diff options
| author | tedu <> | 2014-04-18 19:54:57 +0000 | 
|---|---|---|
| committer | tedu <> | 2014-04-18 19:54:57 +0000 | 
| commit | 740cbe58fd15869edfd5302fffd6b33b5206d7fc (patch) | |
| tree | f93757885a74b745b5e71ac9581e2fb92d7e05c9 | |
| parent | 92d1f3ded5071289b10a737cb549323b5c440123 (diff) | |
| download | openbsd-740cbe58fd15869edfd5302fffd6b33b5206d7fc.tar.gz openbsd-740cbe58fd15869edfd5302fffd6b33b5206d7fc.tar.bz2 openbsd-740cbe58fd15869edfd5302fffd6b33b5206d7fc.zip | |
$HOME/.rnd will never be a good source of entropy. ok beck
Diffstat (limited to '')
23 files changed, 2 insertions, 392 deletions
| diff --git a/src/lib/libssl/src/apps/app_rand.c b/src/lib/libssl/src/apps/app_rand.c deleted file mode 100644 index d6cdd6e01b..0000000000 --- a/src/lib/libssl/src/apps/app_rand.c +++ /dev/null | |||
| @@ -1,204 +0,0 @@ | |||
| 1 | /* apps/app_rand.c */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 111 | |||
| 112 | #define NON_MAIN | ||
| 113 | #include "apps.h" | ||
| 114 | #undef NON_MAIN | ||
| 115 | #include <openssl/bio.h> | ||
| 116 | #include <openssl/rand.h> | ||
| 117 | |||
| 118 | |||
| 119 | static int seeded = 0; | ||
| 120 | |||
| 121 | int | ||
| 122 | app_RAND_load_file(const char *file, BIO * bio_e, int dont_warn) | ||
| 123 | { | ||
| 124 | int consider_randfile = (file == NULL); | ||
| 125 | char buffer[200]; | ||
| 126 | |||
| 127 | |||
| 128 | if (file == NULL) | ||
| 129 | file = RAND_file_name(buffer, sizeof buffer); | ||
| 130 | if (file == NULL || !RAND_load_file(file, -1)) { | ||
| 131 | if (RAND_status() == 0) { | ||
| 132 | if (!dont_warn) { | ||
| 133 | BIO_printf(bio_e, "unable to load 'random state'\n"); | ||
| 134 | BIO_printf(bio_e, "This means that the random number generator has not been seeded\n"); | ||
| 135 | BIO_printf(bio_e, "with much random data.\n"); | ||
| 136 | if (consider_randfile) { /* explanation does not | ||
| 137 | * apply when a file is | ||
| 138 | * explicitly named */ | ||
| 139 | BIO_printf(bio_e, "Consider setting the RANDFILE environment variable to point at a file that\n"); | ||
| 140 | BIO_printf(bio_e, "'random' data can be kept in (the file will be overwritten).\n"); | ||
| 141 | } | ||
| 142 | } | ||
| 143 | return 0; | ||
| 144 | } | ||
| 145 | } | ||
| 146 | seeded = 1; | ||
| 147 | return 1; | ||
| 148 | } | ||
| 149 | |||
| 150 | long | ||
| 151 | app_RAND_load_files(char *name) | ||
| 152 | { | ||
| 153 | char *p, *n; | ||
| 154 | int last; | ||
| 155 | long tot = 0; | ||
| 156 | |||
| 157 | for (;;) { | ||
| 158 | last = 0; | ||
| 159 | for (p = name; | ||
| 160 | ((*p != '\0') && (*p != ':')); p++); | ||
| 161 | if (*p == '\0') | ||
| 162 | last = 1; | ||
| 163 | *p = '\0'; | ||
| 164 | n = name; | ||
| 165 | name = p + 1; | ||
| 166 | if (*n == '\0') | ||
| 167 | break; | ||
| 168 | |||
| 169 | tot += RAND_load_file(n, -1); | ||
| 170 | if (last) | ||
| 171 | break; | ||
| 172 | } | ||
| 173 | if (tot > 512) | ||
| 174 | app_RAND_allow_write_file(); | ||
| 175 | return (tot); | ||
| 176 | } | ||
| 177 | |||
| 178 | int | ||
| 179 | app_RAND_write_file(const char *file, BIO * bio_e) | ||
| 180 | { | ||
| 181 | char buffer[200]; | ||
| 182 | |||
| 183 | if (!seeded) | ||
| 184 | /* | ||
| 185 | * If we did not manage to read the seed file, we should not | ||
| 186 | * write a low-entropy seed file back -- it would suppress a | ||
| 187 | * crucial warning the next time we want to use it. | ||
| 188 | */ | ||
| 189 | return 0; | ||
| 190 | |||
| 191 | if (file == NULL) | ||
| 192 | file = RAND_file_name(buffer, sizeof buffer); | ||
| 193 | if (file == NULL || !RAND_write_file(file)) { | ||
| 194 | BIO_printf(bio_e, "unable to write 'random state'\n"); | ||
| 195 | return 0; | ||
| 196 | } | ||
| 197 | return 1; | ||
| 198 | } | ||
| 199 | |||
| 200 | void | ||
| 201 | app_RAND_allow_write_file(void) | ||
| 202 | { | ||
| 203 | seeded = 1; | ||
| 204 | } | ||
| diff --git a/src/lib/libssl/src/apps/apps.h b/src/lib/libssl/src/apps/apps.h index 077d766a49..55015024e9 100644 --- a/src/lib/libssl/src/apps/apps.h +++ b/src/lib/libssl/src/apps/apps.h | |||
| @@ -126,14 +126,6 @@ | |||
| 126 | #endif | 126 | #endif | 
| 127 | #include <openssl/ossl_typ.h> | 127 | #include <openssl/ossl_typ.h> | 
| 128 | 128 | ||
| 129 | int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn); | ||
| 130 | int app_RAND_write_file(const char *file, BIO *bio_e); | ||
| 131 | /* When `file' is NULL, use defaults. | ||
| 132 | * `bio_e' is for error messages. */ | ||
| 133 | void app_RAND_allow_write_file(void); | ||
| 134 | long app_RAND_load_files(char *file); /* `file' is a list of files to read, | ||
| 135 | * separated by ':'. The string is destroyed! */ | ||
| 136 | |||
| 137 | extern CONF *config; | 129 | extern CONF *config; | 
| 138 | extern char *default_config_file; | 130 | extern char *default_config_file; | 
| 139 | extern BIO *bio_err; | 131 | extern BIO *bio_err; | 
| diff --git a/src/lib/libssl/src/apps/ca.c b/src/lib/libssl/src/apps/ca.c index 1d75018732..c582549b15 100644 --- a/src/lib/libssl/src/apps/ca.c +++ b/src/lib/libssl/src/apps/ca.c | |||
| @@ -311,7 +311,6 @@ ca_main(int argc, char **argv) | |||
