#include "apps.h"
#include <openssl/bio.h>
#include <openssl/rand.h>
+#include <openssl/conf.h>
-static int seeded = 0;
-static int egdsocket = 0;
+static const char *save_rand_file;
-int app_RAND_load_file(const char *file, int dont_warn)
+void app_RAND_load_conf(CONF *c, const char *section)
{
- int consider_randfile = (file == NULL);
- char buffer[200];
+ const char *randfile = NCONF_get_string(c, section, "RANDFILE");
- if (file == NULL) {
- file = RAND_file_name(buffer, sizeof buffer);
-#ifndef OPENSSL_NO_EGD
- } else if (RAND_egd(file) > 0) {
- /*
- * we try if the given filename is an EGD socket. if it is, we don't
- * write anything back to the file.
- */
- egdsocket = 1;
- return 1;
-#endif
+ if (randfile == NULL) {
+ ERR_clear_error();
+ return;
}
-
- if (file == NULL || !RAND_load_file(file, -1)) {
- if (RAND_status() == 0) {
- if (!dont_warn) {
- BIO_printf(bio_err, "unable to load 'random state'\n");
- BIO_printf(bio_err,
- "This means that the random number generator has not been seeded\n");
- BIO_printf(bio_err, "with much random data.\n");
- if (consider_randfile) { /* explanation does not apply when a
- * file is explicitly named */
- BIO_printf(bio_err,
- "Consider setting the RANDFILE environment variable to point at a file that\n");
- BIO_printf(bio_err,
- "'random' data can be kept in (the file will be overwritten).\n");
- }
- }
- return 0;
- }
+ if (RAND_load_file(randfile, -1) < 0) {
+ BIO_printf(bio_err, "Can't load %s into RNG\n", randfile);
+ ERR_print_errors(bio_err);
+ return;
}
- seeded = 1;
- return 1;
+ if (save_rand_file == NULL)
+ save_rand_file = randfile;
}
-long app_RAND_load_files(char *name)
+static int loadfiles(char *name)
{
char *p, *n;
- int last;
- long tot = 0;
-#ifndef OPENSSL_NO_EGD
- int egd;
-#endif
+ int last, ret = 1;
- for (;;) {
+ for ( ; ; ) {
last = 0;
- for (p = name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++) ;
+ for (p = name; *p != '\0' && *p != LIST_SEPARATOR_CHAR; p++)
+ continue;
if (*p == '\0')
last = 1;
*p = '\0';
+ if (RAND_load_file(name, -1) < 0) {
+ BIO_printf(bio_err, "Can't load %s into RNG\n", name);
+ ERR_print_errors(bio_err);
+ ret = 0;
+ }
n = name;
- name = p + 1;
- if (*n == '\0')
- break;
-
-#ifndef OPENSSL_NO_EGD
- egd = RAND_egd(n);
- if (egd > 0)
- tot += egd;
- else
-#endif
- tot += RAND_load_file(n, -1);
if (last)
break;
+ name = p + 1;
+ if (*name == '\0')
+ break;
}
- if (tot > 512)
- app_RAND_allow_write_file();
- return (tot);
+ return ret;
}
-int app_RAND_write_file(const char *file)
+void app_RAND_write(void)
{
- char buffer[200];
-
- if (egdsocket || !seeded) {
- /*
- * If we didn't manage to read the seed file, don't write a
- * file out -- it would suppress a crucial warning the next
- * time we want to use it.
- */
- return 0;
+ if (save_rand_file == NULL)
+ return;
+ if (RAND_write_file(save_rand_file) == -1) {
+ BIO_printf(bio_err, "Cannot write random bytes:\n");
+ ERR_print_errors(bio_err);
}
-
- if (file == NULL)
- file = RAND_file_name(buffer, sizeof buffer);
- if (file == NULL || !RAND_write_file(file)) {
- BIO_printf(bio_err, "unable to write 'random state'\n");
- return 0;
- }
- return 1;
}
-void app_RAND_allow_write_file(void)
+
+/*
+ * See comments in opt_verify for explanation of this.
+ */
+enum r_range { OPT_R_ENUM };
+
+int opt_rand(int opt)
{
- seeded = 1;
+ switch ((enum r_range)opt) {
+ case OPT_R__FIRST:
+ case OPT_R__LAST:
+ break;
+ case OPT_R_RAND:
+ return loadfiles(opt_arg());
+ break;
+ case OPT_R_WRITERAND:
+ save_rand_file = opt_arg();
+ break;
+ }
+ return 1;
}
*/
#define _UC(c) ((unsigned char)(c))
-int app_RAND_load_file(const char *file, int dont_warn);
-int app_RAND_write_file(const char *file);
-/*
- * When `file' is NULL, use defaults. `bio_e' is for error messages.
- */
-void app_RAND_allow_write_file(void);
-long app_RAND_load_files(char *file); /* `file' is a list of files to read,
- * separated by LIST_SEPARATOR_CHAR
- * (see e_os.h). The string is
- * destroyed! */
+void app_RAND_load_conf(CONF *c, const char *section);
+void app_RAND_write(void);
extern char *default_config_file;
extern BIO *bio_in;
case OPT_V_ALLOW_PROXY_CERTS
/*
- * Common "extended"? options.
