APPS: make apps strict on app_RAND_load() and app_RAND_write() failure

Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14840)
2024-11-23 18:13:39 +08:00 · 2021-04-03 12:53:51 +02:00 · 2021-04-03 12:53:51 +02:00 · 3ad6030948
commit 3ad6030948
parent 456541f0b7
28 changed files with 75 additions and 32 deletions
--- a/apps/ca.c
+++ b/apps/ca.c
@ -521,7 +521,8 @@ end_of_options:
        goto end;

    app_RAND_load_conf(conf, BASE_SECTION);
-    app_RAND_load();
+    if (!app_RAND_load())
+        goto end;

    f = NCONF_get_string(conf, section, STRING_MASK);
    if (f == NULL)
--- a/apps/cmp.c
+++ b/apps/cmp.c
@ -2603,6 +2603,8 @@ int cmp_main(int argc, char **argv)
    if (ret <= 0)
        goto err;
    ret = 0;
+    if (!app_RAND_load())
+        goto err;

    if (opt_batch)
        set_base_ui_method(UI_null());
--- a/apps/cms.c
+++ b/apps/cms.c
@ -697,7 +697,9 @@ int cms_main(int argc, char **argv)
            break;
        }
    }
-    app_RAND_load();
+    if (!app_RAND_load())
+        goto end;
+
    if (digestname != NULL) {
        if (!opt_md(digestname, &sign_md))
            goto end;
--- a/apps/dgst.c
+++ b/apps/dgst.c
@ -225,7 +225,9 @@ int dgst_main(int argc, char **argv)
        BIO_printf(bio_err, "%s: Can only sign or verify one file.\n", prog);
        goto end;
    }
-    app_RAND_load();
+    if (!app_RAND_load())
+        goto end;
+
    if (digestname != NULL) {
        if (!opt_md(digestname, &md))
            goto opthelp;
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@ -158,8 +158,8 @@ int dhparam_main(int argc, char **argv)
    } else if (argc != 0) {
        goto opthelp;
    }
-    app_RAND_load();
-
+    if (!app_RAND_load())
+        goto end;

    if (g && !num)
        num = DEFBITS;
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@ -135,7 +135,8 @@ int dsaparam_main(int argc, char **argv)
    } else if (argc != 0) {
        goto opthelp;
    }
-    app_RAND_load();
+    if (!app_RAND_load())
+        goto end;

    /* generate a key */
    numbits = num;
--- a/apps/ecparam.c
+++ b/apps/ecparam.c
@ -190,7 +190,9 @@ int ecparam_main(int argc, char **argv)
    if (argc != 0)
        goto opthelp;

-    app_RAND_load();
+    if (!app_RAND_load())
+        goto end;
+
    private = genkey ? 1 : 0;

    in = bio_open_default(infile, 'r', informat);
--- a/apps/enc.c
+++ b/apps/enc.c
@ -293,7 +293,8 @@ int enc_main(int argc, char **argv)
    argc = opt_num_rest();
    if (argc != 0)
        goto opthelp;
-    app_RAND_load();
+    if (!app_RAND_load())
+        goto end;

    /* Get the cipher name, either from progname (if set) or flag. */
    if (ciphername != NULL) {
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@ -107,7 +107,9 @@ int gendsa_main(int argc, char **argv)
        goto opthelp;
    dsaparams = argv[0];

-    app_RAND_load();
+    if (!app_RAND_load())
+        goto end;
+
    if (ciphername != NULL) {
        if (!opt_cipher(ciphername, &enc))
            goto end;
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@ -163,7 +163,9 @@ opthelp:
        goto opthelp;
    }

