From: tedu Date: Fri, 18 Apr 2014 19:54:57 +0000 (+0000) Subject: $HOME/.rnd will never be a good source of entropy. ok beck X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=1237e1bd7b4f84b44e67acef5ca9fbbe4031fd49;p=openbsd $HOME/.rnd will never be a good source of entropy. ok beck --- diff --git a/lib/libssl/src/apps/app_rand.c b/lib/libssl/src/apps/app_rand.c deleted file mode 100644 index d6cdd6e01b9..00000000000 --- a/lib/libssl/src/apps/app_rand.c +++ /dev/null @@ -1,204 +0,0 @@ -/* apps/app_rand.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#define NON_MAIN -#include "apps.h" -#undef NON_MAIN -#include -#include - - -static int seeded = 0; - -int -app_RAND_load_file(const char *file, BIO * bio_e, int dont_warn) -{ - int consider_randfile = (file == NULL); - char buffer[200]; - - - if (file == NULL) - file = RAND_file_name(buffer, sizeof buffer); - if (file == NULL || !RAND_load_file(file, -1)) { - if (RAND_status() == 0) { - if (!dont_warn) { - BIO_printf(bio_e, "unable to load 'random state'\n"); - BIO_printf(bio_e, "This means that the random number generator has not been seeded\n"); - BIO_printf(bio_e, "with much random data.\n"); - if (consider_randfile) { /* explanation does not - * apply when a file is - * explicitly named */ - BIO_printf(bio_e, "Consider setting the RANDFILE environment variable to point at a file that\n"); - BIO_printf(bio_e, "'random' data can be kept in (the file will be overwritten).\n"); - } - } - return 0; - } - } - seeded = 1; - return 1; -} - -long -app_RAND_load_files(char *name) -{ - char *p, *n; - int last; - long tot = 0; - - for (;;) { - last = 0; - for (p = name; - ((*p != '\0') && (*p != ':')); p++); - if (*p == '\0') - last = 1; - *p = '\0'; - n = name; - name = p + 1; - if (*n == '\0') - break; - - tot += RAND_load_file(n, -1); - if (last) - break; - } - if (tot > 512) - app_RAND_allow_write_file(); - return (tot); -} - -int -app_RAND_write_file(const char *file, BIO * bio_e) -{ - char buffer[200]; - - if (!seeded) - /* - * If we did not manage to read the seed file, we should not - * write a low-entropy seed file back -- it would suppress a - * crucial warning the next time we want to use it. - */ - return 0; - - if (file == NULL) - file = RAND_file_name(buffer, sizeof buffer); - if (file == NULL || !RAND_write_file(file)) { - BIO_printf(bio_e, "unable to write 'random state'\n"); - return 0; - } - return 1; -} - -void -app_RAND_allow_write_file(void) -{ - seeded = 1; -} diff --git a/lib/libssl/src/apps/apps.h b/lib/libssl/src/apps/apps.h index 077d766a49b..55015024e9d 100644 --- a/lib/libssl/src/apps/apps.h +++ b/lib/libssl/src/apps/apps.h @@ -126,14 +126,6 @@ #endif #include -int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn); -int app_RAND_write_file(const char *file, BIO *bio_e); -/* When `file' is NULL, use defaults. - * `bio_e' is for error messages. */ -void app_RAND_allow_write_file(void); -long app_RAND_load_files(char *file); /* `file' is a list of files to read, - * separated by ':'. The string is destroyed! */ - extern CONF *config; extern char *default_config_file; extern BIO *bio_err; diff --git a/lib/libssl/src/apps/ca.c