+++ /dev/null
-/* apps/app_rand.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#define NON_MAIN
-#include "apps.h"
-#undef NON_MAIN
-#include <openssl/bio.h>
-#include <openssl/rand.h>
-
-
-static int seeded = 0;
-
-int
-app_RAND_load_file(const char *file, BIO * bio_e, int dont_warn)
-{
- int consider_randfile = (file == NULL);
- char buffer[200];
-
-
- if (file == NULL)
- file = RAND_file_name(buffer, sizeof buffer);
- if (file == NULL || !RAND_load_file(file, -1)) {
- if (RAND_status() == 0) {
- if (!dont_warn) {
- BIO_printf(bio_e, "unable to load 'random state'\n");
- BIO_printf(bio_e, "This means that the random number generator has not been seeded\n");
- BIO_printf(bio_e, "with much random data.\n");
- if (consider_randfile) { /* explanation does not
- * apply when a file is
- * explicitly named */
- BIO_printf(bio_e, "Consider setting the RANDFILE environment variable to point at a file that\n");
- BIO_printf(bio_e, "'random' data can be kept in (the file will be overwritten).\n");
- }
- }
- return 0;
- }
- }
- seeded = 1;
- return 1;
-}
-
-long
-app_RAND_load_files(char *name)
-{
- char *p, *n;
- int last;
- long tot = 0;
-
- for (;;) {
- last = 0;
- for (p = name;
- ((*p != '\0') && (*p != ':')); p++);
- if (*p == '\0')
- last = 1;
- *p = '\0';
- n = name;
- name = p + 1;
- if (*n == '\0')
- break;
-
- tot += RAND_load_file(n, -1);
- if (last)
- break;
- }
- if (tot > 512)
- app_RAND_allow_write_file();
- return (tot);
-}
-
-int
-app_RAND_write_file(const char *file, BIO * bio_e)
-{
- char buffer[200];
-
- if (!seeded)
- /*
- * If we did not manage to read the seed file, we should not
- * write a low-entropy seed file back -- it would suppress a
- * crucial warning the next time we want to use it.
- */
- return 0;
-
- if (file == NULL)
- file = RAND_file_name(buffer, sizeof buffer);
- if (file == NULL || !RAND_write_file(file)) {
- BIO_printf(bio_e, "unable to write 'random state'\n");
- return 0;
- }
- return 1;
-}
-
-void
-app_RAND_allow_write_file(void)
-{
- seeded = 1;
-}
#endif
#include <openssl/ossl_typ.h>
-int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
-int app_RAND_write_file(const char *file, BIO *bio_e);
-/* When `file' is NULL, use defaults.
- * `bio_e' is for error messages. */
-void app_RAND_allow_write_file(void);
-long app_RAND_load_files(char *file); /* `file' is a list of files to read,
- * separated by ':'. The string is destroyed! */
-
extern CONF *config;
extern char *default_config_file;
extern BIO *bio_err;
#undef BSIZE
#define BSIZE 256
char buf[3][BSIZE];
- char *randfile = NULL;
#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
#endif
goto err;
}
}
- randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
- if (randfile == NULL)
- ERR_clear_error();
- app_RAND_load_file(randfile, bio_err, 0);
-
f = NCONF_get_string(conf, section, STRING_MASK);
if (!f)
ERR_clear_error();
if (ret)
ERR_print_errors(bio_err);
- app_RAND_write_file(randfile, bio_err);
if (free_key && key)
free(key);
BN_free(serial);
char *CAfile = NULL, *CApath = NULL;
char *passargin = NULL, *passin = NULL;
char *inrand = NULL;
- int need_rand = 0;
const EVP_MD *sign_md = NULL;
int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
int rctformat = FORMAT_SMIME, keyform = FORMAT_PEM;
goto argerr;
args++;
inrand = *args;
- need_rand = 1;
}
#ifndef OPENSSL_NO_ENGINE
else if (!strcmp(*args, "-engine")) {
}
signerfile = NULL;
keyfile = NULL;
- need_rand = 1;
} else if (operation == SMIME_DECRYPT) {
if (!recipfile && !keyfile && !secret_key && !pwri_pass) {
BIO_printf(bio_err, "No recipient certificate or key specified\n");
BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
badarg = 1;
}
- need_rand = 1;
} else if (!operation)
badarg = 1;
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
- if (need_rand) {
- app_RAND_load_file(NULL, bio_err, (inrand != NULL));
- if (inrand != NULL)
- BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
- }
ret = 2;
if (!(operation & SMIME_SIGNERS))
end:
if (ret)
ERR_print_errors(bio_err);
- if (need_rand)
- app_RAND_write_file(NULL, bio_err);
sk_X509_pop_free(encerts, X509_free);
sk_X509_pop_free(other, X509_free);
if (vpm)
else
out_bin = 0;
}
- if (randfile)
- app_RAND_load_file(randfile, bio_err, 0);
if (outfile) {
if (out_bin)
BN_GENCB cb;