+ * Common "extended validation" options.
*/
# define OPT_X_ENUM \
OPT_X__FIRST=1000, \
(o == OPT_S_NOSSL3 || o == OPT_S_NOTLS1 || o == OPT_S_NOTLS1_1 \
|| o == OPT_S_NOTLS1_2 || o == OPT_S_NOTLS1_3)
+/*
+ * Random state options.
+ */
+# define OPT_R_ENUM \
+ OPT_R__FIRST=1500, OPT_R_RAND, OPT_R_WRITERAND, OPT_R__LAST
+
+# define OPT_R_OPTIONS \
+ {"rand", OPT_R_RAND, 's', "Load the file(s) into the random number generator"}, \
+ {"writerand", OPT_R_WRITERAND, '>', "Write random data to the specified file"}
+
+# define OPT_R_CASES \
+ OPT_R__FIRST: case OPT_R__LAST: break; \
+ case OPT_R_RAND: case OPT_R_WRITERAND
+
/*
* Option parsing.
*/
char **opt_rest(void);
int opt_num_rest(void);
int opt_verify(int i, X509_VERIFY_PARAM *vpm);
+int opt_rand(int i);
void opt_help(const OPTIONS * list);
int opt_format_error(const char *s, unsigned long flags);
OPT_GENCRL, OPT_MSIE_HACK, OPT_CRLDAYS, OPT_CRLHOURS, OPT_CRLSEC,
OPT_INFILES, OPT_SS_CERT, OPT_SPKAC, OPT_REVOKE, OPT_VALID,
OPT_EXTENSIONS, OPT_EXTFILE, OPT_STATUS, OPT_UPDATEDB, OPT_CRLEXTS,
+ OPT_R_ENUM,
/* Do not change the order here; see related case statements below */
OPT_CRL_REASON, OPT_CRL_HOLD, OPT_CRL_COMPROMISE, OPT_CRL_CA_COMPROMISE
} OPTION_CHOICE;
"sets compromise time to val and the revocation reason to keyCompromise"},
{"crl_CA_compromise", OPT_CRL_CA_COMPROMISE, 's',
"sets compromise time to val and the revocation reason to CACompromise"},
+ OPT_R_OPTIONS,
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
char *outdir = NULL, *outfile = NULL, *rev_arg = NULL, *ser_status = NULL;
const char *serialfile = NULL, *subj = NULL;
char *prog, *startdate = NULL, *enddate = NULL;
- char *dbfile = NULL, *f, *randfile = NULL;
+ char *dbfile = NULL, *f;
char new_cert[CERT_MAX + 1];
char tmp[10 + 1] = "\0";
char *const *pp;
case OPT_PASSIN:
passinarg = opt_arg();
break;
+ case OPT_R_CASES:
+ if (!opt_rand(o))
+ goto end;
+ break;
case OPT_KEY:
key = opt_arg();
break;
}
}
- randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
- if (randfile == NULL)
- ERR_clear_error();
- app_RAND_load_file(randfile, 0);
+ app_RAND_load_conf(conf, BASE_SECTION);
f = NCONF_get_string(conf, section, STRING_MASK);
if (f == NULL)
if (ret)
ERR_print_errors(bio_err);
- app_RAND_write_file(randfile);
if (free_key)
OPENSSL_free(key);
BN_free(serial);
OPT_RR_ALL, OPT_RR_FIRST, OPT_RCTFORM, OPT_CERTFILE, OPT_CAFILE,
OPT_CAPATH, OPT_NOCAPATH, OPT_NOCAFILE,OPT_CONTENT, OPT_PRINT,
OPT_SECRETKEY, OPT_SECRETKEYID, OPT_PWRI_PASSWORD, OPT_ECONTENT_TYPE,
- OPT_RAND, OPT_PASSIN, OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP,
+ OPT_PASSIN, OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP,
OPT_CERTSOUT, OPT_MD, OPT_INKEY, OPT_KEYFORM, OPT_KEYOPT, OPT_RR_FROM,
OPT_RR_TO, OPT_AES128_WRAP, OPT_AES192_WRAP, OPT_AES256_WRAP,
OPT_3DES_WRAP, OPT_ENGINE,
+ OPT_R_ENUM,
OPT_V_ENUM,
OPT_CIPHER
} OPTION_CHOICE;
{"secretkeyid", OPT_SECRETKEYID, 's'},
{"pwri_password", OPT_PWRI_PASSWORD, 's'},
{"econtent_type", OPT_ECONTENT_TYPE, 's'},
- {"rand", OPT_RAND, 's',
- "Load the file(s) into the random number generator"},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"to", OPT_TO, 's', "To address"},
{"from", OPT_FROM, 's', "From address"},
{"receipt_request_from", OPT_RR_FROM, 's'},
{"receipt_request_to", OPT_RR_TO, 's'},
{"", OPT_CIPHER, '-', "Any supported cipher"},
+ OPT_R_OPTIONS,
OPT_V_OPTIONS,
{"aes128-wrap", OPT_AES128_WRAP, '-', "Use AES128 to wrap key"},
{"aes192-wrap", OPT_AES192_WRAP, '-', "Use AES192 to wrap key"},
const char *CAfile = NULL, *CApath = NULL;
char *certsoutfile = NULL;
int noCAfile = 0, noCApath = 0;
- char *infile = NULL, *outfile = NULL, *rctfile = NULL, *inrand = NULL;
