mirror of https://github.com/skeeto/enchive.git
Write keys more securely.
parent
2798bb056c
commit
6c9cb4e14a
24
enchive.c
24
enchive.c
|
@ -1,3 +1,4 @@
|
|||
#define _POSIX_SOURCE
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
@ -47,6 +48,27 @@ fatal(const char *fmt, ...)
|
|||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
#if defined(__unix__) || defined(__APPLE__)
|
||||
#include <fcntl.h>
|
||||
|
||||
static FILE *
|
||||
secure_creat(char *file)
|
||||
{
|
||||
int fd = open(file, O_CREAT | O_WRONLY, 00600);
|
||||
if (fd == -1)
|
||||
return 0;
|
||||
return fdopen(fd, "wb");
|
||||
}
|
||||
#else
|
||||
|
||||
/* fallback to standard open */
|
||||
static FILE *
|
||||
secure_creat(char *file)
|
||||
{
|
||||
return fopen(file, "wb");
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Global options. */
|
||||
static char *global_random_device = "/dev/urandom";
|
||||
static char *global_pubkey = 0;
|
||||
|
@ -227,7 +249,7 @@ write_key(char *file, const u8 *key, int clobber)
|
|||
|
||||
if (!clobber && fopen(file, "r"))
|
||||
fatal("operation would clobber %s", file);
|
||||
f = fopen(file, "wb");
|
||||
f = secure_creat(file);
|
||||
if (!f)
|
||||
fatal("failed to open key file for writing -- %s", file);
|
||||
cleanup_register(f, file);
|
||||
|
|
Loading…
Reference in New Issue