| 311 | #undef BSIZE | 311 | #undef BSIZE | 
| 312 | #define BSIZE 256 | 312 | #define BSIZE 256 | 
| 313 | char buf[3][BSIZE]; | 313 | char buf[3][BSIZE]; | 
| 314 | char *randfile = NULL; | ||
| 315 | #ifndef OPENSSL_NO_ENGINE | 314 | #ifndef OPENSSL_NO_ENGINE | 
| 316 | char *engine = NULL; | 315 | char *engine = NULL; | 
| 317 | #endif | 316 | #endif | 
| @@ -598,11 +597,6 @@ ca_main(int argc, char **argv) | |||
| 598 | goto err; | 597 | goto err; | 
| 599 | } | 598 | } | 
| 600 | } | 599 | } | 
| 601 | randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE"); | ||
| 602 | if (randfile == NULL) | ||
| 603 | ERR_clear_error(); | ||
| 604 | app_RAND_load_file(randfile, bio_err, 0); | ||
| 605 | |||
| 606 | f = NCONF_get_string(conf, section, STRING_MASK); | 600 | f = NCONF_get_string(conf, section, STRING_MASK); | 
| 607 | if (!f) | 601 | if (!f) | 
| 608 | ERR_clear_error(); | 602 | ERR_clear_error(); | 
| @@ -1363,7 +1357,6 @@ err: | |||
| 1363 | 1357 | ||
| 1364 | if (ret) | 1358 | if (ret) | 
| 1365 | ERR_print_errors(bio_err); | 1359 | ERR_print_errors(bio_err); | 
| 1366 | app_RAND_write_file(randfile, bio_err); | ||
| 1367 | if (free_key && key) | 1360 | if (free_key && key) | 
| 1368 | free(key); | 1361 | free(key); | 
| 1369 | BN_free(serial); | 1362 | BN_free(serial); | 
| diff --git a/src/lib/libssl/src/apps/cms.c b/src/lib/libssl/src/apps/cms.c index d9694a4192..0ece401ce3 100644 --- a/src/lib/libssl/src/apps/cms.c +++ b/src/lib/libssl/src/apps/cms.c | |||
| @@ -128,7 +128,6 @@ cms_main(int argc, char **argv) | |||
| 128 | char *CAfile = NULL, *CApath = NULL; | 128 | char *CAfile = NULL, *CApath = NULL; | 
| 129 | char *passargin = NULL, *passin = NULL; | 129 | char *passargin = NULL, *passin = NULL; | 
| 130 | char *inrand = NULL; | 130 | char *inrand = NULL; | 
| 131 | int need_rand = 0; | ||
| 132 | const EVP_MD *sign_md = NULL; | 131 | const EVP_MD *sign_md = NULL; | 
| 133 | int informat = FORMAT_SMIME, outformat = FORMAT_SMIME; | 132 | int informat = FORMAT_SMIME, outformat = FORMAT_SMIME; | 
| 134 | int rctformat = FORMAT_SMIME, keyform = FORMAT_PEM; | 133 | int rctformat = FORMAT_SMIME, keyform = FORMAT_PEM; | 
| @@ -331,7 +330,6 @@ cms_main(int argc, char **argv) | |||
| 331 | goto argerr; | 330 | goto argerr; | 
| 332 | args++; | 331 | args++; | 
| 333 | inrand = *args; | 332 | inrand = *args; | 
| 334 | need_rand = 1; | ||
| 335 | } | 333 | } | 
| 336 | #ifndef OPENSSL_NO_ENGINE | 334 | #ifndef OPENSSL_NO_ENGINE | 
| 337 | else if (!strcmp(*args, "-engine")) { | 335 | else if (!strcmp(*args, "-engine")) { | 
| @@ -489,7 +487,6 @@ cms_main(int argc, char **argv) | |||
| 489 | } | 487 | } | 
| 490 | signerfile = NULL; | 488 | signerfile = NULL; | 
| 491 | keyfile = NULL; | 489 | keyfile = NULL; | 
| 492 | need_rand = 1; | ||
| 493 | } else if (operation == SMIME_DECRYPT) { | 490 | } else if (operation == SMIME_DECRYPT) { | 
| 494 | if (!recipfile && !keyfile && !secret_key && !pwri_pass) { | 491 | if (!recipfile && !keyfile && !secret_key && !pwri_pass) { | 
| 495 | BIO_printf(bio_err, "No recipient certificate or key specified\n"); | 492 | BIO_printf(bio_err, "No recipient certificate or key specified\n"); | 
| @@ -500,7 +497,6 @@ cms_main(int argc, char **argv) | |||
| 500 | BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n"); | 497 | BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n"); | 
| 501 | badarg = 1; | 498 | badarg = 1; | 
| 502 | } | 499 | } | 
| 503 | need_rand = 1; | ||
| 504 | } else if (!operation) | 500 | } else if (!operation) | 
| 505 | badarg = 1; | 501 | badarg = 1; | 
| 506 | 502 | ||
| @@ -578,12 +574,6 @@ argerr: | |||
| 578 | BIO_printf(bio_err, "Error getting password\n"); | 574 | BIO_printf(bio_err, "Error getting password\n"); | 
| 579 | goto end; | 575 | goto end; | 
| 580 | } | 576 | } | 
| 581 | if (need_rand) { | ||
| 582 | app_RAND_load_file(NULL, bio_err, (inrand != NULL)); | ||
| 583 | if (inrand != NULL) | ||
| 584 | BIO_printf(bio_err, "%ld semi-random bytes loaded\n", | ||
| 585 | app_RAND_load_files(inrand)); | ||
| 586 | } | ||
| 587 | ret = 2; | 577 | ret = 2; | 
| 588 | 578 | ||
| 589 | if (!(operation & SMIME_SIGNERS)) | 579 | if (!(operation & SMIME_SIGNERS)) | 
| @@ -979,8 +969,6 @@ argerr: | |||
| 979 | end: | 969 | end: | 
| 980 | if (ret) | 970 | if (ret) | 
| 981 | ERR_print_errors(bio_err); | 971 | ERR_print_errors(bio_err); | 
| 982 | if (need_rand) | ||
| 983 | app_RAND_write_file(NULL, bio_err); | ||
| 984 | sk_X509_pop_free(encerts, X509_free); | 972 | sk_X509_pop_free(encerts, X509_free); | 
| 985 | sk_X509_pop_free(other, X509_free); | 973 | sk_X509_pop_free(other, X509_free); | 
| 986 | if (vpm) | 974 | if (vpm) | 
| diff --git a/src/lib/libssl/src/apps/dgst.c b/src/lib/libssl/src/apps/dgst.c index 09105399ff..e4741855dc 100644 --- a/src/lib/libssl/src/apps/dgst.c +++ b/src/lib/libssl/src/apps/dgst.c | |||
| @@ -292,8 +292,6 @@ dgst_main(int argc, char **argv) | |||
| 292 | else | 292 | else | 
| 293 | out_bin = 0; | 293 | out_bin = 0; | 
| 294 | } | 294 | } | 
| 295 | if (randfile) | ||
| 296 | app_RAND_load_file(randfile, bio_err, 0); | ||
| 297 | 295 | ||
| 298 | if (outfile) { | 296 | if (outfile) { | 