- char *passinarg = NULL, *passin = NULL, *signerfile = NULL, *recipfile =
- NULL;
+ char *infile = NULL, *outfile = NULL, *rctfile = NULL;
+ char *passinarg = NULL, *passin = NULL, *signerfile = NULL, *recipfile = NULL;
char *to = NULL, *from = NULL, *subject = NULL, *prog;
cms_key_param *key_first = NULL, *key_param = NULL;
- int flags = CMS_DETACHED, noout = 0, print = 0, keyidx = -1, vpmtouched =
- 0;
+ int flags = CMS_DETACHED, noout = 0, print = 0, keyidx = -1, vpmtouched = 0;
int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
- int need_rand = 0, operation = 0, ret = 1, rr_print = 0, rr_allorfirst =
- -1;
+ int operation = 0, ret = 1, rr_print = 0, rr_allorfirst = -1;
int verify_retcode = 0, rctformat = FORMAT_SMIME, keyform = FORMAT_PEM;
size_t secret_keylen = 0, secret_keyidlen = 0;
unsigned char *pwri_pass = NULL, *pwri_tmp = NULL;
goto opthelp;
}
break;
- case OPT_RAND:
- inrand = opt_arg();
- need_rand = 1;
- break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
goto end;
vpmtouched++;
break;
+ case OPT_R_CASES:
+ if (!opt_rand(o))
+ goto end;
+ break;
case OPT_3DES_WRAP:
# ifndef OPENSSL_NO_DES
wrap_cipher = EVP_des_ede3_wrap();
}
signerfile = NULL;
keyfile = NULL;
- need_rand = 1;
} else if (operation == SMIME_DECRYPT) {
if (recipfile == NULL && keyfile == NULL
&& secret_key == NULL && pwri_pass == NULL) {
BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
goto opthelp;
}
- need_rand = 1;
} else if (!operation) {
goto opthelp;
}
goto end;
}
- if (need_rand) {
- app_RAND_load_file(NULL, (inrand != NULL));
- if (inrand != NULL)
- BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
- }
-
ret = 2;
if (!(operation & SMIME_SIGNERS))
end:
if (ret)
ERR_print_errors(bio_err);
- if (need_rand)
- app_RAND_write_file(NULL);
sk_X509_pop_free(encerts, X509_free);
sk_X509_pop_free(other, X509_free);
X509_VERIFY_PARAM_free(vpm);
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
- OPT_C, OPT_R, OPT_RAND, OPT_OUT, OPT_SIGN, OPT_PASSIN, OPT_VERIFY,
+ OPT_C, OPT_R, OPT_OUT, OPT_SIGN, OPT_PASSIN, OPT_VERIFY,
OPT_PRVERIFY, OPT_SIGNATURE, OPT_KEYFORM, OPT_ENGINE, OPT_ENGINE_IMPL,
OPT_HEX, OPT_BINARY, OPT_DEBUG, OPT_FIPS_FINGERPRINT,
OPT_HMAC, OPT_MAC, OPT_SIGOPT, OPT_MACOPT,
- OPT_DIGEST
+ OPT_DIGEST,
+ OPT_R_ENUM,
} OPTION_CHOICE;
const OPTIONS dgst_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"c", OPT_C, '-', "Print the digest with separating colons"},
{"r", OPT_R, '-', "Print the digest in coreutils format"},
- {"rand", OPT_RAND, 's',
- "Use file(s) containing random data to seed RNG or an EGD sock"},
{"out", OPT_OUT, '>', "Output to filename rather than stdout"},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"sign", OPT_SIGN, 's', "Sign digest using private key"},
{"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
{"macopt", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form or key"},
{"", OPT_DIGEST, '-', "Any supported digest"},
+ OPT_R_OPTIONS,
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
{"engine_impl", OPT_ENGINE_IMPL, '-',
char *passinarg = NULL, *passin = NULL;
const EVP_MD *md = NULL, *m;
const char *outfile = NULL, *keyfile = NULL, *prog = NULL;
- const char *sigfile = NULL, *randfile = NULL;
+ const char *sigfile = NULL;
OPTION_CHOICE o;
int separator = 0, debug = 0, keyform = FORMAT_PEM, siglen = 0;
int i, ret = 1, out_bin = -1, want_pub = 0, do_verify = 0;
case OPT_R:
separator = 2;
break;
- case OPT_RAND:
- randfile = opt_arg();
+ case OPT_R_CASES:
+ if (!opt_rand(o))
+ goto end;
break;
case OPT_OUT:
outfile = opt_arg();
out_bin = 0;
}
- if (randfile != NULL)
- app_RAND_load_file(randfile, 0);
-