BN_GENCB_set(&cb, dh_cb, bio_err);
- if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) {
- BIO_printf(bio_err, "warning, not much extra random data, consider using the -rand option\n");
- }
- if (inrand != NULL)
- BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
-
#ifndef OPENSSL_NO_DSA
if (dsaparam) {
DSA *dsa = DSA_new();
goto end;
}
}
-
- app_RAND_write_file(NULL, bio_err);
} else {
in = BIO_new(BIO_s_file());
int informat, outformat, noout = 0, C = 0, ret = 1;
char *infile, *outfile, *prog, *inrand = NULL;
int numbits = -1, num, genkey = 0;
- int need_rand = 0;
#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
#endif
C = 1;
else if (strcmp(*argv, "-genkey") == 0) {
genkey = 1;
- need_rand = 1;
} else if (strcmp(*argv, "-rand") == 0) {
if (--argc < 1)
goto bad;
inrand = *(++argv);
- need_rand = 1;
} else if (strcmp(*argv, "-noout") == 0)
noout = 1;
else if (sscanf(*argv, "%d", &num) == 1) {
/* generate a key */
numbits = num;
- need_rand = 1;
} else {
BIO_printf(bio_err, "unknown option %s\n", *argv);
badops = 1;
setup_engine(bio_err, engine, 0);
#endif
- if (need_rand) {
- app_RAND_load_file(NULL, bio_err, (inrand != NULL));
- if (inrand != NULL)
- BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
- }
if (numbits > 0) {
BN_GENCB cb;
BN_GENCB_set(&cb, dsa_cb, bio_err);
- assert(need_rand);
dsa = DSA_new();
if (!dsa) {
BIO_printf(bio_err, "Error allocating DSA object\n");
if (genkey) {
DSA *dsakey;
- assert(need_rand);
if ((dsakey = DSAparams_dup(dsa)) == NULL)
goto end;
if (!DSA_generate_key(dsakey)) {
}
DSA_free(dsakey);
}
- if (need_rand)
- app_RAND_write_file(NULL, bio_err);
ret = 0;
end:
int new_asn1_flag = 0;
char *curve_name = NULL, *inrand = NULL;
int list_curves = 0, no_seed = 0, check = 0, badops = 0, text = 0,
- i, need_rand = 0, genkey = 0;
+ i, genkey = 0;
char *infile = NULL, *outfile = NULL, *prog;
BIO *in = NULL, *out = NULL;
int informat, outformat, noout = 0, C = 0, ret = 1;
noout = 1;
else if (strcmp(*argv, "-genkey") == 0) {
genkey = 1;
- need_rand = 1;
} else if (strcmp(*argv, "-rand") == 0) {
if (--argc < 1)
goto bad;
inrand = *(++argv);
- need_rand = 1;
} else if (strcmp(*argv, "-engine") == 0) {
if (--argc < 1)
goto bad;
goto end;
}
}
- if (need_rand) {
- app_RAND_load_file(NULL, bio_err, (inrand != NULL));
- if (inrand != NULL)
- BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
- }
if (genkey) {
EC_KEY *eckey = EC_KEY_new();
if (eckey == NULL)
goto end;
- assert(need_rand);
-
if (EC_KEY_set_group(eckey, group) == 0)
goto end;
}
EC_KEY_free(eckey);
}
- if (need_rand)
- app_RAND_write_file(NULL, bio_err);
-
- ret = 0;
end:
if (ec_p)
BN_free(ec_p);
}
}
- if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) {
- BIO_printf(bio_err, "warning, not much extra random data, consider using the -rand option\n");
- }
- if (inrand != NULL)
- BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
-
BIO_printf(bio_err, "Generating DH parameters, %d bit long safe prime, generator %d\n", num, g);
BIO_printf(bio_err, "This is going to take a long time\n");
if (((dh = DH_new()) == NULL) || !DH_generate_parameters_ex(dh, num, g, &cb))
goto end;
- app_RAND_write_file(NULL, bio_err);
-
if (!PEM_write_bio_DHparams(out, dh))
goto end;
ret = 0;
}
}
- if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) {
- BIO_printf(bio_err, "warning, not much extra random data, consider using the -rand option\n");
- }
- if (inrand != NULL)
- BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
-
BIO_printf(bio_err, "Generating DSA key, %d bits\n",
BN_num_bits(dsa->p));
if (!DSA_generate_key(dsa))
goto end;
- app_RAND_write_file(NULL, bio_err);
-
if (!PEM_write_bio_DSAPrivateKey(out, dsa, enc, NULL, 0, NULL, passout))
goto end;
ret = 0;
}
}
- if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL &&
- !RAND_status()) {
- BIO_printf(bio_err, "warning, not much extra random data, consider using the -rand option\n");
- }
- if (inrand != NULL)
- BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
-
BIO_printf(bio_err, "Generating RSA private key, %d bit long modulus\n",
num);
#ifdef OPENSSL_NO_ENGINE
if (!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb))
goto err;
- app_RAND_write_file(NULL, bio_err);
-
/*
* We need to do the following for when the base number size is <
* long, esp windows 3.1 :-(.