| 299 | if (out_bin) | 297 | if (out_bin) | 
| diff --git a/src/lib/libssl/src/apps/dhparam.c b/src/lib/libssl/src/apps/dhparam.c index 7679a891fd..8ca71f5e5d 100644 --- a/src/lib/libssl/src/apps/dhparam.c +++ b/src/lib/libssl/src/apps/dhparam.c | |||
| @@ -283,13 +283,6 @@ bad: | |||
| 283 | 283 | ||
| 284 | BN_GENCB cb; | 284 | BN_GENCB cb; | 
| 285 | BN_GENCB_set(&cb, dh_cb, bio_err); | 285 | BN_GENCB_set(&cb, dh_cb, bio_err); | 
| 286 | if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) { | ||
| 287 | BIO_printf(bio_err, "warning, not much extra random data, consider using the -rand option\n"); | ||
| 288 | } | ||
| 289 | if (inrand != NULL) | ||
| 290 | BIO_printf(bio_err, "%ld semi-random bytes loaded\n", | ||
| 291 | app_RAND_load_files(inrand)); | ||
| 292 | |||
| 293 | #ifndef OPENSSL_NO_DSA | 286 | #ifndef OPENSSL_NO_DSA | 
| 294 | if (dsaparam) { | 287 | if (dsaparam) { | 
| 295 | DSA *dsa = DSA_new(); | 288 | DSA *dsa = DSA_new(); | 
| @@ -319,8 +312,6 @@ bad: | |||
| 319 | goto end; | 312 | goto end; | 
| 320 | } | 313 | } | 
| 321 | } | 314 | } | 
| 322 | |||
| 323 | app_RAND_write_file(NULL, bio_err); | ||
| 324 | } else { | 315 | } else { | 
| 325 | 316 | ||
| 326 | in = BIO_new(BIO_s_file()); | 317 | in = BIO_new(BIO_s_file()); | 
| diff --git a/src/lib/libssl/src/apps/dsaparam.c b/src/lib/libssl/src/apps/dsaparam.c index 4b4f98fec6..af34b24f8b 100644 --- a/src/lib/libssl/src/apps/dsaparam.c +++ b/src/lib/libssl/src/apps/dsaparam.c | |||
| @@ -117,7 +117,6 @@ dsaparam_main(int argc, char **argv) | |||
| 117 | int informat, outformat, noout = 0, C = 0, ret = 1; | 117 | int informat, outformat, noout = 0, C = 0, ret = 1; | 
| 118 | char *infile, *outfile, *prog, *inrand = NULL; | 118 | char *infile, *outfile, *prog, *inrand = NULL; | 
| 119 | int numbits = -1, num, genkey = 0; | 119 | int numbits = -1, num, genkey = 0; | 
| 120 | int need_rand = 0; | ||
| 121 | #ifndef OPENSSL_NO_ENGINE | 120 | #ifndef OPENSSL_NO_ENGINE | 
| 122 | char *engine = NULL; | 121 | char *engine = NULL; | 
| 123 | #endif | 122 | #endif | 
| @@ -180,18 +179,15 @@ dsaparam_main(int argc, char **argv) | |||
| 180 | C = 1; | 179 | C = 1; | 
| 181 | else if (strcmp(*argv, "-genkey") == 0) { | 180 | else if (strcmp(*argv, "-genkey") == 0) { | 
| 182 | genkey = 1; | 181 | genkey = 1; | 
| 183 | need_rand = 1; | ||
| 184 | } else if (strcmp(*argv, "-rand") == 0) { | 182 | } else if (strcmp(*argv, "-rand") == 0) { | 
| 185 | if (--argc < 1) | 183 | if (--argc < 1) | 
| 186 | goto bad; | 184 | goto bad; | 
| 187 | inrand = *(++argv); | 185 | inrand = *(++argv); | 
| 188 | need_rand = 1; | ||
| 189 | } else if (strcmp(*argv, "-noout") == 0) | 186 | } else if (strcmp(*argv, "-noout") == 0) | 
| 190 | noout = 1; | 187 | noout = 1; | 
| 191 | else if (sscanf(*argv, "%d", &num) == 1) { | 188 | else if (sscanf(*argv, "%d", &num) == 1) { | 
| 192 | /* generate a key */ | 189 | /* generate a key */ | 
| 193 | numbits = num; | 190 | numbits = num; | 
| 194 | need_rand = 1; | ||
| 195 | } else { | 191 | } else { | 
| 196 | BIO_printf(bio_err, "unknown option %s\n", *argv); | 192 | BIO_printf(bio_err, "unknown option %s\n", *argv); | 
| 197 | badops = 1; | 193 | badops = 1; | 
| @@ -252,16 +248,9 @@ bad: | |||
| 252 | setup_engine(bio_err, engine, 0); | 248 | setup_engine(bio_err, engine, 0); | 
| 253 | #endif | 249 | #endif | 
| 254 | 250 | ||
| 255 | if (need_rand) { | ||
| 256 | app_RAND_load_file(NULL, bio_err, (inrand != NULL)); | ||
| 257 | if (inrand != NULL) | ||
| 258 | BIO_printf(bio_err, "%ld semi-random bytes loaded\n", | ||
| 259 | app_RAND_load_files(inrand)); | ||
| 260 | } | ||
| 261 | if (numbits > 0) { | 251 | if (numbits > 0) { | 
| 262 | BN_GENCB cb; | 252 | BN_GENCB cb; | 
| 263 | BN_GENCB_set(&cb, dsa_cb, bio_err); | 253 | BN_GENCB_set(&cb, dsa_cb, bio_err); | 
| 264 | assert(need_rand); | ||
| 265 | dsa = DSA_new(); | 254 | dsa = DSA_new(); | 
| 266 | if (!dsa) { | 255 | if (!dsa) { | 
| 267 | BIO_printf(bio_err, "Error allocating DSA object\n"); | 256 | BIO_printf(bio_err, "Error allocating DSA object\n"); | 
| @@ -381,7 +370,6 @@ bad: | |||
| 381 | if (genkey) { | 370 | if (genkey) { | 
| 382 | DSA *dsakey; | 371 | DSA *dsakey; | 
| 383 | 372 | ||
| 384 | assert(need_rand); | ||
| 385 | if ((dsakey = DSAparams_dup(dsa)) == NULL) | 373 | if ((dsakey = DSAparams_dup(dsa)) == NULL) | 
| 386 | goto end; | 374 | goto end; | 
| 387 | if (!DSA_generate_key(dsakey)) { | 375 | if (!DSA_generate_key(dsakey)) { | 
| @@ -400,8 +388,6 @@ bad: | |||
| 400 | } | 388 | } | 
| 401 | DSA_free(dsakey); | 389 | DSA_free(dsakey); | 
| 402 | } | 390 | } | 
| 403 | if (need_rand) | ||
| 404 | app_RAND_write_file(NULL, bio_err); | ||
| 405 | ret = 0; | 391 | ret = 0; | 
| 406 | 392 | ||
| 407 | end: | 393 | end: | 
| diff --git a/src/lib/libssl/src/apps/ecparam.c b/src/lib/libssl/src/apps/ecparam.c index fee53257a9..6d97aa5576 100644 --- a/src/lib/libssl/src/apps/ecparam.c +++ b/src/lib/libssl/src/apps/ecparam.c | |||
| @@ -124,7 +124,7 @@ ecparam_main(int argc, char **argv) | |||
| 124 | int new_asn1_flag = 0; | 124 | int new_asn1_flag = 0; | 
| 125 | char *curve_name = NULL, *inrand = NULL; | 125 | char *curve_name = NULL, *inrand = NULL; | 