out = bio_open_default(outfile, 'w', out_bin ? FORMAT_BINARY : FORMAT_TEXT);
if (out == NULL)
goto end;
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT,
OPT_ENGINE, OPT_CHECK, OPT_TEXT, OPT_NOOUT,
- OPT_RAND, OPT_DSAPARAM, OPT_C, OPT_2, OPT_5
+ OPT_DSAPARAM, OPT_C, OPT_2, OPT_5,
+ OPT_R_ENUM
} OPTION_CHOICE;
const OPTIONS dhparam_options[] = {
{"check", OPT_CHECK, '-', "Check the DH parameters"},
{"text", OPT_TEXT, '-', "Print a text form of the DH parameters"},
{"noout", OPT_NOOUT, '-', "Don't output any DH parameters"},
- {"rand", OPT_RAND, 's',
- "Load the file(s) into the random number generator"},
+ OPT_R_OPTIONS,
{"C", OPT_C, '-', "Print C code"},
{"2", OPT_2, '-', "Generate parameters using 2 as the generator value"},
{"5", OPT_5, '-', "Generate parameters using 5 as the generator value"},
{
BIO *in = NULL, *out = NULL;
DH *dh = NULL;
- char *infile = NULL, *outfile = NULL, *prog, *inrand = NULL;
+ char *infile = NULL, *outfile = NULL, *prog;
ENGINE *e = NULL;
#ifndef OPENSSL_NO_DSA
int dsaparam = 0;
case OPT_NOOUT:
noout = 1;
break;
- case OPT_RAND:
- inrand = opt_arg();
+ case OPT_R_CASES:
+ if (!opt_rand(o))
+ goto end;
break;
}
}
}
BN_GENCB_set(cb, dh_cb, bio_err);
- if (!app_RAND_load_file(NULL, 1) && inrand == NULL) {
- BIO_printf(bio_err,
- "warning, not much extra random data, consider using the -rand option\n");
- }
- if (inrand != NULL)
- BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
# ifndef OPENSSL_NO_DSA
if (dsaparam) {
}
BN_GENCB_free(cb);
- app_RAND_write_file(NULL);
} else {
in = bio_open_default(infile, 'r', informat);
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT, OPT_C,
- OPT_NOOUT, OPT_GENKEY, OPT_RAND, OPT_ENGINE
+ OPT_NOOUT, OPT_GENKEY, OPT_ENGINE, OPT_R_ENUM
} OPTION_CHOICE;
const OPTIONS dsaparam_options[] = {
{"C", OPT_C, '-', "Output C code"},
{"noout", OPT_NOOUT, '-', "No output"},
{"genkey", OPT_GENKEY, '-', "Generate a DSA key"},
- {"rand", OPT_RAND, 's', "Files to use for random number input"},
+ OPT_R_OPTIONS,
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
# endif
DSA *dsa = NULL;
BIO *in = NULL, *out = NULL;
BN_GENCB *cb = NULL;
- int numbits = -1, num = 0, genkey = 0, need_rand = 0;
+ int numbits = -1, num = 0, genkey = 0;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0, C = 0;
int ret = 1, i, text = 0, private = 0;
- char *infile = NULL, *outfile = NULL, *prog, *inrand = NULL;
+ char *infile = NULL, *outfile = NULL, *prog;
OPTION_CHOICE o;
prog = opt_init(argc, argv, dsaparam_options);
C = 1;
break;
case OPT_GENKEY:
- genkey = need_rand = 1;
+ genkey = 1;
break;
- case OPT_RAND:
- inrand = opt_arg();
- need_rand = 1;
+ case OPT_R_CASES:
+ if (!opt_rand(o))
+ goto end;
break;
case OPT_NOOUT:
noout = 1;
goto end;
/* generate a key */
numbits = num;
- need_rand = 1;
}
private = genkey ? 1 : 0;
if (out == NULL)
goto end;
- if (need_rand) {
- app_RAND_load_file(NULL, (inrand != NULL));
- if (inrand != NULL)
- BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
- }
-
if (numbits > 0) {
cb = BN_GENCB_new();
if (cb == NULL) {
goto end;
}
BN_GENCB_set(cb, dsa_cb, bio_err);
- assert(need_rand);
dsa = DSA_new();
if (dsa == NULL) {
BIO_printf(bio_err, "Error allocating DSA object\n");
if (genkey) {
DSA *dsakey;
- assert(need_rand);
if ((dsakey = DSAparams_dup(dsa)) == NULL)
goto end;
if (!DSA_generate_key(dsakey)) {
NULL);
DSA_free(dsakey);
}
- if (need_rand)
- app_RAND_write_file(NULL);
ret = 0;
end:
BN_GENCB_free(cb);
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT, OPT_C,
OPT_CHECK, OPT_LIST_CURVES, OPT_NO_SEED, OPT_NOOUT, OPT_NAME,
- OPT_CONV_FORM, OPT_PARAM_ENC, OPT_GENKEY, OPT_RAND, OPT_ENGINE
