
+ if (!app_RAND_load())
+ goto end;
+
if (mode == passwd_unset) {
/* use default */
mode = passwd_md5;
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 0a88140880..8c515870de 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -345,7 +345,9 @@ int pkcs12_main(int argc, char **argv)
if (argc != 0)
goto opthelp;
- app_RAND_load();
+ if (!app_RAND_load())
+ goto end;
+
if (ciphername != NULL) {
if (!opt_cipher(ciphername, &enc))
goto opthelp;
diff --git a/apps/pkcs8.c b/apps/pkcs8.c
index b8b56f1c80..cfcb341787 100644
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@@ -199,7 +199,9 @@ int pkcs8_main(int argc, char **argv)
goto opthelp;
private = 1;
- app_RAND_load();
+ if (!app_RAND_load())
+ goto end;
+
if (ciphername != NULL) {
if (!opt_cipher(ciphername, &cipher))
goto opthelp;
diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index 27ade9f079..fd1cdf8f4b 100644
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -255,7 +255,8 @@ int pkeyutl_main(int argc, char **argv)
if (argc != 0)
goto opthelp;
- app_RAND_load();
+ if (!app_RAND_load())
+ goto end;
if (rawin && pkey_op != EVP_PKEY_OP_SIGN && pkey_op != EVP_PKEY_OP_VERIFY) {
BIO_printf(bio_err,
diff --git a/apps/rand.c b/apps/rand.c
index b439216886..24f8c64d43 100644
--- a/apps/rand.c
+++ b/apps/rand.c
@@ -99,7 +99,9 @@ int rand_main(int argc, char **argv)
goto opthelp;
}
- app_RAND_load();
+ if (!app_RAND_load())
+ goto end;
+
out = bio_open_default(outfile, 'w', format);
if (out == NULL)
goto end;
diff --git a/apps/req.c b/apps/req.c
index 04774db399..1b17adb6f4 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -478,7 +478,9 @@ int req_main(int argc, char **argv)
if (argc != 0)
goto opthelp;
- app_RAND_load();
+ if (!app_RAND_load())
+ goto end;
+
if (digestname != NULL) {
if (!opt_md(digestname, &md_alg))
goto opthelp;
diff --git a/apps/rsautl.c b/apps/rsautl.c
index 05b2b189af..57a3f8b4fc 100644
--- a/apps/rsautl.c
+++ b/apps/rsautl.c
@@ -173,7 +173,9 @@ int rsautl_main(int argc, char **argv)
if (argc != 0)
goto opthelp;
- app_RAND_load();
+ if (!app_RAND_load())
+ goto end;
+
if (need_priv && (key_type != KEY_PRIVKEY)) {
BIO_printf(bio_err, "A private key is needed for this operation\n");
goto end;
diff --git a/apps/s_client.c b/apps/s_client.c
index ac744ccbd5..7b3cf87620 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1475,7 +1475,8 @@ int s_client_main(int argc, char **argv)
} else if (argc != 0) {
goto opthelp;
}
- app_RAND_load();
+ if (!app_RAND_load())
+ goto end;
if (count4or6 >= 2) {
BIO_printf(bio_err, "%s: Can't use both -4 and -6\n", prog);
diff --git a/apps/s_server.c b/apps/s_server.c
index 34b28736a1..b00303630f 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1610,7 +1610,9 @@ int s_server_main(int argc, char *argv[])
if (argc != 0)
goto opthelp;
- app_RAND_load();
+ if (!app_RAND_load())
+ goto end;
+
#ifndef OPENSSL_NO_NEXTPROTONEG
if (min_version == TLS1_3_VERSION && next_proto_neg_in != NULL) {
BIO_printf(bio_err, "Cannot supply -nextprotoneg with TLSv1.3\n");
diff --git a/apps/smime.c b/apps/smime.c
index dcef6b3b49..98a2f32b4a 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -359,7 +359,9 @@ int smime_main(int argc, char **argv)
argc = opt_num_rest();
argv = opt_rest();
- app_RAND_load();
+ if (!app_RAND_load())
+ goto end;
+
if (digestname != NULL) {
if (!opt_md(digestname, &sign_md))
goto opthelp;
diff --git a/apps/speed.c b/apps/speed.c
index 56c896c31e..d867e87e45 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -1648,7 +1648,9 @@ int speed_main(int argc, char **argv)
argc = opt_num_rest();
argv = opt_rest();
- app_RAND_load();
+ if (!app_RAND_load())
+ goto end;
+
for (; *argv; argv++) {
const char *algo = *argv;
diff --git a/apps/srp.c b/apps/srp.c
index 375ae1327c..af62e7e200 100644
--- a/apps/srp.c
+++ b/apps/srp.c
@@ -309,7 +309,9 @@ int srp_main(int argc, char **argv)
argc = opt_num_rest();
argv = opt_rest();
- app_RAND_load();
+ if (!app_RAND_load())
+ goto end;
+
if (srpvfile != NULL && configfile != NULL) {
BIO_printf(bio_err,
"-srpvfile and -configfile cannot be specified together.\n");
diff --git a/apps/ts.c b/apps/ts.c
index cc69a7de72..b4a5e85fea 100644
--- a/apps/ts.c
+++ b/apps/ts.c
@@ -292,7 +292,9 @@ int ts_main(int argc, char **argv)
if (argc != 0 || mode == OPT_ERR)
goto opthelp;
- app_RAND_load();
+ if (!app_RAND_load())
+ goto end;
+
if (digestname != NULL) {
if (!opt_md(digestname, &md))
goto opthelp;
diff --git a/apps/x509.c b/apps/x509.c
index abbffe37ab..18c0ce90d8 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -578,7 +578,9 @@ int x509_main(int argc, char **argv)
if (argc != 0)
goto opthelp;
- app_RAND_load();
+ if (!app_RAND_load())
+ goto end;
+
if (digestname != NULL) {
if (!opt_md(digestname, &digest))
goto opthelp;