| 126 | int list_curves = 0, no_seed = 0, check = 0, badops = 0, text = 0, | 126 | int list_curves = 0, no_seed = 0, check = 0, badops = 0, text = 0, | 
| 127 | i, need_rand = 0, genkey = 0; | 127 | i, genkey = 0; | 
| 128 | char *infile = NULL, *outfile = NULL, *prog; | 128 | char *infile = NULL, *outfile = NULL, *prog; | 
| 129 | BIO *in = NULL, *out = NULL; | 129 | BIO *in = NULL, *out = NULL; | 
| 130 | int informat, outformat, noout = 0, C = 0, ret = 1; | 130 | int informat, outformat, noout = 0, C = 0, ret = 1; | 
| @@ -208,12 +208,10 @@ ecparam_main(int argc, char **argv) | |||
| 208 | noout = 1; | 208 | noout = 1; | 
| 209 | else if (strcmp(*argv, "-genkey") == 0) { | 209 | else if (strcmp(*argv, "-genkey") == 0) { | 
| 210 | genkey = 1; | 210 | genkey = 1; | 
| 211 | need_rand = 1; | ||
| 212 | } else if (strcmp(*argv, "-rand") == 0) { | 211 | } else if (strcmp(*argv, "-rand") == 0) { | 
| 213 | if (--argc < 1) | 212 | if (--argc < 1) | 
| 214 | goto bad; | 213 | goto bad; | 
| 215 | inrand = *(++argv); | 214 | inrand = *(++argv); | 
| 216 | need_rand = 1; | ||
| 217 | } else if (strcmp(*argv, "-engine") == 0) { | 215 | } else if (strcmp(*argv, "-engine") == 0) { | 
| 218 | if (--argc < 1) | 216 | if (--argc < 1) | 
| 219 | goto bad; | 217 | goto bad; | 
| @@ -551,20 +549,12 @@ bad: | |||
| 551 | goto end; | 549 | goto end; | 
| 552 | } | 550 | } | 
| 553 | } | 551 | } | 
| 554 | if (need_rand) { | ||
| 555 | app_RAND_load_file(NULL, bio_err, (inrand != NULL)); | ||
| 556 | if (inrand != NULL) | ||
| 557 | BIO_printf(bio_err, "%ld semi-random bytes loaded\n", | ||
| 558 | app_RAND_load_files(inrand)); | ||
| 559 | } | ||
| 560 | if (genkey) { | 552 | if (genkey) { | 
| 561 | EC_KEY *eckey = EC_KEY_new(); | 553 | EC_KEY *eckey = EC_KEY_new(); | 
| 562 | 554 | ||
| 563 | if (eckey == NULL) | 555 | if (eckey == NULL) | 
| 564 | goto end; | 556 | goto end; | 
| 565 | 557 | ||
| 566 | assert(need_rand); | ||
| 567 | |||
| 568 | if (EC_KEY_set_group(eckey, group) == 0) | 558 | if (EC_KEY_set_group(eckey, group) == 0) | 
| 569 | goto end; | 559 | goto end; | 
| 570 | 560 | ||
| @@ -585,10 +575,6 @@ bad: | |||
| 585 | } | 575 | } | 
| 586 | EC_KEY_free(eckey); | 576 | EC_KEY_free(eckey); | 
| 587 | } | 577 | } | 
| 588 | if (need_rand) | ||
| 589 | app_RAND_write_file(NULL, bio_err); | ||
| 590 | |||
| 591 | ret = 0; | ||
| 592 | end: | 578 | end: | 
| 593 | if (ec_p) | 579 | if (ec_p) | 
| 594 | BN_free(ec_p); | 580 | BN_free(ec_p); | 
| diff --git a/src/lib/libssl/src/apps/gendh.c b/src/lib/libssl/src/apps/gendh.c index 925b6e4120..c09e5923a5 100644 --- a/src/lib/libssl/src/apps/gendh.c +++ b/src/lib/libssl/src/apps/gendh.c | |||
| @@ -176,21 +176,12 @@ bad: | |||
| 176 | } | 176 | } | 
| 177 | } | 177 | } | 
| 178 | 178 | ||
| 179 | if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) { | ||
| 180 | BIO_printf(bio_err, "warning, not much extra random data, consider using the -rand option\n"); | ||
| 181 | } | ||
| 182 | if (inrand != NULL) | ||
| 183 | BIO_printf(bio_err, "%ld semi-random bytes loaded\n", | ||
| 184 | app_RAND_load_files(inrand)); | ||
| 185 | |||
| 186 | BIO_printf(bio_err, "Generating DH parameters, %d bit long safe prime, generator %d\n", num, g); | 179 | BIO_printf(bio_err, "Generating DH parameters, %d bit long safe prime, generator %d\n", num, g); | 
| 187 | BIO_printf(bio_err, "This is going to take a long time\n"); | 180 | BIO_printf(bio_err, "This is going to take a long time\n"); | 
| 188 | 181 | ||
| 189 | if (((dh = DH_new()) == NULL) || !DH_generate_parameters_ex(dh, num, g, &cb)) | 182 | if (((dh = DH_new()) == NULL) || !DH_generate_parameters_ex(dh, num, g, &cb)) | 
| 190 | goto end; | 183 | goto end; | 
| 191 | 184 | ||
| 192 | app_RAND_write_file(NULL, bio_err); | ||
| 193 | |||
| 194 | if (!PEM_write_bio_DHparams(out, dh)) | 185 | if (!PEM_write_bio_DHparams(out, dh)) | 
| 195 | goto end; | 186 | goto end; | 
| 196 | ret = 0; | 187 | ret = 0; | 
| diff --git a/src/lib/libssl/src/apps/gendsa.c b/src/lib/libssl/src/apps/gendsa.c index 9bfeb4c16b..bcc11a2e62 100644 --- a/src/lib/libssl/src/apps/gendsa.c +++ b/src/lib/libssl/src/apps/gendsa.c | |||
| @@ -228,20 +228,11 @@ bad: | |||
| 228 | } | 228 | } | 
| 229 | } | 229 | } | 
| 230 | 230 | ||
| 231 | if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) { | ||
| 232 | BIO_printf(bio_err, "warning, not much extra random data, consider using the -rand option\n"); | ||
| 233 | } | ||
| 234 | if (inrand != NULL) | ||
| 235 | BIO_printf(bio_err, "%ld semi-random bytes loaded\n", | ||
| 236 | app_RAND_load_files(inrand)); | ||
| 237 | |||
| 238 | BIO_printf(bio_err, "Generating DSA key, %d bits\n", | 231 | BIO_printf(bio_err, "Generating DSA key, %d bits\n", | 
| 239 | BN_num_bits(dsa->p)); | 232 | BN_num_bits(dsa->p)); | 
| 240 | if (!DSA_generate_key(dsa)) | 233 | if (!DSA_generate_key(dsa)) | 
| 241 | goto end; | 234 | goto end; | 
| 242 | 235 | ||
| 243 | app_RAND_write_file(NULL, bio_err); | ||
| 244 | |||
| 245 | if (!PEM_write_bio_DSAPrivateKey(out, dsa, enc, NULL, 0, NULL, passout)) | 236 | if (!PEM_write_bio_DSAPrivateKey(out, dsa, enc, NULL, 0, NULL, passout)) | 
