summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/src/apps/app_rand.c204
-rw-r--r--src/lib/libssl/src/apps/apps.h8
-rw-r--r--src/lib/libssl/src/apps/ca.c7
-rw-r--r--src/lib/libssl/src/apps/cms.c12
-rw-r--r--src/lib/libssl/src/apps/dgst.c2
-rw-r--r--src/lib/libssl/src/apps/dhparam.c9
-rw-r--r--src/lib/libssl/src/apps/dsaparam.c14
-rw-r--r--src/lib/libssl/src/apps/ecparam.c16
-rw-r--r--src/lib/libssl/src/apps/gendh.c9
-rw-r--r--src/lib/libssl/src/apps/gendsa.c9
-rw-r--r--src/lib/libssl/src/apps/genrsa.c10
-rw-r--r--src/lib/libssl/src/apps/pkcs12.c8
-rw-r--r--src/lib/libssl/src/apps/pkcs8.c2
-rw-r--r--src/lib/libssl/src/apps/pkeyutl.c2
-rw-r--r--src/lib/libssl/src/apps/rand.c6
-rw-r--r--src/lib/libssl/src/apps/req.c14
-rw-r--r--src/lib/libssl/src/apps/rsautl.c2
-rw-r--r--src/lib/libssl/src/apps/s_client.c8
-rw-r--r--src/lib/libssl/src/apps/s_server.c8
-rw-r--r--src/lib/libssl/src/apps/smime.c12
-rw-r--r--src/lib/libssl/src/apps/srp.c11
-rw-r--r--src/lib/libssl/src/apps/ts.c10
-rw-r--r--src/lib/libssl/src/apps/x509.c11
23 files changed, 2 insertions, 392 deletions
diff --git a/src/lib/libssl/src/apps/app_rand.c b/src/lib/libssl/src/apps/app_rand.c
deleted file mode 100644
index d6cdd6e01b..0000000000
--- a/src/lib/libssl/src/apps/app_rand.c
+++ /dev/null
@@ -1,204 +0,0 @@
1/* apps/app_rand.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111
112#define NON_MAIN
113#include "apps.h"
114#undef NON_MAIN
115#include <openssl/bio.h>
116#include <openssl/rand.h>
117
118
119static int seeded = 0;
120
121int
122app_RAND_load_file(const char *file, BIO * bio_e, int dont_warn)
123{
124 int consider_randfile = (file == NULL);
125 char buffer[200];
126
127
128 if (file == NULL)
129 file = RAND_file_name(buffer, sizeof buffer);
130 if (file == NULL || !RAND_load_file(file, -1)) {
131 if (RAND_status() == 0) {
132 if (!dont_warn) {
133 BIO_printf(bio_e, "unable to load 'random state'\n");
134 BIO_printf(bio_e, "This means that the random number generator has not been seeded\n");
135 BIO_printf(bio_e, "with much random data.\n");
136 if (consider_randfile) { /* explanation does not
137 * apply when a file is
138 * explicitly named */
139 BIO_printf(bio_e, "Consider setting the RANDFILE environment variable to point at a file that\n");
140 BIO_printf(bio_e, "'random' data can be kept in (the file will be overwritten).\n");
141 }
142 }
143 return 0;
144 }
145 }
146 seeded = 1;
147 return 1;
148}
149
150long
151app_RAND_load_files(char *name)
152{
153 char *p, *n;
154 int last;
155 long tot = 0;
156
157 for (;;) {
158 last = 0;
159 for (p = name;
160 ((*p != '\0') && (*p != ':')); p++);
161 if (*p == '\0')
162 last = 1;
163 *p = '\0';
164 n = name;
165 name = p + 1;
166 if (*n == '\0')
167 break;
168
169 tot += RAND_load_file(n, -1);
170 if (last)
171 break;
172 }
173 if (tot > 512)
174 app_RAND_allow_write_file();
175 return (tot);
176}
177
178int
179app_RAND_write_file(const char *file, BIO * bio_e)
180{
181 char buffer[200];
182
183 if (!seeded)
184 /*
185 * If we did not manage to read the seed file, we should not
186 * write a low-entropy seed file back -- it would suppress a
187 * crucial warning the next time we want to use it.
188 */
189 return 0;
190
191 if (file == NULL)
192 file = RAND_file_name(buffer, sizeof buffer);
193 if (file == NULL || !RAND_write_file(file)) {
194 BIO_printf(bio_e, "unable to write 'random state'\n");
195 return 0;
196 }
197 return 1;
198}
199
200void
201app_RAND_allow_write_file(void)
202{
203 seeded = 1;
204}
diff --git a/src/lib/libssl/src/apps/apps.h b/src/lib/libssl/src/apps/apps.h
index 077d766a49..55015024e9 100644
--- a/src/lib/libssl/src/apps/apps.h
+++ b/src/lib/libssl/src/apps/apps.h
@@ -126,14 +126,6 @@
126#endif 126#endif
127#include <openssl/ossl_typ.h> 127#include <openssl/ossl_typ.h>
128 128
129int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
130int app_RAND_write_file(const char *file, BIO *bio_e);
131/* When `file' is NULL, use defaults.