b/lib/libssl/src/apps/ca.c index 1d750187324..c582549b15b 100644 --- a/lib/libssl/src/apps/ca.c +++ b/lib/libssl/src/apps/ca.c @@ -311,7 +311,6 @@ ca_main(int argc, char **argv) #undef BSIZE #define BSIZE 256 char buf[3][BSIZE]; - char *randfile = NULL; #ifndef OPENSSL_NO_ENGINE char *engine = NULL; #endif @@ -598,11 +597,6 @@ ca_main(int argc, char **argv) goto err; } } - randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE"); - if (randfile == NULL) - ERR_clear_error(); - app_RAND_load_file(randfile, bio_err, 0); - f = NCONF_get_string(conf, section, STRING_MASK); if (!f) ERR_clear_error(); @@ -1363,7 +1357,6 @@ err: if (ret) ERR_print_errors(bio_err); - app_RAND_write_file(randfile, bio_err); if (free_key && key) free(key); BN_free(serial); diff --git a/lib/libssl/src/apps/cms.c b/lib/libssl/src/apps/cms.c index d9694a41928..0ece401ce36 100644 --- a/lib/libssl/src/apps/cms.c +++ b/lib/libssl/src/apps/cms.c @@ -128,7 +128,6 @@ cms_main(int argc, char **argv) char *CAfile = NULL, *CApath = NULL; char *passargin = NULL, *passin = NULL; char *inrand = NULL; - int need_rand = 0; const EVP_MD *sign_md = NULL; int informat = FORMAT_SMIME, outformat = FORMAT_SMIME; int rctformat = FORMAT_SMIME, keyform = FORMAT_PEM; @@ -331,7 +330,6 @@ cms_main(int argc, char **argv) goto argerr; args++; inrand = *args; - need_rand = 1; } #ifndef OPENSSL_NO_ENGINE else if (!strcmp(*args, "-engine")) { @@ -489,7 +487,6 @@ cms_main(int argc, char **argv) } signerfile = NULL; keyfile = NULL; - need_rand = 1; } else if (operation == SMIME_DECRYPT) { if (!recipfile && !keyfile && !secret_key && !pwri_pass) { BIO_printf(bio_err, "No recipient certificate or key specified\n"); @@ -500,7 +497,6 @@ cms_main(int argc, char **argv) BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n"); badarg = 1; } - need_rand = 1; } else if (!operation) badarg = 1; @@ -578,12 +574,6 @@ argerr: BIO_printf(bio_err, "Error getting password\n"); goto end; } - if (need_rand) { - app_RAND_load_file(NULL, bio_err, (inrand != NULL)); - if (inrand != NULL) - BIO_printf(bio_err, "%ld semi-random bytes loaded\n", - app_RAND_load_files(inrand)); - } ret = 2; if (!(operation & SMIME_SIGNERS)) @@ -979,8 +969,6 @@ argerr: end: if (ret) ERR_print_errors(bio_err); - if (need_rand) - app_RAND_write_file(NULL, bio_err); sk_X509_pop_free(encerts, X509_free); sk_X509_pop_free(other, X509_free); if (vpm) diff --git a/lib/libssl/src/apps/dgst.c b/lib/libssl/src/apps/dgst.c index 09105399ff2..e4741855dce 100644 --- a/lib/libssl/src/apps/dgst.c +++ b/lib/libssl/src/apps/dgst.c @@ -292,8 +292,6 @@ dgst_main(int argc, char **argv) else out_bin = 0; } - if (randfile) - app_RAND_load_file(randfile, bio_err, 0); if (outfile) { if (out_bin) diff --git a/lib/libssl/src/apps/dhparam.c b/lib/libssl/src/apps/dhparam.c index 7679a891fd1..8ca71f5e5d1 100644 --- a/lib/libssl/src/apps/dhparam.c +++ b/lib/libssl/src/apps/dhparam.c @@ -283,13 +283,6 @@ bad: BN_GENCB cb; BN_GENCB_set(&cb, dh_cb, bio_err); - if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) { - BIO_printf(bio_err, "warning, not much extra random data, consider using the -rand option\n"); - } - if (inrand != NULL) - BIO_printf(bio_err, "%ld semi-random bytes loaded\n", - app_RAND_load_files(inrand)); - #ifndef OPENSSL_NO_DSA if (dsaparam) { DSA *dsa = DSA_new(); @@ -319,8 +312,6 @@ bad: goto end; } } - - app_RAND_write_file(NULL, bio_err); } else { in = BIO_new(BIO_s_file()); diff --git a/lib/libssl/src/apps/dsaparam.c b/lib/libssl/src/apps/dsaparam.c index 4b4f98fec66..af34b24f8bc 100644 --- a/lib/libssl/src/apps/dsaparam.c +++ b/lib/libssl/src/apps/dsaparam.c @@ -117,7 +117,6 @@ dsaparam_main(int argc, char **argv) int informat, outformat, noout = 0, C = 0, ret = 1; char *infile, *outfile, *prog, *inrand = NULL; int numbits = -1, num, genkey = 0; - int need_rand = 0; #ifndef OPENSSL_NO_ENGINE char *engine = NULL; #endif @@ -180,18 +179,15 @@ dsaparam_main(int argc, char **argv) C = 1; else if (strcmp(*argv, "-genkey") == 0) { genkey = 1; - need_rand = 1; } else if (strcmp(*argv, "-rand") == 0) { if (--argc < 1) goto bad; inrand = *(++argv); - need_rand = 1; } else if (strcmp(*argv, "-noout") == 0) noout = 1; else if (sscanf(*argv, "%d", &num) == 1) { /* generate a key */ numbits = num; - need_rand = 1; } else { BIO_printf(bio_err, "unknown option %s\n", *argv); badops = 1; @@ -252,16 +248,9 @@ bad: setup_engine(bio_err, engine, 0); #endif - if (need_rand) { - app_RAND_load_file(NULL, bio_err, (inrand != NULL)); - if (inrand != NULL) - BIO_printf(bio_err, "%ld semi-random bytes loaded\n", - app_RAND_load_files(inrand)); - } if (numbits > 0) { BN_GENCB cb; BN_GENCB_set(&cb, dsa_cb, bio_err); - assert(need_rand); dsa = DSA_new(); if (!dsa) { BIO_printf(bio_err, "Error allocating DSA object\n"); @@ -381,7 +370,6 @@ bad: if (genkey) { DSA *dsakey; - assert(need_rand); if ((dsakey = DSAparams_dup(dsa)) == NULL) goto end; if (!DSA_generate_key(dsakey)) { @@ -400,8 +388,6 @@ bad: } DSA_free(dsakey); } - if (need_rand) - app_RAND_write_file(NULL, bio_err); ret = 0; end: diff --git a/lib/libssl/src/apps/ecparam.c b/lib/libssl/src/apps/ecparam.c index fee53257a9b..6d97aa55762 100644 --- a/lib/libssl/src/apps/ecparam.c +++ b/lib/libssl/src/apps/ecparam.c @@ -124,7 +124,7 @@ ecparam_main(int argc, char **argv) int new_asn1_flag = 0; char *curve_name = NULL, *inrand = NULL; int list_curves = 0, no_seed = 0, check = 0, badops = 0, text = 0, - i, need_rand = 0, genkey = 0; + i, genkey = 0; char *infile = NULL, *outfile = NULL, *prog; BIO *in = NULL, *out = NULL; int informat, outformat, noout = 0, C = 0, ret = 1; @@ -208,12 +208,10 @@ ecparam_main(int argc, char **argv) noout = 1; else if (strcmp(*argv, "-genkey") == 0) { genkey = 1; - need_rand = 1; } else if (strcmp(*argv, "-rand") == 0) { if (--argc < 1) goto bad; inrand = *(++argv); - need_rand = 1; } else if (strcmp(*argv, "-engine") == 0) { if (--argc < 1) goto bad; @@ -551,20 +549,12 @@ bad: goto end; } } - if (need_rand) { - app_RAND_load_file(NULL, bio_err, (inrand != NULL)); - if (inrand != NULL) - BIO_printf(bio_err, "%ld semi-random bytes loaded\n", - app_RAND_load_files(inrand)); - } if (genkey) { EC_KEY *eckey = EC_KEY_new(); if (eckey == NULL) goto end; - assert(need_rand); - if (EC_KEY_set_group(eckey, group) == 0) goto end; @@ -585,10 +575,6 @@ bad: } EC_KEY_free(eckey); } - if (need_rand) - app_RAND_write_file(NULL, bio_err); - - ret = 0; end: if (ec_p) BN_free(ec_p); diff --git a/lib/libssl/src/apps/gendh.c b/lib/libssl/src/apps/gendh.c index 925b6e41203..c09e5923a5c 100644 --- a/lib/libssl/src/apps/gendh.c +++ b/lib/libssl/src/apps/gendh.c @@ -176,21 +176,12 @@ bad: } } - if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) { - BIO_printf(bio_err, "warning, not much extra random data, consider using the -rand option\n"); - } - if (inrand != NULL) - BIO_printf(bio_err, "%ld semi-random bytes loaded\n", - app_RAND_load_files(inrand)); - BIO_printf(bio_err, "Generating DH parameters, %d bit long safe prime, generator %d\n", num, g); BIO_printf(bio_err, "This is going to take a long time\n"); if (((dh = DH_new()) == NULL) || !DH_generate_parameters_ex(dh, num, g, &cb)) goto end; - app_RAND_write_file(NULL, bio_err); - if (!PEM_write_bio_DHparams(out, dh)) goto end; ret = 0; diff --git a/lib/libssl/src/apps/gendsa.c b/lib/libssl/src/apps/gendsa.c index 9bfeb4c16b9..bcc11a2e622 100644 --- a/lib/libssl/src/apps/gendsa.c +++ b/lib/libssl/src/apps/gendsa.c @@ -228,20 +228,11 @@ bad: } } - if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) { - BIO_printf(bio_err, "warning, not much extra random data, consider using the -rand option\n"); - } - if (inrand != NULL) - BIO_printf(bio_err, "%ld semi-random bytes loaded\n", - app_RAND_load_files(inrand)); - BIO_printf(bio_err, "Generating DSA key, %d bits\n", BN_num_bits(dsa->p)); if (!DSA_generate_key(dsa)) goto end; - app_RAND_write_file(NULL, bio_err); - if (!PEM_write_bio_DSAPrivateKey(out, dsa, enc, NULL, 0, NULL, passout)) goto end; ret = 0; diff --git a/lib/libssl/src/apps/genrsa.c b/lib/libssl/src/apps/genrsa.c index fb879acad52..5b5fbc6fa94 100644 --- a/lib/libssl/src/apps/genrsa.c +++ b/lib/libssl/src/apps/genrsa.c @@ -237,14 +237,6 @@ bad: } } - if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL && - !RAND_status()) { - BIO_printf(bio_err, "warning, not much extra random data, consider using the -rand option\n"); - } - if (inrand != NULL) - BIO_printf(bio_err, "%ld semi-random bytes loaded\n", - app_RAND_load_files(inrand)); - BIO_printf(bio_err, "Generating RSA private key, %d bit long modulus\n", num); #ifdef OPENSSL_NO_ENGINE @@ -258,8 +250,6 @@ bad: if (!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb)) goto err; - app_RAND_write_file(NULL, bio_err); - /* * We need to do the following for when the base number size is < * long, esp windows 3.1 :-(. diff --git a/lib/libssl/src/apps/pkcs12.c b/lib/libssl/src/apps/pkcs12.c index fc61be467b0..933fded99ad 100644 --- a/lib/libssl/src/apps/pkcs12.c +++ b/lib/libssl/src/apps/pkcs12.c @@ -410,12 +410,6 @@ pkcs12_main(int argc, char **argv) mpass = macpass; } - if (export_cert || inrand) { - app_RAND_load_file(NULL, bio_err, (inrand != NULL)); - if (inrand != NULL) - BIO_printf(bio_err, "%ld semi-random bytes loaded\n", - app_RAND_load_files(inrand)); - } ERR_load_crypto_strings(); #ifdef CRYPTO_MDEBUG @@ -705,8 +699,6 @@ export_end: end: if (p12) PKCS12_free(p12); - if (export_cert || inrand) - app_RAND_write_file(NULL, bio_err); #ifdef CRYPTO_MDEBUG CRYPTO_remove_all_info(); #endif diff --git a/lib/libssl/src/apps/pkcs8.c b/lib/libssl/src/apps/pkcs8.c index a0f0ef9b57b..eb36946d482 100644 --- a/lib/libssl/src/apps/pkcs8.c +++ b/lib/libssl/src/apps/pkcs8.c @@ -261,7 +261,6 @@ bad: if (EVP_read_pw_string(pass, sizeof pass, "Enter Encryption Password:", 1)) goto end; } - app_RAND_load_file(NULL, bio_err, 0); if (!