+ OPT_CONV_FORM, OPT_PARAM_ENC, OPT_GENKEY, OPT_ENGINE,
+ OPT_R_ENUM
} OPTION_CHOICE;
const OPTIONS ecparam_options[] = {
{"param_enc", OPT_PARAM_ENC, 's',
"Specifies the way the ec parameters are encoded"},
{"genkey", OPT_GENKEY, '-', "Generate ec key"},
- {"rand", OPT_RAND, 's', "Files to use for random number input"},
+ OPT_R_OPTIONS,
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif
BIO *in = NULL, *out = NULL;
EC_GROUP *group = NULL;
point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
- char *curve_name = NULL, *inrand = NULL;
+ char *curve_name = NULL;
char *infile = NULL, *outfile = NULL, *prog;
unsigned char *buffer = NULL;
OPTION_CHOICE o;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0, C = 0;
int ret = 1, private = 0;
int list_curves = 0, no_seed = 0, check = 0, new_form = 0;
- int text = 0, i, need_rand = 0, genkey = 0;
+ int text = 0, i, genkey = 0;
prog = opt_init(argc, argv, ecparam_options);
while ((o = opt_next()) != OPT_EOF) {
new_asn1_flag = 1;
break;
case OPT_GENKEY:
- genkey = need_rand = 1;
+ genkey = 1;
break;
- case OPT_RAND:
- inrand = opt_arg();
- need_rand = 1;
+ case OPT_R_CASES:
+ if (!opt_rand(o))
+ goto end;
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
}
}
- if (need_rand) {
- app_RAND_load_file(NULL, (inrand != NULL));
- if (inrand != NULL)
- BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
- }
-
if (genkey) {
EC_KEY *eckey = EC_KEY_new();
if (eckey == NULL)
goto end;
- assert(need_rand);
-
if (EC_KEY_set_group(eckey, group) == 0) {
BIO_printf(bio_err, "unable to set group when generating key\n");
EC_KEY_free(eckey);
EC_KEY_free(eckey);
}
- if (need_rand)
- app_RAND_write_file(NULL);
-
ret = 0;
end:
BN_free(ec_p);
OPT_E, OPT_IN, OPT_OUT, OPT_PASS, OPT_ENGINE, OPT_D, OPT_P, OPT_V,
OPT_NOPAD, OPT_SALT, OPT_NOSALT, OPT_DEBUG, OPT_UPPER_P, OPT_UPPER_A,
OPT_A, OPT_Z, OPT_BUFSIZE, OPT_K, OPT_KFILE, OPT_UPPER_K, OPT_NONE,
- OPT_UPPER_S, OPT_IV, OPT_MD, OPT_CIPHER
+ OPT_UPPER_S, OPT_IV, OPT_MD, OPT_CIPHER,
+ OPT_R_ENUM
} OPTION_CHOICE;
const OPTIONS enc_options[] = {
{"md", OPT_MD, 's', "Use specified digest to create a key from the passphrase"},
{"none", OPT_NONE, '-', "Don't encrypt"},
{"", OPT_CIPHER, '-', "Any supported cipher"},
+ OPT_R_OPTIONS,
#ifdef ZLIB
{"z", OPT_Z, '-', "Use zlib as the 'encryption'"},
#endif
case OPT_NONE:
cipher = NULL;
break;
+ case OPT_R_CASES:
+ if (!opt_rand(o))
+ goto end;
+ break;
}
}
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
- OPT_OUT, OPT_PASSOUT, OPT_ENGINE, OPT_RAND, OPT_CIPHER
+ OPT_OUT, OPT_PASSOUT, OPT_ENGINE, OPT_CIPHER,
+ OPT_R_ENUM
} OPTION_CHOICE;
const OPTIONS gendsa_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"out", OPT_OUT, '>', "Output the key to the specified file"},
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
- {"rand", OPT_RAND, 's',
- "Load the file(s) into the random number generator"},
+ OPT_R_OPTIONS,
{"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
BIO *out = NULL, *in = NULL;
DSA *dsa = NULL;
const EVP_CIPHER *enc = NULL;
- char *inrand = NULL, *dsaparams = NULL;
+ char *dsaparams = NULL;
char *outfile = NULL, *passoutarg = NULL, *passout = NULL, *prog;
OPTION_CHOICE o;
int ret = 1, private = 0;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
- case OPT_RAND:
- inrand = opt_arg();
+ case OPT_R_CASES:
+ if (!opt_rand(o))
+ goto end;
break;
case OPT_CIPHER:
if (!opt_cipher(opt_unknown(), &enc))
if (out == NULL)
goto end2;
- if (!app_RAND_load_file(NULL, 1) && inrand == NULL) {
- BIO_printf(bio_err,
- "warning, not much extra random data, consider using the -rand option\n");
- }
- if (inrand != NULL)
- BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
