From 8970b233fae618e27f7461d4744521a89dca5750 Mon Sep 17 00:00:00 2001 From: "Mark A. Grondona" Date: Mon, 29 Sep 2014 16:43:28 -0700 Subject: [PATCH] security: don't generate zero keys when CURVE support is missing If CURVE support is missing at runtime, zcert_new() will unfortunately generate zeroed keys instead of failing. These zeroed keys will later cause assertions in the zeromq code. Instead replace zcert_new() with zmq_curve_keypair()/zcert_new_from(). zmq_curve_keypair() should fail with errno == ENOTSUP if CURVE support is missing from libzmq, so we can generate a reasonable error instead of silently failing. Fixes #7 --- src/common/libflux/security.c | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/src/common/libflux/security.c b/src/common/libflux/security.c index e80569b458a6..471ee1f75e85 100644 --- a/src/common/libflux/security.c +++ b/src/common/libflux/security.c @@ -523,6 +523,28 @@ static char * ctime_iso8601_now (char *buf, size_t sz) return (buf); } +static zcert_t *zcert_curve_new (flux_sec_t c) +{ + zcert_t *new; + char sec[41]; + char pub[41]; + + if (zmq_curve_keypair (pub, sec) < 0) { + if (errno == ENOTSUP) + seterrstr (c, + "No CURVE support in libzmq (not compiled with libsodium?)"); + else + seterrstr (c, + "Unknown error generating CURVE keypair"); + return NULL; + } + + if (!(new = zcert_new_from ((byte *)pub, (byte *)sec))) + oom (); + + return new; +} + static int gencurve (flux_sec_t c, const char *role, bool force, bool verbose) { char *path = NULL, *priv = NULL;; @@ -551,8 +573,10 @@ static int gencurve (flux_sec_t c, const char *role, bool force, bool verbose) errno = EEXIST; goto done; } - if (!(cert = zcert_new ())) - oom (); + + if (!(cert = zcert_curve_new (c))) + goto done; /* error message set in zcert_curve_new() */ + zcert_set_meta (cert, "time", "%s", ctime_iso8601_now (buf, sizeof (buf))); zcert_set_meta (cert, "role", (char *)role); if (verbose) {