(p8 = PKCS8_encrypt(pbe_nid, cipher, p8pass, strlen(p8pass), NULL, 0, iter, p8inf))) { @@ -269,7 +268,6 @@ bad: ERR_print_errors(bio_err); goto end; } - app_RAND_write_file(NULL, bio_err); if (outformat == FORMAT_PEM) PEM_write_bio_PKCS8(out, p8); else if (outformat == FORMAT_ASN1) diff --git a/lib/libssl/src/apps/pkeyutl.c b/lib/libssl/src/apps/pkeyutl.c index 622034292ac..64ccd142ced 100644 --- a/lib/libssl/src/apps/pkeyutl.c +++ b/lib/libssl/src/apps/pkeyutl.c @@ -229,8 +229,6 @@ pkeyutl_main(int argc, char **argv) BIO_puts(bio_err, "No signature file specified for verify\n"); goto end; } -/* FIXME: seed PRNG only if needed */ - app_RAND_load_file(NULL, bio_err, 0); if (pkey_op != EVP_PKEY_OP_DERIVE) { if (infile) { diff --git a/lib/libssl/src/apps/rand.c b/lib/libssl/src/apps/rand.c index 96d2b4e26ca..fa8a65a267b 100644 --- a/lib/libssl/src/apps/rand.c +++ b/lib/libssl/src/apps/rand.c @@ -162,11 +162,6 @@ rand_main(int argc, char **argv) setup_engine(bio_err, engine, 0); #endif - app_RAND_load_file(NULL, bio_err, (inrand != NULL)); - if (inrand != NULL) - BIO_printf(bio_err, "%ld semi-random bytes loaded\n", - app_RAND_load_files(inrand)); - out = BIO_new(BIO_s_file()); if (out == NULL) goto err; @@ -206,7 +201,6 @@ rand_main(int argc, char **argv) BIO_puts(out, "\n"); (void) BIO_flush(out); - app_RAND_write_file(NULL, bio_err); ret = 0; err: diff --git a/lib/libssl/src/apps/req.c b/lib/libssl/src/apps/req.c index 11ee3d2feac..6f46e82ecdc 100644 --- a/lib/libssl/src/apps/req.c +++ b/lib/libssl/src/apps/req.c @@ -549,21 +549,9 @@ bad: * message */ goto end; - } else { - char *randfile = NCONF_get_string(req_conf, SECTION, "RANDFILE"); - if (randfile == NULL) - ERR_clear_error(); - app_RAND_load_file(randfile, bio_err, 0); } } if (newreq && (pkey == NULL)) { - char *randfile = NCONF_get_string(req_conf, SECTION, "RANDFILE"); - if (randfile == NULL) - ERR_clear_error(); - app_RAND_load_file(randfile, bio_err, 0); - if (inrand) - app_RAND_load_files(inrand); - if (!NCONF_get_number(req_conf, SECTION, BITS, &newkey)) { newkey = DEFAULT_KEY_LENGTH; } @@ -610,8 +598,6 @@ bad: EVP_PKEY_CTX_free(genctx); genctx = NULL; - app_RAND_write_file(randfile, bio_err); - if (keyout == NULL) { keyout = NCONF_get_string(req_conf, SECTION, KEYFILE); if (keyout == NULL) diff --git a/lib/libssl/src/apps/rsautl.c b/lib/libssl/src/apps/rsautl.c index 8848a4ac4b3..dab8d6f6e34 100644 --- a/lib/libssl/src/apps/rsautl.c +++ b/lib/libssl/src/apps/rsautl.c @@ -200,8 +200,6 @@ rsautl_main(int argc, char **argv) BIO_printf(bio_err, "Error getting password\n"); goto end; } -/* FIXME: seed PRNG only if needed */ - app_RAND_load_file(NULL, bio_err, 0); switch (key_type) { case KEY_PRIVKEY: diff --git a/lib/libssl/src/apps/s_client.c b/lib/libssl/src/apps/s_client.c index