132 * `bio_e' is for error messages. */
133void app_RAND_allow_write_file(void);
134long app_RAND_load_files(char *file); /* `file' is a list of files to read,
135 * separated by ':'. The string is destroyed! */
136
137extern CONF *config; 129extern CONF *config;
138extern char *default_config_file; 130extern char *default_config_file;
139extern BIO *bio_err; 131extern BIO *bio_err;
diff --git a/src/lib/libssl/src/apps/ca.c b/src/lib/libssl/src/apps/ca.c
index 1d75018732..c582549b15 100644
--- a/src/lib/libssl/src/apps/ca.c
+++ b/src/lib/libssl/src/apps/ca.c
@@ -311,7 +311,6 @@ ca_main(int argc, char **argv)
311#undef BSIZE 311#undef BSIZE
312#define BSIZE 256 312#define BSIZE 256
313 char buf[3][BSIZE]; 313 char buf[3][BSIZE];
314 char *randfile = NULL;
315#ifndef OPENSSL_NO_ENGINE 314#ifndef OPENSSL_NO_ENGINE
316 char *engine = NULL; 315 char *engine = NULL;
317#endif 316#endif
@@ -598,11 +597,6 @@ ca_main(int argc, char **argv)
598 goto err; 597 goto err;
599 } 598 }
600 } 599 }
601 randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
602 if (randfile == NULL)
603 ERR_clear_error();
604 app_RAND_load_file(randfile, bio_err, 0);
605
606 f = NCONF_get_string(conf, section, STRING_MASK); 600 f = NCONF_get_string(conf, section, STRING_MASK);
607 if (!f) 601 if (!f)
608 ERR_clear_error(); 602 ERR_clear_error();
@@ -1363,7 +1357,6 @@ err:
1363 1357
1364 if (ret) 1358 if (ret)
1365 ERR_print_errors(bio_err); 1359 ERR_print_errors(bio_err);
1366 app_RAND_write_file(randfile, bio_err);
1367 if (free_key && key) 1360 if (free_key && key)
1368 free(key); 1361 free(key);
1369 BN_free(serial); 1362 BN_free(serial);
diff --git a/src/lib/libssl/src/apps/cms.c b/src/lib/libssl/src/apps/cms.c
index d9694a4192..0ece401ce3 100644
--- a/src/lib/libssl/src/apps/cms.c
+++ b/src/lib/libssl/src/apps/cms.c
@@ -128,7 +128,6 @@ cms_main(int argc, char **argv)
128 char *CAfile = NULL, *CApath = NULL; 128 char *CAfile = NULL, *CApath = NULL;
129 char *passargin = NULL, *passin = NULL; 129 char *passargin = NULL, *passin = NULL;
130 char *inrand = NULL; 130 char *inrand = NULL;
131 int need_rand = 0;
132 const EVP_MD *sign_md = NULL; 131 const EVP_MD *sign_md = NULL;
133 int informat = FORMAT_SMIME, outformat = FORMAT_SMIME; 132 int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
134 int rctformat = FORMAT_SMIME, keyform = FORMAT_PEM; 133 int rctformat = FORMAT_SMIME, keyform = FORMAT_PEM;
@@ -331,7 +330,6 @@ cms_main(int argc, char **argv)
331 goto argerr; 330 goto argerr;
332 args++; 331 args++;
333 inrand = *args; 332 inrand = *args;
334 need_rand = 1;
335 } 333 }
336#ifndef OPENSSL_NO_ENGINE 334#ifndef OPENSSL_NO_ENGINE
337 else if (!strcmp(*args, "-engine")) { 335 else if (!strcmp(*args, "-engine")) {
@@ -489,7 +487,6 @@ cms_main(int argc, char **argv)
489 } 487 }
490 signerfile = NULL; 488 signerfile = NULL;
491 keyfile = NULL; 489 keyfile = NULL;
492 need_rand = 1;
493 } else if (operation == SMIME_DECRYPT) { 490 } else if (operation == SMIME_DECRYPT) {
494 if (!recipfile && !keyfile && !secret_key && !pwri_pass) { 491 if (!recipfile && !keyfile && !secret_key && !pwri_pass) {
495 BIO_printf(bio_err, "No recipient certificate or key specified\n"); 492 BIO_printf(bio_err, "No recipient certificate or key specified\n");
@@ -500,7 +497,6 @@ cms_main(int argc, char **argv)
500 BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n"); 497 BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
501 badarg = 1; 498 badarg = 1;
502 } 499 }
503 need_rand = 1;
504 } else if (!operation) 500 } else if (!operation)
505 badarg = 1; 501 badarg = 1;
506 502
@@ -578,12 +574,6 @@ argerr:
578 BIO_printf(bio_err, "Error getting password\n"); 574 BIO_printf(bio_err, "Error getting password\n");
579 goto end; 575 goto end;
580 } 576 }
581 if (need_rand) {
582 app_RAND_load_file(NULL, bio_err, (inrand != NULL));
583 if (inrand != NULL)
584 BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
585 app_RAND_load_files(inrand));
586 }
587 ret = 2; 577 ret = 2;
588 578
589 if (!(operation & SMIME_SIGNERS)) 579 if (!(operation & SMIME_SIGNERS))
@@ -979,8 +969,6 @@ argerr:
979end: 969end:
980 if (ret) 970 if (ret)
981 ERR_print_errors(bio_err); 971 ERR_print_errors(bio_err);
982 if (need_rand)
983 app_RAND_write_file(NULL, bio_err);
984 sk_X509_pop_free(encerts, X509_free); 972 sk_X509_pop_free(encerts, X509_free);
985 sk_X509_pop_free(other, X509_free); 973 sk_X509_pop_free(other, X509_free);
986 if (vpm) 974 if (vpm)
diff --git a/src/lib/libssl/src/apps/dgst.c b/src/lib/libssl/src/apps/dgst.c
index 09105399ff..e4741855dc 100644
--- a/src/lib/libssl/src/apps/dgst.c
+++ b/src/lib/libssl/src/apps/dgst.c
@@ -292,8 +292,6 @@ dgst_main(int argc, char **argv)
292 else 292 else
293 out_bin = 0; 293 out_bin = 0;
294 } 294 }
295 if (randfile)
296 app_RAND_load_file(randfile, bio_err, 0);
297 295
298 if (outfile) { 296 if (outfile) {
299 if (out_bin) 297 if (out_bin)