mpass = macpass;
}
- if (export_cert || inrand) {
- app_RAND_load_file(NULL, bio_err, (inrand != NULL));
- if (inrand != NULL)
- BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
- }
ERR_load_crypto_strings();
#ifdef CRYPTO_MDEBUG
end:
if (p12)
PKCS12_free(p12);
- if (export_cert || inrand)
- app_RAND_write_file(NULL, bio_err);
#ifdef CRYPTO_MDEBUG
CRYPTO_remove_all_info();
#endif
if (EVP_read_pw_string(pass, sizeof pass, "Enter Encryption Password:", 1))
goto end;
}
- app_RAND_load_file(NULL, bio_err, 0);
if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
p8pass, strlen(p8pass),
NULL, 0, iter, p8inf))) {
ERR_print_errors(bio_err);
goto end;
}
- app_RAND_write_file(NULL, bio_err);
if (outformat == FORMAT_PEM)
PEM_write_bio_PKCS8(out, p8);
else if (outformat == FORMAT_ASN1)
BIO_puts(bio_err, "No signature file specified for verify\n");
goto end;
}
-/* FIXME: seed PRNG only if needed */
- app_RAND_load_file(NULL, bio_err, 0);
if (pkey_op != EVP_PKEY_OP_DERIVE) {
if (infile) {
setup_engine(bio_err, engine, 0);
#endif
- app_RAND_load_file(NULL, bio_err, (inrand != NULL));
- if (inrand != NULL)
- BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
-
out = BIO_new(BIO_s_file());
if (out == NULL)
goto err;
BIO_puts(out, "\n");
(void) BIO_flush(out);
- app_RAND_write_file(NULL, bio_err);
ret = 0;
err:
* message
*/
goto end;
- } else {
- char *randfile = NCONF_get_string(req_conf, SECTION, "RANDFILE");
- if (randfile == NULL)
- ERR_clear_error();
- app_RAND_load_file(randfile, bio_err, 0);
}
}
if (newreq && (pkey == NULL)) {
- char *randfile = NCONF_get_string(req_conf, SECTION, "RANDFILE");
- if (randfile == NULL)
- ERR_clear_error();
- app_RAND_load_file(randfile, bio_err, 0);
- if (inrand)
- app_RAND_load_files(inrand);
-
if (!NCONF_get_number(req_conf, SECTION, BITS, &newkey)) {
newkey = DEFAULT_KEY_LENGTH;
}
EVP_PKEY_CTX_free(genctx);
genctx = NULL;
- app_RAND_write_file(randfile, bio_err);
-
if (keyout == NULL) {
keyout = NCONF_get_string(req_conf, SECTION, KEYFILE);
if (keyout == NULL)
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
-/* FIXME: seed PRNG only if needed */
- app_RAND_load_file(NULL, bio_err, 0);
switch (key_type) {
case KEY_PRIVKEY:
goto end;
}
}
- if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
- && !RAND_status()) {
- BIO_printf(bio_err, "warning, not much extra random data, consider using the -rand option\n");
- }
- if (inrand != NULL)
- BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
-
if (bio_c_out == NULL) {
if (c_quiet && !c_debug && !c_msg) {
bio_c_out = BIO_new(BIO_s_null());
goto end;
}
}
- if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
- && !RAND_status()) {
- BIO_printf(bio_err, "warning, not much extra random data, consider using the -rand option\n");
- }
- if (inrand != NULL)
- BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
-
if (bio_s_out == NULL) {
if (s_quiet && !s_debug && !s_msg) {
bio_s_out = BIO_new(BIO_s_null());
char *CAfile = NULL, *CApath = NULL;
char *passargin = NULL, *passin = NULL;
char *inrand = NULL;
- int need_rand = 0;
int indef = 0;
const EVP_MD *sign_md = NULL;
int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
goto argerr;
args++;
inrand = *args;
- need_rand = 1;
}
#ifndef OPENSSL_NO_ENGINE
else if (!strcmp(*args, "-engine")) {
}
signerfile = NULL;
keyfile = NULL;