-
DSA_get0_pqg(dsa, &p, NULL, NULL);
BIO_printf(bio_err, "Generating DSA key, %d bits\n", BN_num_bits(p));
if (!DSA_generate_key(dsa))
goto end;
- app_RAND_write_file(NULL);
-
assert(private);
if (!PEM_write_bio_DSAPrivateKey(out, dsa, enc, NULL, 0, NULL, passout))
goto end;
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_3, OPT_F4, OPT_ENGINE,
- OPT_OUT, OPT_RAND, OPT_PASSOUT, OPT_CIPHER
+ OPT_OUT, OPT_PASSOUT, OPT_CIPHER,
+ OPT_R_ENUM
} OPTION_CHOICE;
const OPTIONS genrsa_options[] = {
{"F4", OPT_F4, '-', "Use F4 (0x10001) for the E value"},
{"f4", OPT_F4, '-', "Use F4 (0x10001) for the E value"},
{"out", OPT_OUT, 's', "Output the key to specified file"},
- {"rand", OPT_RAND, 's',
- "Load the file(s) into the random number generator"},
+ OPT_R_OPTIONS,
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
{"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
# ifndef OPENSSL_NO_ENGINE
int ret = 1, num = DEFBITS, private = 0;
unsigned long f4 = RSA_F4;
char *outfile = NULL, *passoutarg = NULL, *passout = NULL;
- char *inrand = NULL, *prog, *hexe, *dece;
+ char *prog, *hexe, *dece;
OPTION_CHOICE o;
if (bn == NULL || cb == NULL)
case OPT_ENGINE:
eng = setup_engine(opt_arg(), 0);
break;
- case OPT_RAND:
- inrand = opt_arg();
+ case OPT_R_CASES:
+ if (!opt_rand(o))
+ goto end;
break;
case OPT_PASSOUT:
passoutarg = opt_arg();
if (out == NULL)
goto end;
- if (!app_RAND_load_file(NULL, 1) && inrand == NULL
- && !RAND_status()) {
- BIO_printf(bio_err,
- "warning, not much extra random data, consider using the -rand option\n");
- }
- if (inrand != NULL)
- BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
-
BIO_printf(bio_err, "Generating RSA private key, %d bit long modulus\n",
num);
rsa = eng ? RSA_new_method(eng) : RSA_new();
if (!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, cb))
goto end;
- app_RAND_write_file(NULL);
-
RSA_get0_key(rsa, NULL, &e, NULL);
hexe = BN_bn2hex(e);
dece = BN_bn2dec(e);
OPENSSL_free(default_config_file);
lh_FUNCTION_free(prog);
OPENSSL_free(arg.argv);
+ app_RAND_write();
BIO_free(bio_in);
BIO_free_all(bio_out);
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_IN,
OPT_NOVERIFY, OPT_QUIET, OPT_TABLE, OPT_REVERSE, OPT_APR1,
- OPT_1, OPT_5, OPT_6, OPT_CRYPT, OPT_AIXMD5, OPT_SALT, OPT_STDIN
+ OPT_1, OPT_5, OPT_6, OPT_CRYPT, OPT_AIXMD5, OPT_SALT, OPT_STDIN,
+ OPT_R_ENUM,
} OPTION_CHOICE;
const OPTIONS passwd_options[] = {
# ifndef OPENSSL_NO_DES
{"crypt", OPT_CRYPT, '-', "Standard Unix password algorithm (default)"},
# endif
+ OPT_R_OPTIONS,
{NULL}
};
in_stdin = 1;
pw_source_defined = 1;
break;
+ case OPT_R_CASES:
+ if (!opt_rand(o))
+ goto end;
+ break;
}
}
argc = opt_num_rest();
OPT_CACERTS, OPT_NOOUT, OPT_INFO, OPT_CHAIN, OPT_TWOPASS, OPT_NOMACVER,
OPT_DESCERT, OPT_EXPORT, OPT_NOITER, OPT_MACITER, OPT_NOMACITER,
OPT_NOMAC, OPT_LMK, OPT_NODES, OPT_MACALG, OPT_CERTPBE, OPT_KEYPBE,
- OPT_RAND, OPT_INKEY, OPT_CERTFILE, OPT_NAME, OPT_CSP, OPT_CANAME,
+ OPT_INKEY, OPT_CERTFILE, OPT_NAME, OPT_CSP, OPT_CANAME,
OPT_IN, OPT_OUT, OPT_PASSIN, OPT_PASSOUT, OPT_PASSWORD, OPT_CAPATH,
- OPT_CAFILE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_ENGINE
+ OPT_CAFILE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_ENGINE,
+ OPT_R_ENUM
} OPTION_CHOICE;
const OPTIONS pkcs12_options[] = {
{"macalg", OPT_MACALG, 's',
"Digest algorithm used in MAC (default SHA1)"},
{"keypbe", OPT_KEYPBE, 's', "Private key PBE algorithm (default 3DES)"},
- {"rand", OPT_RAND, 's',
- "Load the file(s) into the random number generator"},
+ OPT_R_OPTIONS,
{"inkey", OPT_INKEY, 's', "Private key if not infile"},
{"certfile", OPT_CERTFILE, '<', "Load certs from file"},