diff --git a/src/lib/libssl/src/apps/dhparam.c b/src/lib/libssl/src/apps/dhparam.c
index 7679a891fd..8ca71f5e5d 100644
--- a/src/lib/libssl/src/apps/dhparam.c
+++ b/src/lib/libssl/src/apps/dhparam.c
@@ -283,13 +283,6 @@ bad:
283 283
284 BN_GENCB cb; 284 BN_GENCB cb;
285 BN_GENCB_set(&cb, dh_cb, bio_err); 285 BN_GENCB_set(&cb, dh_cb, bio_err);
286 if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) {
287 BIO_printf(bio_err, "warning, not much extra random data, consider using the -rand option\n");
288 }
289 if (inrand != NULL)
290 BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
291 app_RAND_load_files(inrand));
292
293#ifndef OPENSSL_NO_DSA 286#ifndef OPENSSL_NO_DSA
294 if (dsaparam) { 287 if (dsaparam) {
295 DSA *dsa = DSA_new(); 288 DSA *dsa = DSA_new();
@@ -319,8 +312,6 @@ bad:
319 goto end; 312 goto end;
320 } 313 }
321 } 314 }
322
323 app_RAND_write_file(NULL, bio_err);
324 } else { 315 } else {
325 316
326 in = BIO_new(BIO_s_file()); 317 in = BIO_new(BIO_s_file());
diff --git a/src/lib/libssl/src/apps/dsaparam.c b/src/lib/libssl/src/apps/dsaparam.c
index 4b4f98fec6..af34b24f8b 100644
--- a/src/lib/libssl/src/apps/dsaparam.c
+++ b/src/lib/libssl/src/apps/dsaparam.c
@@ -117,7 +117,6 @@ dsaparam_main(int argc, char **argv)
117 int informat, outformat, noout = 0, C = 0, ret = 1; 117 int informat, outformat, noout = 0, C = 0, ret = 1;
118 char *infile, *outfile, *prog, *inrand = NULL; 118 char *infile, *outfile, *prog, *inrand = NULL;
119 int numbits = -1, num, genkey = 0; 119 int numbits = -1, num, genkey = 0;
120 int need_rand = 0;
121#ifndef OPENSSL_NO_ENGINE 120#ifndef OPENSSL_NO_ENGINE
122 char *engine = NULL; 121 char *engine = NULL;
123#endif 122#endif
@@ -180,18 +179,15 @@ dsaparam_main(int argc, char **argv)
180 C = 1; 179 C = 1;
181 else if (strcmp(*argv, "-genkey") == 0) { 180 else if (strcmp(*argv, "-genkey") == 0) {
182 genkey = 1; 181 genkey = 1;
183 need_rand = 1;
184 } else if (strcmp(*argv, "-rand") == 0) { 182 } else if (strcmp(*argv, "-rand") == 0) {
185 if (--argc < 1) 183 if (--argc < 1)
186 goto bad; 184 goto bad;
187 inrand = *(++argv); 185 inrand = *(++argv);
188 need_rand = 1;
189 } else if (strcmp(*argv, "-noout") == 0) 186 } else if (strcmp(*argv, "-noout") == 0)
190 noout = 1; 187 noout = 1;
191 else if (sscanf(*argv, "%d", &num) == 1) { 188 else if (sscanf(*argv, "%d", &num) == 1) {
192 /* generate a key */ 189 /* generate a key */
193 numbits = num; 190 numbits = num;
194 need_rand = 1;
195 } else { 191 } else {
196 BIO_printf(bio_err, "unknown option %s\n", *argv); 192 BIO_printf(bio_err, "unknown option %s\n", *argv);
197 badops = 1; 193 badops = 1;
@@ -252,16 +248,9 @@ bad:
252 setup_engine(bio_err, engine, 0); 248 setup_engine(bio_err, engine, 0);
253#endif 249#endif
254 250
255 if (need_rand) {
256 app_RAND_load_file(NULL, bio_err, (inrand != NULL));
257 if (inrand != NULL)
258 BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
259 app_RAND_load_files(inrand));
260 }
261 if (numbits > 0) { 251 if (numbits > 0) {
262 BN_GENCB cb; 252 BN_GENCB cb;
263 BN_GENCB_set(&cb, dsa_cb, bio_err); 253 BN_GENCB_set(&cb, dsa_cb, bio_err);
264 assert(need_rand);
265 dsa = DSA_new(); 254 dsa = DSA_new();
266 if (!dsa) { 255 if (!dsa) {
267 BIO_printf(bio_err, "Error allocating DSA object\n"); 256 BIO_printf(bio_err, "Error allocating DSA object\n");
@@ -381,7 +370,6 @@ bad:
381 if (genkey) { 370 if (genkey) {
382 DSA *dsakey; 371 DSA *dsakey;
383 372
384 assert(need_rand);
385 if ((dsakey = DSAparams_dup(dsa)) == NULL) 373 if ((dsakey = DSAparams_dup(dsa)) == NULL)
386 goto end; 374 goto end;
387 if (!DSA_generate_key(dsakey)) { 375 if (!DSA_generate_key(dsakey)) {
@@ -400,8 +388,6 @@ bad:
400 } 388 }
401 DSA_free(dsakey); 389 DSA_free(dsakey);
402 } 390 }
403 if (need_rand)
404 app_RAND_write_file(NULL, bio_err);
405 ret = 0; 391 ret = 0;
406 392
407end: 393end:
diff --git a/src/lib/libssl/src/apps/ecparam.c b/src/lib/libssl/src/apps/ecparam.c
index fee53257a9..6d97aa5576 100644
--- a/src/lib/libssl/src/apps/ecparam.c
+++ b/src/lib/libssl/src/apps/ecparam.c
@@ -124,7 +124,7 @@ ecparam_main(int argc, char **argv)
124 int new_asn1_flag = 0; 124 int new_asn1_flag = 0;
125 char *curve_name = NULL, *inrand = NULL; 125 char *curve_name = NULL, *inrand = NULL;
126 int list_curves = 0, no_seed = 0, check = 0, badops = 0, text = 0, 126 int list_curves = 0, no_seed = 0, check = 0, badops = 0, text = 0,
127 i, need_rand = 0, genkey = 0; 127 i, genkey = 0;
128 char *infile = NULL, *outfile = NULL, *prog; 128 char *infile = NULL, *outfile = NULL, *prog;
129 BIO *in = NULL, *out = NULL; 129 BIO *in = NULL, *out = NULL;
130 int informat, outformat, noout = 0, C = 0, ret = 1; 130 int informat, outformat, noout = 0, C = 0, ret = 1;
@@ -208,12 +208,10 @@ ecparam_main(int argc, char **argv)
208 noout = 1; 208 noout = 1;
209 else if (strcmp(*argv, "-genkey") == 0) { 209 else if (strcmp(*argv, "-genkey") == 0) {