- need_rand = 1;
} else if (operation == SMIME_DECRYPT) {
if (!recipfile && !keyfile) {
BIO_printf(bio_err, "No recipient certificate or key specified\n");
BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
badarg = 1;
}
- need_rand = 1;
} else if (!operation)
badarg = 1;
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
- if (need_rand) {
- app_RAND_load_file(NULL, bio_err, (inrand != NULL));
- if (inrand != NULL)
- BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
- }
ret = 2;
if (!(operation & SMIME_SIGNERS))
}
ret = 0;
end:
- if (need_rand)
- app_RAND_write_file(NULL, bio_err);
if (ret)
ERR_print_errors(bio_err);
sk_X509_pop_free(encerts, X509_free);
char **pp;
int i;
long errorline = -1;
- char *randfile = NULL;
#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
#endif
goto err;
}
}
- if (randfile == NULL && conf)
- randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
-
VERBOSE BIO_printf(bio_err, "trying to read " ENV_DATABASE " in section \"%s\"\n", section);
goto err;
}
}
- if (randfile == NULL)
- ERR_clear_error();
- else
- app_RAND_load_file(randfile, bio_err, 0);
+ ERR_clear_error();
VERBOSE BIO_printf(bio_err, "Trying to read SRP verifier file \"%s\"\n", dbfile);
free(tofree);
if (ret)
ERR_print_errors(bio_err);
- if (randfile)
- app_RAND_write_file(randfile, bio_err);
if (conf)
NCONF_free(conf);
if (db)
goto usage;
}
- /* Seed the random number generator if it is going to be used. */
- if (mode == CMD_QUERY && !no_nonce) {
- if (!app_RAND_load_file(NULL, bio_err, 1) && rnd == NULL)
- BIO_printf(bio_err, "warning, not much extra random "
- "data, consider using the -rand option\n");
- if (rnd != NULL)
- BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
- app_RAND_load_files(rnd));
- }
/* Get the password if required. */
if (mode == CMD_REPLY && passin &&
!app_passwd(bio_err, passin, NULL, &password, NULL)) {
"-untrusted cert_file.pem\n");
cleanup:
/* Clean up. */
- app_RAND_write_file(NULL, bio_err);
NCONF_free(conf);
free(password);
OBJ_cleanup();
const EVP_MD *md_alg, *digest = NULL;
CONF *extconf = NULL;
char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
- int need_rand = 0;
int checkend = 0, checkoffset = 0;
unsigned long nmflag = 0, certflag = 0;
#ifndef OPENSSL_NO_ENGINE
keyformat = str2fmt(*(++argv));
} else if (strcmp(*argv, "-req") == 0) {
reqfile = 1;
- need_rand = 1;
} else if (strcmp(*argv, "-CAform") == 0) {
if (--argc < 1)
goto bad;
goto bad;
keyfile = *(++argv);
sign_flag = ++num;
- need_rand = 1;
} else if (strcmp(*argv, "-CA") == 0) {
if (--argc < 1)
goto bad;
CAfile = *(++argv);
CA_flag = ++num;
- need_rand = 1;
} else if (strcmp(*argv, "-CAkey") == 0) {
if (--argc < 1)
goto bad;
e = setup_engine(bio_err, engine, 0);
#endif
- if (need_rand)
- app_RAND_load_file(NULL, bio_err, 0);
-
ERR_load_crypto_strings();
if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
if (Upkey == NULL)
goto end;
}
- assert(need_rand);
if (!sign(x, Upkey, days, clrext, digest,
extconf, extsect))
goto end;
if (CApkey == NULL)
goto end;
}
- assert(need_rand);
if (!x509_certify(ctx, CAfile, digest, x, xca,
CApkey, sigopts,
CAserial, CA_createserial, days, clrext,
}
ret = 0;
end:
- if (need_rand)
- app_RAND_write_file(NULL, bio_err);
OBJ_cleanup();
NCONF_free(extconf);
BIO_free_all(out);
projects / openbsd / commitdiff