{"name", OPT_NAME, 's', "Use name as friendly name"},
int ret = 1, macver = 1, add_lmk = 0, private = 0;
int noprompt = 0;
char *passinarg = NULL, *passoutarg = NULL, *passarg = NULL;
- char *passin = NULL, *passout = NULL, *inrand = NULL, *macalg = NULL;
+ char *passin = NULL, *passout = NULL, *macalg = NULL;
char *cpass = NULL, *mpass = NULL, *badpass = NULL;
const char *CApath = NULL, *CAfile = NULL, *prog;
int noCApath = 0, noCAfile = 0;
if (!set_pbe(&key_pbe, opt_arg()))
goto opthelp;
break;
- case OPT_RAND:
- inrand = opt_arg();
+ case OPT_R_CASES:
+ if (!opt_rand(o))
+ goto end;
break;
case OPT_INKEY:
keyname = opt_arg();
mpass = macpass;
}
- if (export_cert || inrand != NULL) {
- app_RAND_load_file(NULL, (inrand != NULL));
- if (inrand != NULL)
- BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
- }
-
if (twopass) {
/* To avoid bit rot */
if (1) {
ret = 0;
end:
PKCS12_free(p12);
- if (export_cert || inrand)
- app_RAND_write_file(NULL);
release_engine(e);
BIO_free(in);
BIO_free_all(out);
OPT_SCRYPT, OPT_SCRYPT_N, OPT_SCRYPT_R, OPT_SCRYPT_P,
#endif
OPT_V2, OPT_V1, OPT_V2PRF, OPT_ITER, OPT_PASSIN, OPT_PASSOUT,
- OPT_TRADITIONAL
+ OPT_TRADITIONAL,
+ OPT_R_ENUM
} OPTION_CHOICE;
const OPTIONS pkcs8_options[] = {
{"topk8", OPT_TOPK8, '-', "Output PKCS8 file"},
{"noiter", OPT_NOITER, '-', "Use 1 as iteration count"},
{"nocrypt", OPT_NOCRYPT, '-', "Use or expect unencrypted private key"},
+ OPT_R_OPTIONS,
{"v2", OPT_V2, 's', "Use PKCS#5 v2.0 and cipher"},
{"v1", OPT_V1, 's', "Use PKCS#5 v1.5 and cipher"},
{"v2prf", OPT_V2PRF, 's', "Set the PRF algorithm to use with PKCS#5 v2.0"},
case OPT_NOCRYPT:
nocrypt = 1;
break;
+ case OPT_R_CASES:
+ if (!opt_rand(o))
+ goto end;
+ break;
case OPT_TRADITIONAL:
traditional = 1;
break;
BIO_printf(bio_err, "Password required\n");
goto end;
}
- app_RAND_load_file(NULL, 0);
p8 = PKCS8_set0_pbe(p8pass, strlen(p8pass), p8inf, pbe);
if (p8 == NULL) {
X509_ALGOR_free(pbe);
ERR_print_errors(bio_err);
goto end;
}
- app_RAND_write_file(NULL);
assert(private);
if (outformat == FORMAT_PEM)
PEM_write_bio_PKCS8(out, p8);
OPT_PUBIN, OPT_CERTIN, OPT_ASN1PARSE, OPT_HEXDUMP, OPT_SIGN,
OPT_VERIFY, OPT_VERIFYRECOVER, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT,
OPT_DERIVE, OPT_SIGFILE, OPT_INKEY, OPT_PEERKEY, OPT_PASSIN,
- OPT_PEERFORM, OPT_KEYFORM, OPT_PKEYOPT, OPT_KDF, OPT_KDFLEN
+ OPT_PEERFORM, OPT_KEYFORM, OPT_PKEYOPT, OPT_KDF, OPT_KDFLEN,
+ OPT_R_ENUM
} OPTION_CHOICE;
const OPTIONS pkeyutl_options[] = {
{"peerform", OPT_PEERFORM, 'E', "Peer key format - default PEM"},
{"keyform", OPT_KEYFORM, 'E', "Private key format - default PEM"},
{"pkeyopt", OPT_PKEYOPT, 's', "Public key options as opt:value"},
+ OPT_R_OPTIONS,
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
{"engine_impl", OPT_ENGINE_IMPL, '-',
if (!opt_format(opt_arg(), OPT_FMT_PDE, &keyform))
goto opthelp;
break;
+ case OPT_R_CASES:
+ if (!opt_rand(o))
+ goto end;
+ break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
goto end;
}
-/* FIXME: seed PRNG only if needed */
- app_RAND_load_file(NULL, 0);
-
if (pkey_op != EVP_PKEY_OP_DERIVE) {
in = bio_open_default(infile, 'r', FORMAT_BINARY);
if (in == NULL)
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
- OPT_OUT, OPT_ENGINE, OPT_RAND, OPT_BASE64, OPT_HEX
+ OPT_OUT, OPT_ENGINE, OPT_BASE64, OPT_HEX,
+ OPT_R_ENUM
} OPTION_CHOICE;
const OPTIONS rand_options[] = {
{OPT_HELP_STR, 1, '-', "Valid options are:\n"},
{"help", OPT_HELP, '-', "Display this summary"},
{"out", OPT_OUT, '>', "Output file"},
- {"rand", OPT_RAND, 's',
- "Load the file(s) into the random number generator"},
+ OPT_R_OPTIONS,
{"base64", OPT_BASE64, '-', "Base64 encode output"},