cbdba2ae520..8c71d6b6ae9 100644 --- a/lib/libssl/src/apps/s_client.c +++ b/lib/libssl/src/apps/s_client.c @@ -999,14 +999,6 @@ bad: goto end; } } - if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL - && !RAND_status()) { - BIO_printf(bio_err, "warning, not much extra random data, consider using the -rand option\n"); - } - if (inrand != NULL) - BIO_printf(bio_err, "%ld semi-random bytes loaded\n", - app_RAND_load_files(inrand)); - if (bio_c_out == NULL) { if (c_quiet && !c_debug && !c_msg) { bio_c_out = BIO_new(BIO_s_null()); diff --git a/lib/libssl/src/apps/s_server.c b/lib/libssl/src/apps/s_server.c index a84b822538a..3dd22e6b7a8 100644 --- a/lib/libssl/src/apps/s_server.c +++ b/lib/libssl/src/apps/s_server.c @@ -1227,14 +1227,6 @@ bad: goto end; } } - if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL - && !RAND_status()) { - BIO_printf(bio_err, "warning, not much extra random data, consider using the -rand option\n"); - } - if (inrand != NULL) - BIO_printf(bio_err, "%ld semi-random bytes loaded\n", - app_RAND_load_files(inrand)); - if (bio_s_out == NULL) { if (s_quiet && !s_debug && !s_msg) { bio_s_out = BIO_new(BIO_s_null()); diff --git a/lib/libssl/src/apps/smime.c b/lib/libssl/src/apps/smime.c index 4c0e32ccba9..1b4a8aa9c2b 100644 --- a/lib/libssl/src/apps/smime.c +++ b/lib/libssl/src/apps/smime.c @@ -107,7 +107,6 @@ smime_main(int argc, char **argv) char *CAfile = NULL, *CApath = NULL; char *passargin = NULL, *passin = NULL; char *inrand = NULL; - int need_rand = 0; int indef = 0; const EVP_MD *sign_md = NULL; int informat = FORMAT_SMIME, outformat = FORMAT_SMIME; @@ -212,7 +211,6 @@ smime_main(int argc, char **argv) goto argerr; args++; inrand = *args; - need_rand = 1; } #ifndef OPENSSL_NO_ENGINE else if (!strcmp(*args, "-engine")) { @@ -354,7 +352,6 @@ smime_main(int argc, char **argv) } signerfile = NULL; keyfile = NULL; - need_rand = 1; } else if (operation == SMIME_DECRYPT) { if (!recipfile && !keyfile) { BIO_printf(bio_err, "No recipient certificate or key specified\n"); @@ -365,7 +362,6 @@ smime_main(int argc, char **argv) BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n"); badarg = 1; } - need_rand = 1; } else if (!operation) badarg = 1; @@ -441,12 +437,6 @@ argerr: BIO_printf(bio_err, "Error getting password\n"); goto end; } - if (need_rand) { - app_RAND_load_file(NULL, bio_err, (inrand != NULL)); - if (inrand != NULL) - BIO_printf(bio_err, "%ld semi-random bytes loaded\n", - app_RAND_load_files(inrand)); - } ret = 2; if (!(operation & SMIME_SIGNERS)) @@ -670,8 +660,6 @@ argerr: } ret = 0; end: - if (need_rand) - app_RAND_write_file(NULL, bio_err); if (ret) ERR_print_errors(bio_err); sk_X509_pop_free(encerts, X509_free); diff --git a/lib/libssl/src/apps/srp.c b/lib/libssl/src/apps/srp.c index bdd3017251d..9c3dcdb1d65 100644 --- a/lib/libssl/src/apps/srp.c +++ b/lib/libssl/src/apps/srp.c @@ -283,7 +283,6 @@ srp_main(int argc, char **argv) char **pp; int i; long errorline = -1; - char *randfile = NULL; #ifndef OPENSSL_NO_ENGINE char *engine = NULL; #endif @@ -446,9 +445,6 @@ srp_main(int argc, char **argv) goto err; } } - if (randfile == NULL && conf) - randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE"); - VERBOSE