-    app_RAND_load();
+    if (!app_RAND_load())
+        goto end;
+
    private = 1;
    if (ciphername != NULL) {
        if (!opt_cipher(ciphername, &enc))
--- a/apps/include/apps.h
+++ b/apps/include/apps.h
@ -46,7 +46,7 @@
 # define _UC(c) ((unsigned char)(c))

 void app_RAND_load_conf(CONF *c, const char *section);
-void app_RAND_write(void);
+int app_RAND_write(void);
 int app_RAND_load(void);

 extern char *default_config_file; /* may be "" */
--- a/apps/include/opt.h
+++ b/apps/include/opt.h
@ -258,7 +258,7 @@

 # define OPT_R_OPTIONS \
    OPT_SECTION("Random state"), \
-    {"rand", OPT_R_RAND, 's', "Load the file(s) into the random number generator"}, \
+    {"rand", OPT_R_RAND, 's', "Load the given file(s) into the random number generator"}, \
    {"writerand", OPT_R_WRITERAND, '>', "Write random data to the specified file"}

 # define OPT_R_CASES \
--- a/apps/lib/app_rand.c
+++ b/apps/lib/app_rand.c
@ -63,9 +63,6 @@ int app_RAND_load(void)
    char *p;
    int i, ret = 1;

-    if (randfiles == NULL)
-        return 1;
-
    for (i = 0; i < sk_OPENSSL_STRING_num(randfiles); i++) {
        p = sk_OPENSSL_STRING_value(randfiles, i);
        if (!loadfiles(p))
@ -75,16 +72,20 @@ int app_RAND_load(void)
    return ret;
 }

-void app_RAND_write(void)
+int app_RAND_write(void)
 {
+    int ret = 1;
+
    if (save_rand_file == NULL)
-        return;
+        return 1;
    if (RAND_write_file(save_rand_file) == -1) {
        BIO_printf(bio_err, "Cannot write random bytes:\n");
        ERR_print_errors(bio_err);
+        ret = 0;
    }
    OPENSSL_free(save_rand_file);
    save_rand_file =  NULL;
+    return ret;
 }


--- a/apps/openssl.c
+++ b/apps/openssl.c
@ -298,7 +298,8 @@ int main(int argc, char *argv[])
    OPENSSL_free(default_config_file);
    lh_FUNCTION_free(prog);
    OPENSSL_free(arg.argv);
-    app_RAND_write();
+    if (!app_RAND_write())
+        ret = EXIT_FAILURE;

    BIO_free(bio_in);
    BIO_free_all(bio_out);
--- a/apps/passwd.c
+++ b/apps/passwd.c
@ -195,7 +195,9 @@ int passwd_main(int argc, char **argv)
        passwds = argv;
    }

-    app_RAND_load();
+    if (!app_RAND_load())
+        goto end;
+
    if (mode == passwd_unset) {
        /* use default */
        mode = passwd_md5;
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@ -345,7 +345,9 @@ int pkcs12_main(int argc, char **argv)
    if (argc != 0)
        goto opthelp;

-    app_RAND_load();
+    if (!app_RAND_load())
+        goto end;
+
    if (ciphername != NULL) {
        if (!opt_cipher(ciphername, &enc))
            goto opthelp;
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@ -199,7 +199,9 @@ int pkcs8_main(int argc, char **argv)
        goto opthelp;

    private = 1;
-    app_RAND_load();
+    if (!app_RAND_load())
+        goto end;
+
    if (ciphername != NULL) {
        if (!opt_cipher(ciphername, &cipher))
            goto opthelp;
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@ -255,7 +255,8 @@ int pkeyutl_main(int argc, char **argv)
    if (argc != 0)
        goto opthelp;

-    app_RAND_load();
+    if (!app_RAND_load())
+        goto end;

    if (rawin && pkey_op != EVP_PKEY_OP_SIGN && pkey_op != EVP_PKEY_OP_VERIFY) {
        BIO_printf(bio_err,
--- a/apps/rand.c
+++ b/apps/rand.c
@ -99,7 +99,9 @@ int rand_main(int argc, char **argv)
        goto opthelp;
    }