| 246 | goto end; | 237 | goto end; | 
| 247 | ret = 0; | 238 | ret = 0; | 
| diff --git a/src/lib/libssl/src/apps/genrsa.c b/src/lib/libssl/src/apps/genrsa.c index fb879acad5..5b5fbc6fa9 100644 --- a/src/lib/libssl/src/apps/genrsa.c +++ b/src/lib/libssl/src/apps/genrsa.c | |||
| @@ -237,14 +237,6 @@ bad: | |||
| 237 | } | 237 | } | 
| 238 | } | 238 | } | 
| 239 | 239 | ||
| 240 | if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL && | ||
| 241 | !RAND_status()) { | ||
| 242 | BIO_printf(bio_err, "warning, not much extra random data, consider using the -rand option\n"); | ||
| 243 | } | ||
| 244 | if (inrand != NULL) | ||
| 245 | BIO_printf(bio_err, "%ld semi-random bytes loaded\n", | ||
| 246 | app_RAND_load_files(inrand)); | ||
| 247 | |||
| 248 | BIO_printf(bio_err, "Generating RSA private key, %d bit long modulus\n", | 240 | BIO_printf(bio_err, "Generating RSA private key, %d bit long modulus\n", | 
| 249 | num); | 241 | num); | 
| 250 | #ifdef OPENSSL_NO_ENGINE | 242 | #ifdef OPENSSL_NO_ENGINE | 
| @@ -258,8 +250,6 @@ bad: | |||
| 258 | if (!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb)) | 250 | if (!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb)) | 
| 259 | goto err; | 251 | goto err; | 
| 260 | 252 | ||
| 261 | app_RAND_write_file(NULL, bio_err); | ||
| 262 | |||
| 263 | /* | 253 | /* | 
| 264 | * We need to do the following for when the base number size is < | 254 | * We need to do the following for when the base number size is < | 
| 265 | * long, esp windows 3.1 :-(. | 255 | * long, esp windows 3.1 :-(. | 
| diff --git a/src/lib/libssl/src/apps/pkcs12.c b/src/lib/libssl/src/apps/pkcs12.c index fc61be467b..933fded99a 100644 --- a/src/lib/libssl/src/apps/pkcs12.c +++ b/src/lib/libssl/src/apps/pkcs12.c | |||
| @@ -410,12 +410,6 @@ pkcs12_main(int argc, char **argv) | |||
| 410 | mpass = macpass; | 410 | mpass = macpass; | 
| 411 | } | 411 | } | 
| 412 | 412 | ||
| 413 | if (export_cert || inrand) { | ||
| 414 | app_RAND_load_file(NULL, bio_err, (inrand != NULL)); | ||
| 415 | if (inrand != NULL) | ||
| 416 | BIO_printf(bio_err, "%ld semi-random bytes loaded\n", | ||
| 417 | app_RAND_load_files(inrand)); | ||
| 418 | } | ||
| 419 | ERR_load_crypto_strings(); | 413 | ERR_load_crypto_strings(); | 
| 420 | 414 | ||
| 421 | #ifdef CRYPTO_MDEBUG | 415 | #ifdef CRYPTO_MDEBUG | 
| @@ -705,8 +699,6 @@ export_end: | |||
| 705 | end: | 699 | end: | 
| 706 | if (p12) | 700 | if (p12) | 
| 707 | PKCS12_free(p12); | 701 | PKCS12_free(p12); | 
| 708 | if (export_cert || inrand) | ||
| 709 | app_RAND_write_file(NULL, bio_err); | ||
| 710 | #ifdef CRYPTO_MDEBUG | 702 | #ifdef CRYPTO_MDEBUG | 
| 711 | CRYPTO_remove_all_info(); | 703 | CRYPTO_remove_all_info(); | 
| 712 | #endif | 704 | #endif | 
| diff --git a/src/lib/libssl/src/apps/pkcs8.c b/src/lib/libssl/src/apps/pkcs8.c index a0f0ef9b57..eb36946d48 100644 --- a/src/lib/libssl/src/apps/pkcs8.c +++ b/src/lib/libssl/src/apps/pkcs8.c | |||
| @@ -261,7 +261,6 @@ bad: | |||
| 261 | if (EVP_read_pw_string(pass, sizeof pass, "Enter Encryption Password:", 1)) | 261 | if (EVP_read_pw_string(pass, sizeof pass, "Enter Encryption Password:", 1)) | 
| 262 | goto end; | 262 | goto end; | 
| 263 | } | 263 | } | 
| 264 | app_RAND_load_file(NULL, bio_err, 0); | ||
| 265 | if (!(p8 = PKCS8_encrypt(pbe_nid, cipher, | 264 | if (!(p8 = PKCS8_encrypt(pbe_nid, cipher, | 
| 266 | p8pass, strlen(p8pass), | 265 | p8pass, strlen(p8pass), | 
| 267 | NULL, 0, iter, p8inf))) { | 266 | NULL, 0, iter, p8inf))) { | 
| @@ -269,7 +268,6 @@ bad: | |||
| 269 | ERR_print_errors(bio_err); | 268 | ERR_print_errors(bio_err); | 
| 270 | goto end; | 269 | goto end; | 
| 271 | } | 270 | } | 
| 272 | app_RAND_write_file(NULL, bio_err); | ||
| 273 | if (outformat == FORMAT_PEM) | 271 | if (outformat == FORMAT_PEM) | 
| 274 | PEM_write_bio_PKCS8(out, p8); | 272 | PEM_write_bio_PKCS8(out, p8); | 
| 275 | else if (outformat == FORMAT_ASN1) | 273 | else if (outformat == FORMAT_ASN1) | 
| diff --git a/src/lib/libssl/src/apps/pkeyutl.c b/src/lib/libssl/src/apps/pkeyutl.c index 622034292a..64ccd142ce 100644 --- a/src/lib/libssl/src/apps/pkeyutl.c +++ b/src/lib/libssl/src/apps/pkeyutl.c | |||
| @@ -229,8 +229,6 @@ pkeyutl_main(int argc, char **argv) | |||
| 229 | BIO_puts(bio_err, "No signature file specified for verify\n"); | 229 | BIO_puts(bio_err, "No signature file specified for verify\n"); | 
| 230 | goto end; | 230 | goto end; | 
| 231 | } | 231 | } | 
| 232 | /* FIXME: seed PRNG only if needed */ | ||
| 233 | app_RAND_load_file(NULL, bio_err, 0); | ||
| 234 | 232 | ||
| 235 | if (pkey_op != EVP_PKEY_OP_DERIVE) { | 233 | if (pkey_op != EVP_PKEY_OP_DERIVE) { | 
| 236 | if (infile) { | 234 | if (infile) { | 
| diff --git a/src/lib/libssl/src/apps/rand.c b/src/lib/libssl/src/apps/rand.c index 96d2b4e26c..fa8a65a267 100644 --- a/src/lib/libssl/src/apps/rand.c +++ b/src/lib/libssl/src/apps/rand.c | |||
| @@ -162,11 +162,6 @@ rand_main(int argc, char **argv) | |||
| 162 | setup_engine(bio_err, engine, 0); | 162 | setup_engine(bio_err, engine, 0); | 
| 163 | #endif | 163 | #endif | 
| 164 | 164 | ||
| 165 | app_RAND_load_file(NULL, bio_err, (inrand != NULL)); | ||
