[rt-commit] r225 - in /redwax-tool/trunk: ChangeLog configure.ac redwax-tool.c redwax_openssl.c
rt-commit at redwax.eu
rt-commit at redwax.eu
Sat Feb 21 22:23:10 CET 2026
Author: minfrin at redwax.eu
Date: Sat Feb 21 22:23:08 2026
New Revision: 225
Log:
Implement the generation of the secret file when
the secret file does not exist.
Modified:
redwax-tool/trunk/ChangeLog
redwax-tool/trunk/configure.ac
redwax-tool/trunk/redwax-tool.c
redwax-tool/trunk/redwax_openssl.c
Modified: redwax-tool/trunk/ChangeLog
==============================================================================
--- redwax-tool/trunk/ChangeLog (original)
+++ redwax-tool/trunk/ChangeLog Sat Feb 21 22:23:08 2026
@@ -1,3 +1,8 @@
+
+Changes with v1.0.1
+
+ *) Implement the generation of the secret file when
+ the secret file does not exist. [Graham Leggett]
Changes with v1.0.0
Modified: redwax-tool/trunk/configure.ac
==============================================================================
--- redwax-tool/trunk/configure.ac (original)
+++ redwax-tool/trunk/configure.ac Sat Feb 21 22:23:08 2026
@@ -2,7 +2,7 @@
# Process this file with autoconf to produce a configure script.
AC_PREREQ(2.61)
-AC_INIT(redwax-tool, 1.0.0, minfrin at sharp.fm)
+AC_INIT(redwax-tool, 1.0.1, minfrin at sharp.fm)
AC_CONFIG_AUX_DIR(build-aux)
AC_CONFIG_MACRO_DIRS([m4])
AM_INIT_AUTOMAKE([dist-bzip2])
Modified: redwax-tool/trunk/redwax-tool.c
==============================================================================
--- redwax-tool/trunk/redwax-tool.c (original)
+++ redwax-tool/trunk/redwax-tool.c Sat Feb 21 22:23:08 2026
@@ -374,7 +374,9 @@
"\t\t\t\twith the same name as the target file, and\n"
"\t\t\t\tthe suffix specified. With value 'secret',\n"
"\t\t\t\ta file 'key.pem' will have the secret loaded\n"
- "\t\t\t\tfrom 'key.secret' in the same directory." },
+ "\t\t\t\tfrom 'key.secret' in the same directory.\n"
+ "\t\t\t\tIf the secret file does not exist, one will\n"
+ "\t\t\t\tbe created with the maximum secret length." },
{ "secret-token-in", REDWAX_TOOL_SECRET_TOKEN_IN, 1,
" --secret-token-in=file\tIf specified, secrets needed to read\n"
"\t\t\t\tcertificates and keys from tokens will be read\n"
Modified: redwax-tool/trunk/redwax_openssl.c
==============================================================================
--- redwax-tool/trunk/redwax_openssl.c (original)
+++ redwax-tool/trunk/redwax_openssl.c Sat Feb 21 22:23:08 2026
@@ -24,6 +24,7 @@
#include <apr_lib.h>
#include <apr_portable.h>
#include <apr_strings.h>
+#include <apr_base64.h>
#include "config.h"
#include "redwax-tool.h"
@@ -3289,7 +3290,66 @@
return buf;
}
- else if (APR_ENOENT == status) {
+ else if (verify && APR_ENOENT == status) {
+
+ unsigned char *rbuf = apr_palloc(pool, max);
+ char *buf = apr_palloc(pool, apr_base64_encode_len(max));
+
+ char *template = apr_pstrcat(pool, secret, ".XXXXXX", NULL);
+
+ /* 25% more bytes than we need */
+ status = apr_generate_random_bytes(rbuf, max);
+
+ if (APR_SUCCESS != status) {
+ redwax_print_error(r,
+ "Could not generate random bytes: %pm\n", &status);
+ return NULL;
+ }
+
+ /* base64 for safety */
+ apr_base64_encode_binary(buf, rbuf, max);
+
+ /* chop down to size */
+ buf[max] = 0;
+
+ status = apr_file_mktemp(&sfile, template,
+ APR_FOPEN_READ | APR_FOPEN_WRITE | APR_FOPEN_CREATE,
+ pool);
+
+ if (APR_SUCCESS != status) {
+ redwax_print_error(r,
+ "Could not create/open '%s': %pm\n", secret, &status);
+ return NULL;
+ }
+
+ status = apr_file_puts(buf, sfile);
+
+ if (APR_SUCCESS != status) {
+ apr_file_remove(template, pool);
+ redwax_print_error(r,
+ "Could not write to '%s': %pm\n", secret, &status);
+ return NULL;
+ }
+
+ status = apr_file_close(sfile);
+
+ if (APR_SUCCESS != status) {
+ apr_file_remove(template, pool);
+ redwax_print_error(r,
+ "Could not close '%s': %pm\n", secret, &status);
+ return NULL;
+ }
+
+ status = apr_file_rename(template, secret, pool);
+
+ if (APR_SUCCESS != status) {
+ apr_file_remove(template, pool);
+ redwax_print_error(r,
+ "Could not rename '%s': %pm\n", secret, &status);
+ return NULL;
+ }
+
+ return buf;
}
else {
More information about the rt-commit
mailing list