sl@0: /* crypto/rand/randfile.c */ sl@0: /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) sl@0: * All rights reserved. sl@0: * sl@0: * This package is an SSL implementation written sl@0: * by Eric Young (eay@cryptsoft.com). sl@0: * The implementation was written so as to conform with Netscapes SSL. sl@0: * sl@0: * This library is free for commercial and non-commercial use as long as sl@0: * the following conditions are aheared to. The following conditions sl@0: * apply to all code found in this distribution, be it the RC4, RSA, sl@0: * lhash, DES, etc., code; not just the SSL code. The SSL documentation sl@0: * included with this distribution is covered by the same copyright terms sl@0: * except that the holder is Tim Hudson (tjh@cryptsoft.com). sl@0: * sl@0: * Copyright remains Eric Young's, and as such any Copyright notices in sl@0: * the code are not to be removed. sl@0: * If this package is used in a product, Eric Young should be given attribution sl@0: * as the author of the parts of the library used. sl@0: * This can be in the form of a textual message at program startup or sl@0: * in documentation (online or textual) provided with the package. sl@0: * sl@0: * Redistribution and use in source and binary forms, with or without sl@0: * modification, are permitted provided that the following conditions sl@0: * are met: sl@0: * 1. Redistributions of source code must retain the copyright sl@0: * notice, this list of conditions and the following disclaimer. sl@0: * 2. Redistributions in binary form must reproduce the above copyright sl@0: * notice, this list of conditions and the following disclaimer in the sl@0: * documentation and/or other materials provided with the distribution. sl@0: * 3. All advertising materials mentioning features or use of this software sl@0: * must display the following acknowledgement: sl@0: * "This product includes cryptographic software written by sl@0: * Eric Young (eay@cryptsoft.com)" sl@0: * The word 'cryptographic' can be left out if the rouines from the library sl@0: * being used are not cryptographic related :-). sl@0: * 4. If you include any Windows specific code (or a derivative thereof) from sl@0: * the apps directory (application code) you must include an acknowledgement: sl@0: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" sl@0: * sl@0: * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND sl@0: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE sl@0: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE sl@0: * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE sl@0: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL sl@0: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS sl@0: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) sl@0: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT sl@0: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY sl@0: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF sl@0: * SUCH DAMAGE. sl@0: * sl@0: * The licence and distribution terms for any publically available version or sl@0: * derivative of this code cannot be changed. i.e. this code cannot simply be sl@0: * copied and put under another distribution licence sl@0: * [including the GNU Public Licence.] sl@0: */ sl@0: /* sl@0: © Portions copyright (c) 2006 Nokia Corporation. All rights reserved. sl@0: */ sl@0: /* We need to define this to get macros like S_IFBLK and S_IFCHR */ sl@0: #define _XOPEN_SOURCE 500 sl@0: sl@0: sl@0: sl@0: #include sl@0: #include sl@0: #include sl@0: #include sl@0: sl@0: sl@0: #include "e_os.h" sl@0: #include sl@0: #include sl@0: #include sl@0: sl@0: # include sl@0: sl@0: #ifdef OPENSSL_SYS_VMS sl@0: #include sl@0: #endif sl@0: #ifndef NO_SYS_TYPES_H sl@0: # include sl@0: #endif sl@0: #ifdef MAC_OS_pre_X sl@0: # include sl@0: #else sl@0: # include sl@0: #endif sl@0: sl@0: #undef BUFSIZE sl@0: #ifndef SYMBIAN sl@0: #define BUFSIZE 1024 sl@0: #define RAND_DATA 1024 sl@0: #else sl@0: #define BUFSIZE 512 sl@0: #define RAND_DATA 512 sl@0: #endif sl@0: sl@0: sl@0: /* #define RFILE ".rnd" - defined in ../../e_os.h */ sl@0: sl@0: /* Note that these functions are intended for seed files only. sl@0: * Entropy devices and EGD sockets are handled in rand_unix.c */ sl@0: sl@0: EXPORT_C int RAND_load_file(const char *file, long bytes) sl@0: { sl@0: /* If bytes >= 0, read up to 'bytes' bytes. sl@0: * if bytes == -1, read complete file. */ sl@0: sl@0: MS_STATIC unsigned char buf[BUFSIZE]; sl@0: struct stat sb; sl@0: int i,ret=0,n; sl@0: FILE *in; sl@0: sl@0: if (file == NULL) return(0); sl@0: sl@0: if (stat(file,&sb) < 0) return(0); sl@0: RAND_add(&sb,sizeof(sb),0.0); sl@0: if (bytes == 0) return(ret); sl@0: sl@0: in=fopen(file,"rb"); sl@0: if (in == NULL) goto err; sl@0: #if defined(S_IFBLK) && defined(S_IFCHR) sl@0: if (sb.st_mode & (S_IFBLK | S_IFCHR)) { sl@0: /* this file is a device. we don't want read an infinite number sl@0: * of bytes from a random device, nor do we want to use buffered sl@0: * I/O because we will waste system entropy. sl@0: */ sl@0: bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */ sl@0: setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */ sl@0: } sl@0: #endif sl@0: for (;;) sl@0: { sl@0: if (bytes > 0) sl@0: n = (bytes < BUFSIZE)?