| 166 | if (inrand != NULL) | ||
| 167 | BIO_printf(bio_err, "%ld semi-random bytes loaded\n", | ||
| 168 | app_RAND_load_files(inrand)); | ||
| 169 | |||
| 170 | out = BIO_new(BIO_s_file()); | 165 | out = BIO_new(BIO_s_file()); | 
| 171 | if (out == NULL) | 166 | if (out == NULL) | 
| 172 | goto err; | 167 | goto err; | 
| @@ -206,7 +201,6 @@ rand_main(int argc, char **argv) | |||
| 206 | BIO_puts(out, "\n"); | 201 | BIO_puts(out, "\n"); | 
| 207 | (void) BIO_flush(out); | 202 | (void) BIO_flush(out); | 
| 208 | 203 | ||
| 209 | app_RAND_write_file(NULL, bio_err); | ||
| 210 | ret = 0; | 204 | ret = 0; | 
| 211 | 205 | ||
| 212 | err: | 206 | err: | 
| diff --git a/src/lib/libssl/src/apps/req.c b/src/lib/libssl/src/apps/req.c index 11ee3d2fea..6f46e82ecd 100644 --- a/src/lib/libssl/src/apps/req.c +++ b/src/lib/libssl/src/apps/req.c | |||
| @@ -549,21 +549,9 @@ bad: | |||
| 549 | * message | 549 | * message | 
| 550 | */ | 550 | */ | 
| 551 | goto end; | 551 | goto end; | 
| 552 | } else { | ||
| 553 | char *randfile = NCONF_get_string(req_conf, SECTION, "RANDFILE"); | ||
| 554 | if (randfile == NULL) | ||
| 555 | ERR_clear_error(); | ||
| 556 | app_RAND_load_file(randfile, bio_err, 0); | ||
| 557 | } | 552 | } | 
| 558 | } | 553 | } | 
| 559 | if (newreq && (pkey == NULL)) { | 554 | if (newreq && (pkey == NULL)) { | 
| 560 | char *randfile = NCONF_get_string(req_conf, SECTION, "RANDFILE"); | ||
| 561 | if (randfile == NULL) | ||
| 562 | ERR_clear_error(); | ||
| 563 | app_RAND_load_file(randfile, bio_err, 0); | ||
| 564 | if (inrand) | ||
| 565 | app_RAND_load_files(inrand); | ||
| 566 | |||
| 567 | if (!NCONF_get_number(req_conf, SECTION, BITS, &newkey)) { | 555 | if (!NCONF_get_number(req_conf, SECTION, BITS, &newkey)) { | 
| 568 | newkey = DEFAULT_KEY_LENGTH; | 556 | newkey = DEFAULT_KEY_LENGTH; | 
| 569 | } | 557 | } | 
| @@ -610,8 +598,6 @@ bad: | |||
| 610 | EVP_PKEY_CTX_free(genctx); | 598 | EVP_PKEY_CTX_free(genctx); | 
| 611 | genctx = NULL; | 599 | genctx = NULL; | 
| 612 | 600 | ||
| 613 | app_RAND_write_file(randfile, bio_err); | ||
| 614 | |||
| 615 | if (keyout == NULL) { | 601 | if (keyout == NULL) { | 
| 616 | keyout = NCONF_get_string(req_conf, SECTION, KEYFILE); | 602 | keyout = NCONF_get_string(req_conf, SECTION, KEYFILE); | 
| 617 | if (keyout == NULL) | 603 | if (keyout == NULL) | 
| diff --git a/src/lib/libssl/src/apps/rsautl.c b/src/lib/libssl/src/apps/rsautl.c index 8848a4ac4b..dab8d6f6e3 100644 --- a/src/lib/libssl/src/apps/rsautl.c +++ b/src/lib/libssl/src/apps/rsautl.c | |||
| @@ -200,8 +200,6 @@ rsautl_main(int argc, char **argv) | |||
| 200 | BIO_printf(bio_err, "Error getting password\n"); | 200 | BIO_printf(bio_err, "Error getting password\n"); | 
| 201 | goto end; | 201 | goto end; | 
| 202 | } | 202 | } | 
| 203 | /* FIXME: seed PRNG only if needed */ | ||
| 204 | app_RAND_load_file(NULL, bio_err, 0); | ||
| 205 | 203 | ||
| 206 | switch (key_type) { | 204 | switch (key_type) { | 
| 207 | case KEY_PRIVKEY: | 205 | case KEY_PRIVKEY: | 
| diff --git a/src/lib/libssl/src/apps/s_client.c b/src/lib/libssl/src/apps/s_client.c index cbdba2ae52..8c71d6b6ae 100644 --- a/src/lib/libssl/src/apps/s_client.c +++ b/src/lib/libssl/src/apps/s_client.c | |||
| @@ -999,14 +999,6 @@ bad: | |||
| 999 | goto end; | 999 | goto end; | 
| 1000 | } | 1000 | } | 
| 1001 | } | 1001 | } | 
| 1002 | if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL | ||
| 1003 | && !RAND_status()) { | ||
| 1004 | BIO_printf(bio_err, "warning, not much extra random data, consider using the -rand option\n"); | ||
| 1005 | } | ||
| 1006 | if (inrand != NULL) | ||
| 1007 | BIO_printf(bio_err, "%ld semi-random bytes loaded\n", | ||
| 1008 | app_RAND_load_files(inrand)); | ||
| 1009 | |||
| 1010 | if (bio_c_out == NULL) { | 1002 | if (bio_c_out == NULL) { | 
| 1011 | if (c_quiet && !c_debug && !c_msg) { | 1003 | if (c_quiet && !c_debug && !c_msg) { | 
| 1012 | bio_c_out = BIO_new(BIO_s_null()); | 1004 | bio_c_out = BIO_new(BIO_s_null()); | 
| diff --git a/src/lib/libssl/src/apps/s_server.c b/src/lib/libssl/src/apps/s_server.c index a84b822538..3dd22e6b7a 100644 --- a/src/lib/libssl/src/apps/s_server.c +++ b/src/lib/libssl/src/apps/s_server.c | |||
| @@ -1227,14 +1227,6 @@ bad: | |||
| 1227 | goto end; | 1227 | goto end; | 
| 1228 | } | 1228 | } | 
| 1229 | } | 1229 | } | 
| 1230 | if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL | ||
| 1231 | && !RAND_status()) { | ||
| 1232 | BIO_printf(bio_err, "warning, not much extra random data, consider using the -rand option\n"); | ||
| 1233 | } | ||
| 1234 | if (inrand != NULL) | ||
| 1235 | BIO_printf(bio_err, "%ld semi-random bytes loaded\n", | ||
| 1236 | app_RAND_load_files(inrand)); | ||
| 1237 | |||
| 1238 | if (bio_s_out == NULL) { | 1230 | if (bio_s_out == NULL) { | 
| 1239 | if (s_quiet && !s_debug && !s_msg) { | 1231 | if (s_quiet && !s_debug && !s_msg) { | 
| 1240 | bio_s_out = BIO_new(BIO_s_null()); | 1232 | bio_s_out = BIO_new(BIO_s_null()); | 
| diff --git a/src/lib/libssl/src/apps/smime.c b/src/lib/libssl/src/apps/smime.c index 4c0e32ccba..1b4a8aa9c2 100644 --- a/src/lib/libssl/src/apps/smime.c +++ b/src/lib/libssl/src/apps/smime.c | |||
