#include <unistd.h>
#include <fcntl.h>
#include <stdbool.h>
+#include <errno.h>
#include <mbedtls/bignum.h>
#include <mbedtls/entropy.h>
return 0;
}
-static void write_file(const char *path, int len, bool pem)
+static void write_file(const char *path, size_t len, bool pem, bool cert)
{
- FILE *f = stdout;
+ mode_t mode = S_IRUSR | S_IWUSR;
const char *buf_start = buf;
+ int fd = STDERR_FILENO;
+ ssize_t written;
+ int err;
if (!pem)
buf_start += sizeof(buf) - len;
fprintf(stderr, "No data to write\n");
exit(1);
}
+
+ if (cert)
+ mode |= S_IRGRP | S_IROTH;
- if (!f) {
+ if (path)
+ fd = open(path, O_WRONLY | O_CREAT | O_TRUNC, mode);
+
+ if (fd < 0) {
fprintf(stderr, "error: I/O error\n");
exit(1);
}
+ written = write(fd, buf_start, len);
+ if (written != len) {
+ fprintf(stderr, "writing key failed with: %s\n", strerror(errno));
+ exit(1);
+ }
+ err = fsync(fd);
+ if (err < 0) {
+ fprintf(stderr, "syncing key failed with: %s\n", strerror(errno));
+ exit(1);
+ }
if (path)
- f = fopen(path, "w");
-
- fwrite(buf_start, 1, len, f);
- fclose(f);
+ close(fd);
}
static mbedtls_ecp_group_id ecp_curve(const char *name)
len = 0;
}
- write_file(path, len, pem);
+ write_file(path, len, pem, false);
}
static void gen_key(mbedtls_pk_context *key, bool rsa, int ksize, int exp,
return 1;
}
}
- write_file(certpath, len, pem);
+ write_file(certpath, len, pem, true);
mbedtls_x509write_crt_free(&cert);
mbedtls_mpi_free(&serial);