210 genkey = 1; 210 genkey = 1;
211 need_rand = 1;
212 } else if (strcmp(*argv, "-rand") == 0) { 211 } else if (strcmp(*argv, "-rand") == 0) {
213 if (--argc < 1) 212 if (--argc < 1)
214 goto bad; 213 goto bad;
215 inrand = *(++argv); 214 inrand = *(++argv);
216 need_rand = 1;
217 } else if (strcmp(*argv, "-engine") == 0) { 215 } else if (strcmp(*argv, "-engine") == 0) {
218 if (--argc < 1) 216 if (--argc < 1)
219 goto bad; 217 goto bad;
@@ -551,20 +549,12 @@ bad:
551 goto end; 549 goto end;
552 } 550 }
553 } 551 }
554 if (need_rand) {
555 app_RAND_load_file(NULL, bio_err, (inrand != NULL));
556 if (inrand != NULL)
557 BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
558 app_RAND_load_files(inrand));
559 }
560 if (genkey) { 552 if (genkey) {
561 EC_KEY *eckey = EC_KEY_new(); 553 EC_KEY *eckey = EC_KEY_new();
562 554
563 if (eckey == NULL) 555 if (eckey == NULL)
564 goto end; 556 goto end;
565 557
566 assert(need_rand);
567
568 if (EC_KEY_set_group(eckey, group) == 0) 558 if (EC_KEY_set_group(eckey, group) == 0)
569 goto end; 559 goto end;
570 560
@@ -585,10 +575,6 @@ bad:
585 } 575 }
586 EC_KEY_free(eckey); 576 EC_KEY_free(eckey);
587 } 577 }
588 if (need_rand)
589 app_RAND_write_file(NULL, bio_err);
590
591 ret = 0;
592end: 578end:
593 if (ec_p) 579 if (ec_p)
594 BN_free(ec_p); 580 BN_free(ec_p);
diff --git a/src/lib/libssl/src/apps/gendh.c b/src/lib/libssl/src/apps/gendh.c
index 925b6e4120..c09e5923a5 100644
--- a/src/lib/libssl/src/apps/gendh.c
+++ b/src/lib/libssl/src/apps/gendh.c
@@ -176,21 +176,12 @@ bad:
176 } 176 }
177 } 177 }
178 178
179 if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) {
180 BIO_printf(bio_err, "warning, not much extra random data, consider using the -rand option\n");
181 }
182 if (inrand != NULL)
183 BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
184 app_RAND_load_files(inrand));
185
186 BIO_printf(bio_err, "Generating DH parameters, %d bit long safe prime, generator %d\n", num, g); 179 BIO_printf(bio_err, "Generating DH parameters, %d bit long safe prime, generator %d\n", num, g);
187 BIO_printf(bio_err, "This is going to take a long time\n"); 180 BIO_printf(bio_err, "This is going to take a long time\n");
188 181
189 if (((dh = DH_new()) == NULL) || !DH_generate_parameters_ex(dh, num, g, &cb)) 182 if (((dh = DH_new()) == NULL) || !DH_generate_parameters_ex(dh, num, g, &cb))
190 goto end; 183 goto end;
191 184
192 app_RAND_write_file(NULL, bio_err);
193
194 if (!PEM_write_bio_DHparams(out, dh)) 185 if (!PEM_write_bio_DHparams(out, dh))
195 goto end; 186 goto end;
196 ret = 0; 187 ret = 0;
diff --git a/src/lib/libssl/src/apps/gendsa.c b/src/lib/libssl/src/apps/gendsa.c
index 9bfeb4c16b..bcc11a2e62 100644
--- a/src/lib/libssl/src/apps/gendsa.c
+++ b/src/lib/libssl/src/apps/gendsa.c
@@ -228,20 +228,11 @@ bad:
228 } 228 }
229 } 229 }
230 230
231 if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) {
232 BIO_printf(bio_err, "warning, not much extra random data, consider using the -rand option\n");
233 }
234 if (inrand != NULL)
235 BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
236 app_RAND_load_files(inrand));
237
238 BIO_printf(bio_err, "Generating DSA key, %d bits\n", 231 BIO_printf(bio_err, "Generating DSA key, %d bits\n",
239 BN_num_bits(dsa->p)); 232 BN_num_bits(dsa->p));
240 if (!DSA_generate_key(dsa)) 233 if (!DSA_generate_key(dsa))
241 goto end; 234 goto end;
242 235
243 app_RAND_write_file(NULL, bio_err);
244
245 if (!PEM_write_bio_DSAPrivateKey(out, dsa, enc, NULL, 0, NULL, passout)) 236 if (!PEM_write_bio_DSAPrivateKey(out, dsa, enc, NULL, 0, NULL, passout))
246 goto end; 237 goto end;
247 ret = 0; 238 ret = 0;
diff --git a/src/lib/libssl/src/apps/genrsa.c b/src/lib/libssl/src/apps/genrsa.c
index fb879acad5..5b5fbc6fa9 100644
--- a/src/lib/libssl/src/apps/genrsa.c
+++ b/src/lib/libssl/src/apps/genrsa.c
@@ -237,14 +237,6 @@ bad:
237 } 237 }
238 } 238 }
239 239
240 if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL &&
241 !RAND_status()) {
242 BIO_printf(bio_err, "warning, not much extra random data, consider using the -rand option\n");
243 }
244 if (inrand != NULL)
245 BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
246 app_RAND_load_files(inrand));
247
248 BIO_printf(bio_err, "Generating RSA private key, %d bit long modulus\n", 240 BIO_printf(bio_err, "Generating RSA private key, %d bit long modulus\n",
249 num); 241 num);
250#ifdef OPENSSL_NO_ENGINE 242#ifdef OPENSSL_NO_ENGINE
@@ -258,8 +250,6 @@ bad:
258 if (!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb)) 250 if (!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb))
259 goto err; 251 goto err;
260 252
261 app_RAND_write_file(NULL, bio_err);
262
263 /* 253 /*
264 * We need to do the following for when the base number size is < 254 * We need to do the following for when the base number size is <
265 * long, esp windows 3.1 :-(. 255 * long, esp windows 3.1 :-(.