| @@ -107,7 +107,6 @@ smime_main(int argc, char **argv) | |||
| 107 | char *CAfile = NULL, *CApath = NULL; | 107 | char *CAfile = NULL, *CApath = NULL; | 
| 108 | char *passargin = NULL, *passin = NULL; | 108 | char *passargin = NULL, *passin = NULL; | 
| 109 | char *inrand = NULL; | 109 | char *inrand = NULL; | 
| 110 | int need_rand = 0; | ||
| 111 | int indef = 0; | 110 | int indef = 0; | 
| 112 | const EVP_MD *sign_md = NULL; | 111 | const EVP_MD *sign_md = NULL; | 
| 113 | int informat = FORMAT_SMIME, outformat = FORMAT_SMIME; | 112 | int informat = FORMAT_SMIME, outformat = FORMAT_SMIME; | 
| @@ -212,7 +211,6 @@ smime_main(int argc, char **argv) | |||
| 212 | goto argerr; | 211 | goto argerr; | 
| 213 | args++; | 212 | args++; | 
| 214 | inrand = *args; | 213 | inrand = *args; | 
| 215 | need_rand = 1; | ||
| 216 | } | 214 | } | 
| 217 | #ifndef OPENSSL_NO_ENGINE | 215 | #ifndef OPENSSL_NO_ENGINE | 
| 218 | else if (!strcmp(*args, "-engine")) { | 216 | else if (!strcmp(*args, "-engine")) { | 
| @@ -354,7 +352,6 @@ smime_main(int argc, char **argv) | |||
| 354 | } | 352 | } | 
| 355 | signerfile = NULL; | 353 | signerfile = NULL; | 
| 356 | keyfile = NULL; | 354 | keyfile = NULL; | 
| 357 | need_rand = 1; | ||
| 358 | } else if (operation == SMIME_DECRYPT) { | 355 | } else if (operation == SMIME_DECRYPT) { | 
| 359 | if (!recipfile && !keyfile) { | 356 | if (!recipfile && !keyfile) { | 
| 360 | BIO_printf(bio_err, "No recipient certificate or key specified\n"); | 357 | BIO_printf(bio_err, "No recipient certificate or key specified\n"); | 
| @@ -365,7 +362,6 @@ smime_main(int argc, char **argv) | |||
| 365 | BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n"); | 362 | BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n"); | 
| 366 | badarg = 1; | 363 | badarg = 1; | 
| 367 | } | 364 | } | 
| 368 | need_rand = 1; | ||
| 369 | } else if (!operation) | 365 | } else if (!operation) | 
| 370 | badarg = 1; | 366 | badarg = 1; | 
| 371 | 367 | ||
| @@ -441,12 +437,6 @@ argerr: | |||
| 441 | BIO_printf(bio_err, "Error getting password\n"); | 437 | BIO_printf(bio_err, "Error getting password\n"); | 
| 442 | goto end; | 438 | goto end; | 
| 443 | } | 439 | } | 
| 444 | if (need_rand) { | ||
| 445 | app_RAND_load_file(NULL, bio_err, (inrand != NULL)); | ||
| 446 | if (inrand != NULL) | ||
| 447 | BIO_printf(bio_err, "%ld semi-random bytes loaded\n", | ||
| 448 | app_RAND_load_files(inrand)); | ||
| 449 | } | ||
| 450 | ret = 2; | 440 | ret = 2; | 
| 451 | 441 | ||
| 452 | if (!(operation & SMIME_SIGNERS)) | 442 | if (!(operation & SMIME_SIGNERS)) | 
| @@ -670,8 +660,6 @@ argerr: | |||
| 670 | } | 660 | } | 
| 671 | ret = 0; | 661 | ret = 0; | 
| 672 | end: | 662 | end: | 
| 673 | if (need_rand) | ||
| 674 | app_RAND_write_file(NULL, bio_err); | ||
| 675 | if (ret) | 663 | if (ret) | 
| 676 | ERR_print_errors(bio_err); | 664 | ERR_print_errors(bio_err); | 
| 677 | sk_X509_pop_free(encerts, X509_free); | 665 | sk_X509_pop_free(encerts, X509_free); | 
| diff --git a/src/lib/libssl/src/apps/srp.c b/src/lib/libssl/src/apps/srp.c index bdd3017251..9c3dcdb1d6 100644 --- a/src/lib/libssl/src/apps/srp.c +++ b/src/lib/libssl/src/apps/srp.c | |||
| @@ -283,7 +283,6 @@ srp_main(int argc, char **argv) | |||
| 283 | char **pp; | 283 | char **pp; | 
| 284 | int i; | 284 | int i; | 
| 285 | long errorline = -1; | 285 | long errorline = -1; | 
| 286 | char *randfile = NULL; | ||
| 287 | #ifndef OPENSSL_NO_ENGINE | 286 | #ifndef OPENSSL_NO_ENGINE | 
| 288 | char *engine = NULL; | 287 | char *engine = NULL; | 
| 289 | #endif | 288 | #endif | 
| @@ -446,9 +445,6 @@ srp_main(int argc, char **argv) | |||
| 446 | goto err; | 445 | goto err; | 
| 447 | } | 446 | } | 
| 448 | } | 447 | } | 
| 449 | if (randfile == NULL && conf) | ||
| 450 | randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE"); | ||
| 451 | |||
| 452 | 448 | ||
| 453 | VERBOSE BIO_printf(bio_err, "trying to read " ENV_DATABASE " in section \"%s\"\n", section); | 449 | VERBOSE BIO_printf(bio_err, "trying to read " ENV_DATABASE " in section \"%s\"\n", section); | 
| 454 | 450 | ||
| @@ -457,10 +453,7 @@ srp_main(int argc, char **argv) | |||
| 457 | goto err; | 453 | goto err; | 
| 458 | } | 454 | } | 
| 459 | } | 455 | } | 
| 460 | if (randfile == NULL) | 456 | ERR_clear_error(); | 
| 461 | ERR_clear_error(); | ||
| 462 | else | ||
| 463 | app_RAND_load_file(randfile, bio_err, 0); | ||
| 464 | 457 | ||
| 465 | VERBOSE BIO_printf(bio_err, "Trying to read SRP verifier file \"%s\"\n", dbfile); | 458 | VERBOSE BIO_printf(bio_err, "Trying to read SRP verifier file \"%s\"\n", dbfile); | 
| 466 | 459 | ||
| @@ -661,8 +654,6 @@ err: | |||
| 661 | free(tofree); | 654 | free(tofree); | 
| 662 | if (ret) | 655 | if (ret) | 
| 663 | ERR_print_errors(bio_err); | 656 | ERR_print_errors(bio_err); | 
| 664 | if (randfile) | ||
| 665 | app_RAND_write_file(randfile, bio_err); | ||
| 666 | if (conf) | 657 | if (conf) | 
| 667 | NCONF_free(conf); | 658 | NCONF_free(conf); | 
| 668 | if (db) | 659 | if (db) | 
| diff --git a/src/lib/libssl/src/apps/ts.c b/src/lib/libssl/src/apps/ts.c index 24e34894fd..c271bdb226 100644 --- a/src/lib/libssl/src/apps/ts.c +++ b/src/lib/libssl/src/apps/ts.c | |||
