Hi,
It appears that the RANDFILE environment variable not honored when RANDFILE
is set in config file. Normally, I'd expect the environment variable to
override the config file. Are my expectations wrong in this case? Or is
this a feature?
I haven't yet attempted to back to earlier versions of openssl to see if
this behavior changed, or if some previous assumptions made in code that
I'm looking at now just failed to realize that this didn't work for them
as they expected.
Details:
OS: CentOS release 6.5
$ /opt/zimbra/openssl/bin/openssl version
OpenSSL 1.0.1h 5 Jun 2014
$ ls -l /opt/zimbra/openssl/bin/openssl
-rwxr-xr-x 1 root root 1960738 Jun 24 17:22 /opt/zimbra/openssl/bin/openssl
# Note: this file exists and is owned by a different user, that is why
# I'm attempting to override via the RANDFILE environment variable.
$ egrep '^\[|RAND' zmssl.cnf
RANDFILE = /opt/zimbra/ssl/.rnd
[ new_oids ]
[ ca ]
[ CA_default ]
RANDFILE = $dir/private/.rand # private random number file
[ policy_match ]
[ policy_anything ]
[ req ]
[ req_distinguished_name ]
[ req_attributes ]
[ usr_cert ]
[ v3_ca ]
[ crl_ext ]
[ v3_req ]
# Note: ltrace never sees a call for getenv("RANDFILE")
$ RANDFILE=$HOME/t/ssl.rnd ltrace -o ltrace.out /opt/zimbra/openssl/bin/openssl
'req' '-batch' '-subj' '/C=US/ST=N\/A/L=N\/A/O=ZCS/OU=ZCS/CN=svr.dom.loc'
'-sha256' '-days' '1825' '-config' 'zmssl.cnf' '-new' '-newkey' 'rsa:2048'
'-nodes' '-out' 'ca.pem' '-extensions' 'v3_ca' '-x509' '-keyout' 'ca.key'
Generating a 2048 bit RSA private key
...................................................................................................+++
.....................................+++
unable to write 'random state'
writing new private key to 'ca.key'
-----
$ grep getenv ltrace.out
getenv("OPENSSL_DEBUG_MEMORY") = NULL
getenv("OPENSSL_FIPS") = NULL
getenv("OPENSSL_CONF") = NULL
getenv("SSLEAY_CONF") = NULL
# Note: strace shows the RANDFILE from the config file is used
$ RANDFILE=$HOME/t/ssl.rnd strace -o strace.out /opt/zimbra/openssl/bin/openssl
'req' '-batch' '-subj' '/C=US/ST=N\/A/L=N\/A/O=ZCS/OU=ZCS/CN=svr.dom.loc'
'-sha256' '-days' '1825' '-config' 'zmssl.cnf' '-new' '-newkey' 'rsa:2048'
'-nodes' '-out' 'ca.pem' '-extensions' 'v3_ca' '-x509' '-keyout' 'ca.key'
Generating a 2048 bit RSA private key
...........................+++
................................................+++
unable to write 'random state'
writing new private key to 'ca.key'
-----
$ grep '\.rnd' strace.out
connect(3, {sa_family=AF_FILE, path="/opt/zimbra/ssl/.rnd"}, 22) = -1 EACCES
(Permission denied)
stat("/opt/zimbra/ssl/.rnd", {st_mode=S_IFREG|0740, st_size=1024, ...}) = 0
open("/opt/zimbra/ssl/.rnd", O_RDONLY) = -1 EACCES (Permission denied)
stat("/opt/zimbra/ssl/.rnd", {st_mode=S_IFREG|0740, st_size=1024, ...}) = 0
open("/opt/zimbra/ssl/.rnd", O_WRONLY|O_CREAT|O_TRUNC, 0666) = -1 EACCES
(Permission denied)
# A workaround:
# - use a copy of the config file, but remove the RANDFILE directive
If I comment out this line:
RANDFILE = /opt/zimbra/ssl/.rnd
from zmssl.cnf then the RANDFILE environment variable then rerun the
tests from above things work as expected.
With just a quick look at the code it appears:
- req.c does:
{
char *randfile =
NCONF_get_string(req_conf,SECTION,"RANDFILE");
if (randfile == NULL)
ERR_clear_error();
app_RAND_load_file(randfile, bio_err, 0);
- then app_rand.c has this check:
if (file == NULL)
file = RAND_file_name(buffer, sizeof buffer);
So, RAND_file_name from randfile.c never gets the opportunity to try this:
if (OPENSSL_issetugid() == 0)
s=getenv("RANDFILE");
Sincerely,
Phil
--
Security Architect
Zimbra, Inc.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