diff --git a/src/lib/libssl/src/apps/pkcs12.c b/src/lib/libssl/src/apps/pkcs12.c
index fc61be467b..933fded99a 100644
--- a/src/lib/libssl/src/apps/pkcs12.c
+++ b/src/lib/libssl/src/apps/pkcs12.c
@@ -410,12 +410,6 @@ pkcs12_main(int argc, char **argv)
410 mpass = macpass; 410 mpass = macpass;
411 } 411 }
412 412
413 if (export_cert || inrand) {
414 app_RAND_load_file(NULL, bio_err, (inrand != NULL));
415 if (inrand != NULL)
416 BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
417 app_RAND_load_files(inrand));
418 }
419 ERR_load_crypto_strings(); 413 ERR_load_crypto_strings();
420 414
421#ifdef CRYPTO_MDEBUG 415#ifdef CRYPTO_MDEBUG
@@ -705,8 +699,6 @@ export_end:
705end: 699end:
706 if (p12) 700 if (p12)
707 PKCS12_free(p12); 701 PKCS12_free(p12);
708 if (export_cert || inrand)
709 app_RAND_write_file(NULL, bio_err);
710#ifdef CRYPTO_MDEBUG 702#ifdef CRYPTO_MDEBUG
711 CRYPTO_remove_all_info(); 703 CRYPTO_remove_all_info();
712#endif 704#endif
diff --git a/src/lib/libssl/src/apps/pkcs8.c b/src/lib/libssl/src/apps/pkcs8.c
index a0f0ef9b57..eb36946d48 100644
--- a/src/lib/libssl/src/apps/pkcs8.c
+++ b/src/lib/libssl/src/apps/pkcs8.c
@@ -261,7 +261,6 @@ bad:
261 if (EVP_read_pw_string(pass, sizeof pass, "Enter Encryption Password:", 1)) 261 if (EVP_read_pw_string(pass, sizeof pass, "Enter Encryption Password:", 1))
262 goto end; 262 goto end;
263 } 263 }
264 app_RAND_load_file(NULL, bio_err, 0);
265 if (!(p8 = PKCS8_encrypt(pbe_nid, cipher, 264 if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
266 p8pass, strlen(p8pass), 265 p8pass, strlen(p8pass),
267 NULL, 0, iter, p8inf))) { 266 NULL, 0, iter, p8inf))) {
@@ -269,7 +268,6 @@ bad:
269 ERR_print_errors(bio_err); 268 ERR_print_errors(bio_err);
270 goto end; 269 goto end;
271 } 270 }
272 app_RAND_write_file(NULL, bio_err);
273 if (outformat == FORMAT_PEM) 271 if (outformat == FORMAT_PEM)
274 PEM_write_bio_PKCS8(out, p8); 272 PEM_write_bio_PKCS8(out, p8);
275 else if (outformat == FORMAT_ASN1) 273 else if (outformat == FORMAT_ASN1)
diff --git a/src/lib/libssl/src/apps/pkeyutl.c b/src/lib/libssl/src/apps/pkeyutl.c
index 622034292a..64ccd142ce 100644
--- a/src/lib/libssl/src/apps/pkeyutl.c
+++ b/src/lib/libssl/src/apps/pkeyutl.c
@@ -229,8 +229,6 @@ pkeyutl_main(int argc, char **argv)
229 BIO_puts(bio_err, "No signature file specified for verify\n"); 229 BIO_puts(bio_err, "No signature file specified for verify\n");
230 goto end; 230 goto end;
231 } 231 }
232/* FIXME: seed PRNG only if needed */
233 app_RAND_load_file(NULL, bio_err, 0);
234 232
235 if (pkey_op != EVP_PKEY_OP_DERIVE) { 233 if (pkey_op != EVP_PKEY_OP_DERIVE) {
236 if (infile) { 234 if (infile) {
diff --git a/src/lib/libssl/src/apps/rand.c b/src/lib/libssl/src/apps/rand.c
index 96d2b4e26c..fa8a65a267 100644
--- a/src/lib/libssl/src/apps/rand.c
+++ b/src/lib/libssl/src/apps/rand.c
@@ -162,11 +162,6 @@ rand_main(int argc, char **argv)
162 setup_engine(bio_err, engine, 0); 162 setup_engine(bio_err, engine, 0);
163#endif 163#endif
164 164
165 app_RAND_load_file(NULL, bio_err, (inrand != NULL));
166 if (inrand != NULL)
167 BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
168 app_RAND_load_files(inrand));
169
170 out = BIO_new(BIO_s_file()); 165 out = BIO_new(BIO_s_file());
171 if (out == NULL) 166 if (out == NULL)
172 goto err; 167 goto err;
@@ -206,7 +201,6 @@ rand_main(int argc, char **argv)
206 BIO_puts(out, "\n"); 201 BIO_puts(out, "\n");
207 (void) BIO_flush(out); 202 (void) BIO_flush(out);
208 203
209 app_RAND_write_file(NULL, bio_err);
210 ret = 0; 204 ret = 0;
211 205
212err: 206err:
diff --git a/src/lib/libssl/src/apps/req.c b/src/lib/libssl/src/apps/req.c
index 11ee3d2fea..6f46e82ecd 100644
--- a/src/lib/libssl/src/apps/req.c
+++ b/src/lib/libssl/src/apps/req.c
@@ -549,21 +549,9 @@ bad:
549 * message 549 * message
550 */ 550 */
551 goto end; 551 goto end;
552 } else {
553 char *randfile = NCONF_get_string(req_conf, SECTION, "RANDFILE");
554 if (randfile == NULL)
555 ERR_clear_error();