-    app_RAND_load();
+    if (!app_RAND_load())
+        goto end;
+
    out = bio_open_default(outfile, 'w', format);
    if (out == NULL)
        goto end;
--- a/apps/req.c
+++ b/apps/req.c
@ -478,7 +478,9 @@ int req_main(int argc, char **argv)
    if (argc != 0)
        goto opthelp;

-    app_RAND_load();
+    if (!app_RAND_load())
+        goto end;
+
    if (digestname != NULL) {
        if (!opt_md(digestname, &md_alg))
            goto opthelp;
--- a/apps/rsautl.c
+++ b/apps/rsautl.c
@ -173,7 +173,9 @@ int rsautl_main(int argc, char **argv)
    if (argc != 0)
        goto opthelp;

-    app_RAND_load();
+    if (!app_RAND_load())
+        goto end;
+
    if (need_priv && (key_type != KEY_PRIVKEY)) {
        BIO_printf(bio_err, "A private key is needed for this operation\n");
        goto end;
--- a/apps/s_client.c
+++ b/apps/s_client.c
@ -1475,7 +1475,8 @@ int s_client_main(int argc, char **argv)
    } else if (argc != 0) {
        goto opthelp;
    }
-    app_RAND_load();
+    if (!app_RAND_load())
+        goto end;

    if (count4or6 >= 2) {
        BIO_printf(bio_err, "%s: Can't use both -4 and -6\n", prog);
--- a/apps/s_server.c
+++ b/apps/s_server.c
@ -1610,7 +1610,9 @@ int s_server_main(int argc, char *argv[])
    if (argc != 0)
        goto opthelp;

-    app_RAND_load();
+    if (!app_RAND_load())
+        goto end;
+
 #ifndef OPENSSL_NO_NEXTPROTONEG
    if (min_version == TLS1_3_VERSION && next_proto_neg_in != NULL) {
        BIO_printf(bio_err, "Cannot supply -nextprotoneg with TLSv1.3\n");
--- a/apps/smime.c
+++ b/apps/smime.c
@ -359,7 +359,9 @@ int smime_main(int argc, char **argv)
    argc = opt_num_rest();
    argv = opt_rest();

-    app_RAND_load();
+    if (!app_RAND_load())
+        goto end;
+
    if (digestname != NULL) {
        if (!opt_md(digestname, &sign_md))
            goto opthelp;
--- a/apps/speed.c
+++ b/apps/speed.c
@ -1648,7 +1648,9 @@ int speed_main(int argc, char **argv)
    argc = opt_num_rest();
    argv = opt_rest();

-    app_RAND_load();
+    if (!app_RAND_load())
+        goto end;
+
    for (; *argv; argv++) {
        const char *algo = *argv;

--- a/apps/srp.c
+++ b/apps/srp.c
@ -309,7 +309,9 @@ int srp_main(int argc, char **argv)
    argc = opt_num_rest();
    argv = opt_rest();

-    app_RAND_load();
+    if (!app_RAND_load())
+        goto end;
+
    if (srpvfile != NULL && configfile != NULL) {
        BIO_printf(bio_err,
                   "-srpvfile and -configfile cannot be specified together.\n");
--- a/apps/ts.c
+++ b/apps/ts.c
@ -292,7 +292,9 @@ int ts_main(int argc, char **argv)
    if (argc != 0 || mode == OPT_ERR)
        goto opthelp;

-    app_RAND_load();
+    if (!app_RAND_load())
+        goto end;
+
    if (digestname != NULL) {
        if (!opt_md(digestname, &md))
            goto opthelp;
--- a/apps/x509.c
+++ b/apps/x509.c
@ -578,7 +578,9 @@ int x509_main(int argc, char **argv)
    if (argc != 0)
        goto opthelp;

-    app_RAND_load();
+    if (!app_RAND_load())
+        goto end;
+
    if (digestname != NULL) {
        if (!opt_md(digestname, &digest))
            goto opthelp;