BIO_printf(bio_err, "trying to read " ENV_DATABASE " in section \"%s\"\n", section); @@ -457,10 +453,7 @@ srp_main(int argc, char **argv) goto err; } } - if (randfile == NULL) - ERR_clear_error(); - else - app_RAND_load_file(randfile, bio_err, 0); + ERR_clear_error(); VERBOSE BIO_printf(bio_err, "Trying to read SRP verifier file \"%s\"\n", dbfile); @@ -661,8 +654,6 @@ err: free(tofree); if (ret) ERR_print_errors(bio_err); - if (randfile) - app_RAND_write_file(randfile, bio_err); if (conf) NCONF_free(conf); if (db) diff --git a/lib/libssl/src/apps/ts.c b/lib/libssl/src/apps/ts.c index 24e34894fda..c271bdb2269 100644 --- a/lib/libssl/src/apps/ts.c +++ b/lib/libssl/src/apps/ts.c @@ -262,15 +262,6 @@ ts_main(int argc, char **argv) goto usage; } - /* Seed the random number generator if it is going to be used. */ - if (mode == CMD_QUERY && !no_nonce) { - if (!app_RAND_load_file(NULL, bio_err, 1) && rnd == NULL) - BIO_printf(bio_err, "warning, not much extra random " - "data, consider using the -rand option\n"); - if (rnd != NULL) - BIO_printf(bio_err, "%ld semi-random bytes loaded\n", - app_RAND_load_files(rnd)); - } /* Get the password if required. */ if (mode == CMD_REPLY && passin && !app_passwd(bio_err, passin, NULL, &password, NULL)) { @@ -350,7 +341,6 @@ usage: "-untrusted cert_file.pem\n"); cleanup: /* Clean up. */ - app_RAND_write_file(NULL, bio_err); NCONF_free(conf); free(password); OBJ_cleanup(); diff --git a/lib/libssl/src/apps/x509.c b/lib/libssl/src/apps/x509.c index 84ca493a89a..5841a1b80d0 100644 --- a/lib/libssl/src/apps/x509.c +++ b/lib/libssl/src/apps/x509.c @@ -205,7 +205,6 @@ x509_main(int argc, char **argv) const EVP_MD *md_alg, *digest = NULL; CONF *extconf = NULL; char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL; - int need_rand = 0; int checkend = 0, checkoffset = 0; unsigned long nmflag = 0, certflag = 0; #ifndef OPENSSL_NO_ENGINE @@ -252,7 +251,6 @@ x509_main(int argc, char **argv) keyformat = str2fmt(*(++argv)); } else if (strcmp(*argv, "-req") == 0) { reqfile = 1; - need_rand = 1; } else if (strcmp(*argv, "-CAform") == 0) { if (--argc < 1) goto bad; @@ -301,13 +299,11 @@ x509_main(int argc, char **argv) goto bad; keyfile = *(++argv); sign_flag = ++num; - need_rand = 1; } else if (strcmp(*argv, "-CA") == 0) { if (--argc < 1) goto bad; CAfile = *(++argv); CA_flag = ++num; - need_rand = 1; } else if (strcmp(*argv, "-CAkey") == 0) { if (--argc < 1) goto bad; @@ -464,9 +460,6 @@ bad: e = setup_engine(bio_err, engine, 0); #endif - if (need_rand) - app_RAND_load_file(NULL, bio_err, 0); - ERR_load_crypto_strings(); if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { @@ -844,7 +837,6 @@ bad: if (Upkey == NULL) goto end; } - assert(need_rand); if (!sign(x, Upkey, days, clrext, digest, extconf, extsect)) goto end; @@ -858,7 +850,6 @@ bad: if (CApkey == NULL) goto end; } - assert(need_rand); if (!x509_certify(ctx, CAfile, digest, x, xca, CApkey, sigopts, CAserial, CA_createserial, days, clrext, @@ -941,8 +932,6 @@ bad: } ret = 0; end: - if (need_rand) - app_RAND_write_file(NULL, bio_err); OBJ_cleanup(); NCONF_free(extconf); BIO_free_all(out);