556 app_RAND_load_file(randfile, bio_err, 0);
557 } 552 }
558 } 553 }
559 if (newreq && (pkey == NULL)) { 554 if (newreq && (pkey == NULL)) {
560 char *randfile = NCONF_get_string(req_conf, SECTION, "RANDFILE");
561 if (randfile == NULL)
562 ERR_clear_error();
563 app_RAND_load_file(randfile, bio_err, 0);
564 if (inrand)
565 app_RAND_load_files(inrand);
566
567 if (!NCONF_get_number(req_conf, SECTION, BITS, &newkey)) { 555 if (!NCONF_get_number(req_conf, SECTION, BITS, &newkey)) {
568 newkey = DEFAULT_KEY_LENGTH; 556 newkey = DEFAULT_KEY_LENGTH;
569 } 557 }
@@ -610,8 +598,6 @@ bad:
610 EVP_PKEY_CTX_free(genctx); 598 EVP_PKEY_CTX_free(genctx);
611 genctx = NULL; 599 genctx = NULL;
612 600
613 app_RAND_write_file(randfile, bio_err);
614
615 if (keyout == NULL) { 601 if (keyout == NULL) {
616 keyout = NCONF_get_string(req_conf, SECTION, KEYFILE); 602 keyout = NCONF_get_string(req_conf, SECTION, KEYFILE);
617 if (keyout == NULL) 603 if (keyout == NULL)
diff --git a/src/lib/libssl/src/apps/rsautl.c b/src/lib/libssl/src/apps/rsautl.c
index 8848a4ac4b..dab8d6f6e3 100644
--- a/src/lib/libssl/src/apps/rsautl.c
+++ b/src/lib/libssl/src/apps/rsautl.c
@@ -200,8 +200,6 @@ rsautl_main(int argc, char **argv)
200 BIO_printf(bio_err, "Error getting password\n"); 200 BIO_printf(bio_err, "Error getting password\n");
201 goto end; 201 goto end;
202 } 202 }
203/* FIXME: seed PRNG only if needed */
204 app_RAND_load_file(NULL, bio_err, 0);
205 203
206 switch (key_type) { 204 switch (key_type) {
207 case KEY_PRIVKEY: 205 case KEY_PRIVKEY:
diff --git a/src/lib/libssl/src/apps/s_client.c b/src/lib/libssl/src/apps/s_client.c
index cbdba2ae52..8c71d6b6ae 100644
--- a/src/lib/libssl/src/apps/s_client.c
+++ b/src/lib/libssl/src/apps/s_client.c
@@ -999,14 +999,6 @@ bad:
999 goto end; 999 goto end;
1000 } 1000 }
1001 } 1001 }
1002 if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
1003 && !RAND_status()) {
1004 BIO_printf(bio_err, "warning, not much extra random data, consider using the -rand option\n");
1005 }
1006 if (inrand != NULL)
1007 BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
1008 app_RAND_load_files(inrand));
1009
1010 if (bio_c_out == NULL) { 1002 if (bio_c_out == NULL) {
1011 if (c_quiet && !c_debug && !c_msg) { 1003 if (c_quiet && !c_debug && !c_msg) {
1012 bio_c_out = BIO_new(BIO_s_null()); 1004 bio_c_out = BIO_new(BIO_s_null());
diff --git a/src/lib/libssl/src/apps/s_server.c b/src/lib/libssl/src/apps/s_server.c
index a84b822538..3dd22e6b7a 100644
--- a/src/lib/libssl/src/apps/s_server.c
+++ b/src/lib/libssl/src/apps/s_server.c
@@ -1227,14 +1227,6 @@ bad:
1227 goto end; 1227 goto end;
1228 } 1228 }
1229 } 1229 }
1230 if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
1231 && !RAND_status()) {
1232 BIO_printf(bio_err, "warning, not much extra random data, consider using the -rand option\n");
1233 }
1234 if (inrand != NULL)
1235 BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
1236 app_RAND_load_files(inrand));
1237
1238 if (bio_s_out == NULL) { 1230 if (bio_s_out == NULL) {
1239 if (s_quiet && !s_debug && !s_msg) { 1231 if (s_quiet && !s_debug && !s_msg) {
1240 bio_s_out = BIO_new(BIO_s_null()); 1232 bio_s_out = BIO_new(BIO_s_null());
diff --git a/src/lib/libssl/src/apps/smime.c b/src/lib/libssl/src/apps/smime.c
index 4c0e32ccba..1b4a8aa9c2 100644
--- a/src/lib/libssl/src/apps/smime.c
+++ b/src/lib/libssl/src/apps/smime.c
@@ -107,7 +107,6 @@ smime_main(int argc, char **argv)
107 char *CAfile = NULL, *CApath = NULL; 107 char *CAfile = NULL, *CApath = NULL;
108 char *passargin = NULL, *passin = NULL; 108 char *passargin = NULL, *passin = NULL;
109 char *inrand = NULL; 109 char *inrand = NULL;
110 int need_rand = 0;
111 int indef = 0; 110 int indef = 0;
112 const EVP_MD *sign_md = NULL; 111 const EVP_MD *sign_md = NULL;
113 int informat = FORMAT_SMIME, outformat = FORMAT_SMIME; 112 int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
@@ -212,7 +211,6 @@ smime_main(int argc, char **argv)
212 goto argerr; 211 goto argerr;
