aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHauke Mehrtens <hauke@hauke-m.de>2023-11-07 00:33:38 +0100
committerHauke Mehrtens <hauke@hauke-m.de>2023-11-08 19:04:11 +0100
commit5106f554bb9324be88c9bfb8bc2105ce098f359c (patch)
tree422d7a0aae3f62bc20879fea8b6508d2e19b5927
parent6fd16b0d2717a750368cc02fab3a10287c7e08f4 (diff)
downloadupstream-5106f554bb9324be88c9bfb8bc2105ce098f359c.tar.gz
upstream-5106f554bb9324be88c9bfb8bc2105ce098f359c.tar.bz2
upstream-5106f554bb9324be88c9bfb8bc2105ce098f359c.zip
px5g-wolfssl: Fix permission of private key
Store the private key with read and write permission for the user only and not with read permissions for everyone. This converts the write_file() function from fopen() to open() because open allows to specify the permission mask of the newly created file. It also adds and fixes some existing error handling. OpenSSL does this in the same way already. With this change it looks like this: root@OpenWrt:/# ls -al /etc/uhttpd.* -rw-r--r-- 1 root root 749 Nov 6 23:14 /etc/uhttpd.crt -rw------- 1 root root 121 Nov 6 23:14 /etc/uhttpd.key Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 6aad5ab0992fefd88ce612bc0484e0115a004572)
-rw-r--r--package/utils/px5g-wolfssl/Makefile2
-rw-r--r--package/utils/px5g-wolfssl/px5g-wolfssl.c45
2 files changed, 30 insertions, 17 deletions
diff --git a/package/utils/px5g-wolfssl/Makefile b/package/utils/px5g-wolfssl/Makefile
index 843f03fcc1..ba208f6ca5 100644
--- a/package/utils/px5g-wolfssl/Makefile
+++ b/package/utils/px5g-wolfssl/Makefile
@@ -5,7 +5,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=px5g-wolfssl
-PKG_RELEASE:=8.2
+PKG_RELEASE:=9
PKG_LICENSE:=GPL-2.0-or-later
PKG_BUILD_FLAGS:=no-mips16
diff --git a/package/utils/px5g-wolfssl/px5g-wolfssl.c b/package/utils/px5g-wolfssl/px5g-wolfssl.c
index cd04a41dfb..755d370ba2 100644
--- a/package/utils/px5g-wolfssl/px5g-wolfssl.c
+++ b/package/utils/px5g-wolfssl/px5g-wolfssl.c
@@ -7,6 +7,8 @@
#include <stdint.h>
#include <stdio.h>
#include <string.h>
+#include <fcntl.h>
+#include <unistd.h>
#include <wolfssl/options.h>
#include <wolfssl/wolfcrypt/asn.h>
#include <wolfssl/wolfcrypt/asn_public.h>
@@ -24,27 +26,38 @@ enum {
RSA_KEY_TYPE = 1,
};
-int write_file(byte *buf, int bufSz, char *path) {
- int ret;
- FILE *file;
+int write_file(byte *buf, int bufSz, char *path, bool cert) {
+ mode_t mode = S_IRUSR | S_IWUSR;
+ ssize_t written;
+ int err;
+ int fd;
+
+ if (cert)
+ mode |= S_IRGRP | S_IROTH;
+
if (path) {
- file = fopen(path, "wb");
- if (file == NULL) {
+ fd = open(path, O_WRONLY | O_CREAT | O_TRUNC, mode);
+ if (fd < 0) {
perror("Error opening file");
exit(1);
}
} else {
- file = stdout;
+ fd = STDERR_FILENO;
}
- ret = (int)fwrite(buf, 1, bufSz, file);
- if (path) {
- fclose(file);
+ written = write(fd, buf, bufSz);
+ if (written != bufSz) {
+ perror("Error write file");
+ exit(1);
}
- if (ret > 0) {
- /* ret > 0 indicates a successful file write, set to zero for return */
- ret = 0;
+ err = fsync(fd);
+ if (err < 0) {
+ perror("Error fsync file");
+ exit(1);
}
- return ret;
+ if (path) {
+ close(fd);
+ }
+ return 0;
}
int write_key(ecc_key *ecKey, RsaKey *rsaKey, int type, int keySz, char *fName,
@@ -73,9 +86,9 @@ int write_key(ecc_key *ecKey, RsaKey *rsaKey, int type, int keySz, char *fName,
fprintf(stderr, "DER to PEM failed: %d\n", ret);
}
pemSz = ret;
- ret = write_file(pem, pemSz, fName);
+ ret = write_file(pem, pemSz, fName, false);
} else {
- ret = write_file(der, derSz, fName);
+ ret = write_file(der, derSz, fName, false);
}
return ret;
}
@@ -281,7 +294,7 @@ int selfsigned(WC_RNG *rng, char **arg) {
}
pemSz = ret;
- ret = write_file(pemBuf, pemSz, certpath);
+ ret = write_file(pemBuf, pemSz, certpath, true);
if (ret != 0) {
fprintf(stderr, "Write Cert failed: %d\n", ret);
return ret;