| @@ -262,15 +262,6 @@ ts_main(int argc, char **argv) | |||
| 262 | goto usage; | 262 | goto usage; | 
| 263 | } | 263 | } | 
| 264 | 264 | ||
| 265 | /* Seed the random number generator if it is going to be used. */ | ||
| 266 | if (mode == CMD_QUERY && !no_nonce) { | ||
| 267 | if (!app_RAND_load_file(NULL, bio_err, 1) && rnd == NULL) | ||
| 268 | BIO_printf(bio_err, "warning, not much extra random " | ||
| 269 | "data, consider using the -rand option\n"); | ||
| 270 | if (rnd != NULL) | ||
| 271 | BIO_printf(bio_err, "%ld semi-random bytes loaded\n", | ||
| 272 | app_RAND_load_files(rnd)); | ||
| 273 | } | ||
| 274 | /* Get the password if required. */ | 265 | /* Get the password if required. */ | 
| 275 | if (mode == CMD_REPLY && passin && | 266 | if (mode == CMD_REPLY && passin && | 
| 276 | !app_passwd(bio_err, passin, NULL, &password, NULL)) { | 267 | !app_passwd(bio_err, passin, NULL, &password, NULL)) { | 
| @@ -350,7 +341,6 @@ usage: | |||
| 350 | "-untrusted cert_file.pem\n"); | 341 | "-untrusted cert_file.pem\n"); | 
| 351 | cleanup: | 342 | cleanup: | 
| 352 | /* Clean up. */ | 343 | /* Clean up. */ | 
| 353 | app_RAND_write_file(NULL, bio_err); | ||
| 354 | NCONF_free(conf); | 344 | NCONF_free(conf); | 
| 355 | free(password); | 345 | free(password); | 
| 356 | OBJ_cleanup(); | 346 | OBJ_cleanup(); | 
| diff --git a/src/lib/libssl/src/apps/x509.c b/src/lib/libssl/src/apps/x509.c index 84ca493a89..5841a1b80d 100644 --- a/src/lib/libssl/src/apps/x509.c +++ b/src/lib/libssl/src/apps/x509.c | |||
| @@ -205,7 +205,6 @@ x509_main(int argc, char **argv) | |||
| 205 | const EVP_MD *md_alg, *digest = NULL; | 205 | const EVP_MD *md_alg, *digest = NULL; | 
| 206 | CONF *extconf = NULL; | 206 | CONF *extconf = NULL; | 
| 207 | char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL; | 207 | char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL; | 
| 208 | int need_rand = 0; | ||
| 209 | int checkend = 0, checkoffset = 0; | 208 | int checkend = 0, checkoffset = 0; | 
| 210 | unsigned long nmflag = 0, certflag = 0; | 209 | unsigned long nmflag = 0, certflag = 0; | 
| 211 | #ifndef OPENSSL_NO_ENGINE | 210 | #ifndef OPENSSL_NO_ENGINE | 
| @@ -252,7 +251,6 @@ x509_main(int argc, char **argv) | |||
| 252 | keyformat = str2fmt(*(++argv)); | 251 | keyformat = str2fmt(*(++argv)); | 
| 253 | } else if (strcmp(*argv, "-req") == 0) { | 252 | } else if (strcmp(*argv, "-req") == 0) { | 
| 254 | reqfile = 1; | 253 | reqfile = 1; | 
| 255 | need_rand = 1; | ||
| 256 | } else if (strcmp(*argv, "-CAform") == 0) { | 254 | } else if (strcmp(*argv, "-CAform") == 0) { | 
| 257 | if (--argc < 1) | 255 | if (--argc < 1) | 
| 258 | goto bad; | 256 | goto bad; | 
| @@ -301,13 +299,11 @@ x509_main(int argc, char **argv) | |||
| 301 | goto bad; | 299 | goto bad; | 
| 302 | keyfile = *(++argv); | 300 | keyfile = *(++argv); | 
| 303 | sign_flag = ++num; | 301 | sign_flag = ++num; | 
| 304 | need_rand = 1; | ||
| 305 | } else if (strcmp(*argv, "-CA") == 0) { | 302 | } else if (strcmp(*argv, "-CA") == 0) { | 
| 306 | if (--argc < 1) | 303 | if (--argc < 1) | 
| 307 | goto bad; | 304 | goto bad; | 
| 308 | CAfile = *(++argv); | 305 | CAfile = *(++argv); | 
| 309 | CA_flag = ++num; | 306 | CA_flag = ++num; | 
| 310 | need_rand = 1; | ||
| 311 | } else if (strcmp(*argv, "-CAkey") == 0) { | 307 | } else if (strcmp(*argv, "-CAkey") == 0) { | 
| 312 | if (--argc < 1) | 308 | if (--argc < 1) | 
| 313 | goto bad; | 309 | goto bad; | 
| @@ -464,9 +460,6 @@ bad: | |||
| 464 | e = setup_engine(bio_err, engine, 0); | 460 | e = setup_engine(bio_err, engine, 0); | 
| 465 | #endif | 461 | #endif | 
| 466 | 462 | ||
| 467 | if (need_rand) | ||
| 468 | app_RAND_load_file(NULL, bio_err, 0); | ||
| 469 | |||
| 470 | ERR_load_crypto_strings(); | 463 | ERR_load_crypto_strings(); | 
| 471 | 464 | ||
| 472 | if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { | 465 | if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { | 
| @@ -844,7 +837,6 @@ bad: | |||
| 844 | if (Upkey == NULL) | 837 | if (Upkey == NULL) | 
| 845 | goto end; | 838 | goto end; | 
| 846 | } | 839 | } | 
| 847 | assert(need_rand); | ||
| 848 | if (!sign(x, Upkey, days, clrext, digest, | 840 | if (!sign(x, Upkey, days, clrext, digest, | 
| 849 | extconf, extsect)) | 841 | extconf, extsect)) | 
| 850 | goto end; | 842 | goto end; | 
| @@ -858,7 +850,6 @@ bad: | |||
| 858 | if (CApkey == NULL) | 850 | if (CApkey == NULL) | 
| 859 | goto end; | 851 | goto end; | 
| 860 | } | 852 | } | 
| 861 | assert(need_rand); | ||
| 862 | if (!x509_certify(ctx, CAfile, digest, x, xca, | 853 | if (!x509_certify(ctx, CAfile, digest, x, xca, | 
| 863 | CApkey, sigopts, | 854 | CApkey, sigopts, | 
| 864 | CAserial, CA_createserial, days, clrext, | 855 | CAserial, CA_createserial, days, clrext, | 
| @@ -941,8 +932,6 @@ bad: | |||
| 941 | } | 932 | } | 
| 942 | ret = 0; | 933 | ret = 0; | 
| 943 | end: | 934 | end: | 
| 944 | if (need_rand) | ||
| 945 | app_RAND_write_file(NULL, bio_err); | ||
| 946 | OBJ_cleanup(); | 935 | OBJ_cleanup(); | 
| 947 | NCONF_free(extconf); | 936 | NCONF_free(extconf); | 
| 948 | BIO_free_all(out); | 937 | BIO_free_all(out); | 