213 args++; 212 args++;
214 inrand = *args; 213 inrand = *args;
215 need_rand = 1;
216 } 214 }
217#ifndef OPENSSL_NO_ENGINE 215#ifndef OPENSSL_NO_ENGINE
218 else if (!strcmp(*args, "-engine")) { 216 else if (!strcmp(*args, "-engine")) {
@@ -354,7 +352,6 @@ smime_main(int argc, char **argv)
354 } 352 }
355 signerfile = NULL; 353 signerfile = NULL;
356 keyfile = NULL; 354 keyfile = NULL;
357 need_rand = 1;
358 } else if (operation == SMIME_DECRYPT) { 355 } else if (operation == SMIME_DECRYPT) {
359 if (!recipfile && !keyfile) { 356 if (!recipfile && !keyfile) {
360 BIO_printf(bio_err, "No recipient certificate or key specified\n"); 357 BIO_printf(bio_err, "No recipient certificate or key specified\n");
@@ -365,7 +362,6 @@ smime_main(int argc, char **argv)
365 BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n"); 362 BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
366 badarg = 1; 363 badarg = 1;
367 } 364 }
368 need_rand = 1;
369 } else if (!operation) 365 } else if (!operation)
370 badarg = 1; 366 badarg = 1;
371 367
@@ -441,12 +437,6 @@ argerr:
441 BIO_printf(bio_err, "Error getting password\n"); 437 BIO_printf(bio_err, "Error getting password\n");
442 goto end; 438 goto end;
443 } 439 }
444 if (need_rand) {
445 app_RAND_load_file(NULL, bio_err, (inrand != NULL));
446 if (inrand != NULL)
447 BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
448 app_RAND_load_files(inrand));
449 }
450 ret = 2; 440 ret = 2;
451 441
452 if (!(operation & SMIME_SIGNERS)) 442 if (!(operation & SMIME_SIGNERS))
@@ -670,8 +660,6 @@ argerr:
670 } 660 }
671 ret = 0; 661 ret = 0;
672end: 662end:
673 if (need_rand)
674 app_RAND_write_file(NULL, bio_err);
675 if (ret) 663 if (ret)
676 ERR_print_errors(bio_err); 664 ERR_print_errors(bio_err);
677 sk_X509_pop_free(encerts, X509_free); 665 sk_X509_pop_free(encerts, X509_free);
diff --git a/src/lib/libssl/src/apps/srp.c b/src/lib/libssl/src/apps/srp.c
index bdd3017251..9c3dcdb1d6 100644
--- a/src/lib/libssl/src/apps/srp.c
+++ b/src/lib/libssl/src/apps/srp.c
@@ -283,7 +283,6 @@ srp_main(int argc, char **argv)
283 char **pp; 283 char **pp;
284 int i; 284 int i;
285 long errorline = -1; 285 long errorline = -1;
286 char *randfile = NULL;
287#ifndef OPENSSL_NO_ENGINE 286#ifndef OPENSSL_NO_ENGINE
288 char *engine = NULL; 287 char *engine = NULL;
289#endif 288#endif
@@ -446,9 +445,6 @@ srp_main(int argc, char **argv)
446 goto err; 445 goto err;
447 } 446 }
448 } 447 }
449 if (randfile == NULL && conf)
450 randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
451
452 448
453 VERBOSE BIO_printf(bio_err, "trying to read " ENV_DATABASE " in section \"%s\"\n", section); 449 VERBOSE BIO_printf(bio_err, "trying to read " ENV_DATABASE " in section \"%s\"\n", section);
454 450
@@ -457,10 +453,7 @@ srp_main(int argc, char **argv)
457 goto err; 453 goto err;
458 } 454 }
459 } 455 }
460 if (randfile == NULL) 456 ERR_clear_error();
461 ERR_clear_error();
462 else
463 app_RAND_load_file(randfile, bio_err, 0);
464 457
465 VERBOSE BIO_printf(bio_err, "Trying to read SRP verifier file \"%s\"\n", dbfile); 458 VERBOSE BIO_printf(bio_err, "Trying to read SRP verifier file \"%s\"\n", dbfile);
466 459
@@ -661,8 +654,6 @@ err:
661 free(tofree); 654 free(tofree);
662 if (ret) 655 if (ret)
663 ERR_print_errors(bio_err); 656 ERR_print_errors(bio_err);
664 if (randfile)
665 app_RAND_write_file(randfile, bio_err);
666 if (conf) 657 if (conf)
667 NCONF_free(conf); 658 NCONF_free(conf);
668 if (db) 659 if (db)
diff --git a/src/lib/libssl/src/apps/ts.c b/src/lib/libssl/src/apps/ts.c
index 24e34894fd..c271bdb226 100644
--- a/src/lib/libssl/src/apps/ts.c
+++ b/src/lib/libssl/src/apps/ts.c
@@ -262,15 +262,6 @@ ts_main(int argc, char **argv)
262 goto usage; 262 goto usage;
263 } 263 }
264 264
265 /* Seed the random number generator if it is going to be used. */
266 if (mode == CMD_QUERY && !no_nonce) {
267 if (!app_RAND_load_file(NULL, bio_err, 1) && rnd == NULL)
268 BIO_printf(bio_err, "warning, not much extra random "