(int)bytes:BUFSIZE; sl@0: else sl@0: n = BUFSIZE; sl@0: i=fread(buf,1,n,in); sl@0: if (i <= 0) break; sl@0: /* even if n != i, use the full array */ sl@0: RAND_add(buf,n,(double)i); sl@0: ret+=i; sl@0: if (bytes > 0) sl@0: { sl@0: bytes-=n; sl@0: if (bytes <= 0) break; sl@0: } sl@0: } sl@0: fclose(in); sl@0: OPENSSL_cleanse(buf,BUFSIZE); sl@0: err: sl@0: return(ret); sl@0: } sl@0: sl@0: EXPORT_C int RAND_write_file(const char *file) sl@0: { sl@0: unsigned char buf[BUFSIZE]; sl@0: int i,ret=0,rand_err=0; sl@0: FILE *out = NULL; sl@0: int n; sl@0: struct stat sb; sl@0: sl@0: i=stat(file,&sb); sl@0: if (i != -1) { sl@0: #if defined(S_IFBLK) && defined(S_IFCHR) sl@0: if (sb.st_mode & (S_IFBLK | S_IFCHR)) { sl@0: /* this file is a device. we don't write back to it. sl@0: * we "succeed" on the assumption this is some sort sl@0: * of random device. Otherwise attempting to write to sl@0: * and chmod the device causes problems. sl@0: */ sl@0: return(1); sl@0: } sl@0: #endif sl@0: } sl@0: sl@0: #if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32) sl@0: { sl@0: /* For some reason Win32 can't write to files created this way */ sl@0: sl@0: /* chmod(..., 0600) is too late to protect the file, sl@0: * permissions should be restrictive from the start */ sl@0: int fd = open(file, O_CREAT, 0600); sl@0: if (fd != -1) sl@0: out = fdopen(fd, "wb"); sl@0: } sl@0: #endif sl@0: if (out == NULL) sl@0: out = fopen(file,"wb"); sl@0: if (out == NULL) goto err; sl@0: sl@0: #ifndef NO_CHMOD sl@0: chmod(file,0600); sl@0: #endif sl@0: n=RAND_DATA; sl@0: for (;;) sl@0: { sl@0: i=(n > BUFSIZE)?BUFSIZE:n; sl@0: n-=BUFSIZE; sl@0: if (RAND_bytes(buf,i) <= 0) sl@0: rand_err=1; sl@0: i=fwrite(buf,1,i,out); sl@0: if (i <= 0) sl@0: { sl@0: ret=0; sl@0: break; sl@0: } sl@0: ret+=i; sl@0: if (n <= 0) break; sl@0: } sl@0: #ifdef OPENSSL_SYS_VMS sl@0: /* Try to delete older versions of the file, until there aren't sl@0: any */ sl@0: { sl@0: char *tmpf; sl@0: sl@0: tmpf = OPENSSL_malloc(strlen(file) + 4); /* to add ";-1" and a nul */ sl@0: if (tmpf) sl@0: { sl@0: strcpy(tmpf, file); sl@0: strcat(tmpf, ";-1"); sl@0: while(delete(tmpf) == 0) sl@0: ; sl@0: rename(file,";1"); /* Make sure it's version 1, or we sl@0: will reach the limit (32767) at sl@0: some point... */ sl@0: } sl@0: } sl@0: #endif /* OPENSSL_SYS_VMS */ sl@0: sl@0: fclose(out); sl@0: OPENSSL_cleanse(buf,BUFSIZE); sl@0: err: sl@0: return (rand_err ? -1 : ret); sl@0: } sl@0: sl@0: EXPORT_C const char *RAND_file_name(char *buf, size_t size) sl@0: { sl@0: char *s=NULL; sl@0: int ok = 0; sl@0: #ifdef __OpenBSD__ sl@0: struct stat sb; sl@0: #endif sl@0: sl@0: if (OPENSSL_issetugid() == 0) sl@0: s=getenv("RANDFILE"); sl@0: if (s != NULL && *s && strlen(s) + 1 < size) sl@0: { sl@0: if (BUF_strlcpy(buf,s,size) >= size) sl@0: return NULL; sl@0: } sl@0: else sl@0: { sl@0: if (OPENSSL_issetugid() == 0) sl@0: s=getenv("HOME"); sl@0: #ifdef DEFAULT_HOME sl@0: if (s == NULL) sl@0: { sl@0: s = DEFAULT_HOME; sl@0: } sl@0: #endif sl@0: if (s && *s && strlen(s)+strlen(RFILE)+2 < size) sl@0: { sl@0: BUF_strlcpy(buf,s,size); sl@0: #ifndef OPENSSL_SYS_VMS sl@0: BUF_strlcat(buf,"/",size); sl@0: #endif sl@0: BUF_strlcat(buf,RFILE,size); sl@0: ok = 1; sl@0: } sl@0: else sl@0: buf[0] = '\0'; /* no file name */ sl@0: } sl@0: sl@0: #ifdef __OpenBSD__ sl@0: /* given that all random loads just fail if the file can't be sl@0: * seen on a stat, we stat the file we're returning, if it sl@0: * fails, use /dev/arandom instead. this allows the user to sl@0: * use their own source for good random data, but defaults sl@0: * to something hopefully decent if that isn't available. sl@0: */ sl@0: sl@0: if (!ok) sl@0: if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) { sl@0: return(NULL); sl@0: } sl@0: if (stat(buf,&sb) == -1) sl@0: if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) { sl@0: return(NULL); sl@0: } sl@0: sl@0: #endif sl@0: return(buf); sl@0: }