269 "data, consider using the -rand option\n");
270 if (rnd != NULL)
271 BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
272 app_RAND_load_files(rnd));
273 }
274 /* Get the password if required. */ 265 /* Get the password if required. */
275 if (mode == CMD_REPLY && passin && 266 if (mode == CMD_REPLY && passin &&
276 !app_passwd(bio_err, passin, NULL, &password, NULL)) { 267 !app_passwd(bio_err, passin, NULL, &password, NULL)) {
@@ -350,7 +341,6 @@ usage:
350 "-untrusted cert_file.pem\n"); 341 "-untrusted cert_file.pem\n");
351cleanup: 342cleanup:
352 /* Clean up. */ 343 /* Clean up. */
353 app_RAND_write_file(NULL, bio_err);
354 NCONF_free(conf); 344 NCONF_free(conf);
355 free(password); 345 free(password);
356 OBJ_cleanup(); 346 OBJ_cleanup();
diff --git a/src/lib/libssl/src/apps/x509.c b/src/lib/libssl/src/apps/x509.c
index 84ca493a89..5841a1b80d 100644
--- a/src/lib/libssl/src/apps/x509.c
+++ b/src/lib/libssl/src/apps/x509.c
@@ -205,7 +205,6 @@ x509_main(int argc, char **argv)
205 const EVP_MD *md_alg, *digest = NULL; 205 const EVP_MD *md_alg, *digest = NULL;
206 CONF *extconf = NULL; 206 CONF *extconf = NULL;
207 char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL; 207 char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
208 int need_rand = 0;
209 int checkend = 0, checkoffset = 0; 208 int checkend = 0, checkoffset = 0;
210 unsigned long nmflag = 0, certflag = 0; 209 unsigned long nmflag = 0, certflag = 0;
211#ifndef OPENSSL_NO_ENGINE 210#ifndef OPENSSL_NO_ENGINE
@@ -252,7 +251,6 @@ x509_main(int argc, char **argv)
252 keyformat = str2fmt(*(++argv)); 251 keyformat = str2fmt(*(++argv));
253 } else if (strcmp(*argv, "-req") == 0) { 252 } else if (strcmp(*argv, "-req") == 0) {
254 reqfile = 1; 253 reqfile = 1;
255 need_rand = 1;
256 } else if (strcmp(*argv, "-CAform") == 0) { 254 } else if (strcmp(*argv, "-CAform") == 0) {
257 if (--argc < 1) 255 if (--argc < 1)
258 goto bad; 256 goto bad;
@@ -301,13 +299,11 @@ x509_main(int argc, char **argv)
301 goto bad; 299 goto bad;
302 keyfile = *(++argv); 300 keyfile = *(++argv);
303 sign_flag = ++num; 301 sign_flag = ++num;
304 need_rand = 1;
305 } else if (strcmp(*argv, "-CA") == 0) { 302 } else if (strcmp(*argv, "-CA") == 0) {
306 if (--argc < 1) 303 if (--argc < 1)
307 goto bad; 304 goto bad;
308 CAfile = *(++argv); 305 CAfile = *(++argv);
309 CA_flag = ++num; 306 CA_flag = ++num;
310 need_rand = 1;
311 } else if (strcmp(*argv, "-CAkey") == 0) { 307 } else if (strcmp(*argv, "-CAkey") == 0) {
312 if (--argc < 1) 308 if (--argc < 1)
313 goto bad; 309 goto bad;
@@ -464,9 +460,6 @@ bad:
464 e = setup_engine(bio_err, engine, 0); 460 e = setup_engine(bio_err, engine, 0);
465#endif 461#endif
466 462
467 if (need_rand)
468 app_RAND_load_file(NULL, bio_err, 0);
469
470 ERR_load_crypto_strings(); 463 ERR_load_crypto_strings();
471 464
472 if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { 465 if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
@@ -844,7 +837,6 @@ bad:
844 if (Upkey == NULL) 837 if (Upkey == NULL)
845 goto end; 838 goto end;
846 } 839 }
847 assert(need_rand);
848 if (!sign(x, Upkey, days, clrext, digest, 840 if (!sign(x, Upkey, days, clrext, digest,
849 extconf, extsect)) 841 extconf, extsect))
850 goto end; 842 goto end;
@@ -858,7 +850,6 @@ bad:
858 if (CApkey == NULL) 850 if (CApkey == NULL)
859 goto end; 851 goto end;
860 } 852 }
861 assert(need_rand);
862 if (!x509_certify(ctx, CAfile, digest, x, xca, 853 if (!x509_certify(ctx, CAfile, digest, x, xca,
863 CApkey, sigopts, 854 CApkey, sigopts,
864 CAserial, CA_createserial, days, clrext, 855 CAserial, CA_createserial, days, clrext,
@@ -941,8 +932,6 @@ bad:
941 } 932 }
942 ret = 0; 933 ret = 0;
943end: 934end:
944 if (need_rand)
945 app_RAND_write_file(NULL, bio_err);
946 OBJ_cleanup(); 935 OBJ_cleanup();
947 NCONF_free(extconf); 936 NCONF_free(extconf);
948 BIO_free_all(out); 937 BIO_free_all(out);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-26 21:26:05 +0000