{"hex", OPT_HEX, '-', "Hex encode output"},
#ifndef OPENSSL_NO_ENGINE
{
ENGINE *e = NULL;
BIO *out = NULL;
- char *inrand = NULL, *outfile = NULL, *prog;
+ char *outfile = NULL, *prog;
OPTION_CHOICE o;
int format = FORMAT_BINARY, i, num = -1, r, ret = 1;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
- case OPT_RAND:
- inrand = opt_arg();
+ case OPT_R_CASES:
+ if (!opt_rand(o))
+ goto end;
break;
case OPT_BASE64:
format = FORMAT_BASE64;
if (argc != 1 || !opt_int(argv[0], &num) || num < 0)
goto opthelp;
- app_RAND_load_file(NULL, (inrand != NULL));
- if (inrand != NULL)
- BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
-
out = bio_open_default(outfile, 'w', format);
if (out == NULL)
goto end;
}
if (format == FORMAT_TEXT)
BIO_puts(out, "\n");
- if (BIO_flush(out) <= 0 || !app_RAND_write_file(NULL))
+ if (BIO_flush(out) <= 0)
goto end;
ret = 0;
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_KEYGEN_ENGINE, OPT_KEY,
OPT_PUBKEY, OPT_NEW, OPT_CONFIG, OPT_KEYFORM, OPT_IN, OPT_OUT,
- OPT_KEYOUT, OPT_PASSIN, OPT_PASSOUT, OPT_RAND, OPT_NEWKEY,
+ OPT_KEYOUT, OPT_PASSIN, OPT_PASSOUT, OPT_NEWKEY,
OPT_PKEYOPT, OPT_SIGOPT, OPT_BATCH, OPT_NEWHDR, OPT_MODULUS,
OPT_VERIFY, OPT_NODES, OPT_NOOUT, OPT_VERBOSE, OPT_UTF8,
OPT_NAMEOPT, OPT_REQOPT, OPT_SUBJ, OPT_SUBJECT, OPT_TEXT, OPT_X509,
OPT_MULTIVALUE_RDN, OPT_DAYS, OPT_SET_SERIAL, OPT_EXTENSIONS,
- OPT_REQEXTS, OPT_PRECERT, OPT_MD
+ OPT_REQEXTS, OPT_PRECERT, OPT_MD,
+ OPT_R_ENUM
} OPTION_CHOICE;
const OPTIONS req_options[] = {
{"keyout", OPT_KEYOUT, '>', "File to send the key to"},
{"passin", OPT_PASSIN, 's', "Private key password source"},
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
- {"rand", OPT_RAND, 's',
- "Load the file(s) into the random number generator"},
+ OPT_R_OPTIONS,
{"newkey", OPT_NEWKEY, 's', "Specify as type:bits"},
{"pkeyopt", OPT_PKEYOPT, 's', "Public key options as opt:value"},
{"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
const EVP_CIPHER *cipher = NULL;
const EVP_MD *md_alg = NULL, *digest = NULL;
char *extensions = NULL, *infile = NULL;
- char *outfile = NULL, *keyfile = NULL, *inrand = NULL;
+ char *outfile = NULL, *keyfile = NULL;
char *keyalgstr = NULL, *p, *prog, *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
char *nofree_passin = NULL, *nofree_passout = NULL;
case OPT_PASSOUT:
passargout = opt_arg();
break;
- case OPT_RAND:
- inrand = opt_arg();
+ case OPT_R_CASES:
+ if (!opt_rand(o))
+ goto end;
break;
case OPT_NEWKEY:
keyalg = opt_arg();
/* load_key() has already printed an appropriate message */
goto end;
} else {
- char *randfile = NCONF_get_string(req_conf, SECTION, "RANDFILE");
- if (randfile == NULL)
- ERR_clear_error();
- app_RAND_load_file(randfile, 0);
+ app_RAND_load_conf(req_conf, SECTION);
}
}
if (newreq && (pkey == NULL)) {
- char *randfile = NCONF_get_string(req_conf, SECTION, "RANDFILE");
- if (randfile == NULL)
- ERR_clear_error();
- app_RAND_load_file(randfile, 0);
- if (inrand != NULL)
- app_RAND_load_files(inrand);
+ app_RAND_load_conf(req_conf, SECTION);
if (!NCONF_get_number(req_conf, SECTION, BITS, &newkey)) {
newkey = DEFAULT_KEY_LENGTH;
EVP_PKEY_CTX_free(genctx);
genctx = NULL;
- app_RAND_write_file(randfile);
-
if (keyout == NULL) {
keyout = NCONF_get_string(req_conf, SECTION, KEYFILE);
if (keyout == NULL)
OPT_ENGINE, OPT_IN, OPT_OUT, OPT_ASN1PARSE, OPT_HEXDUMP,
OPT_RAW, OPT_OAEP, OPT_SSL, OPT_PKCS, OPT_X931,
OPT_SIGN, OPT_VERIFY, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT,
- OPT_PUBIN, OPT_CERTIN, OPT_INKEY, OPT_PASSIN, OPT_KEYFORM
+ OPT_PUBIN, OPT_CERTIN, OPT_INKEY, OPT_PASSIN, OPT_KEYFORM,
+ OPT_R_ENUM
} OPTION_CHOICE;
const OPTIONS rsautl_options[] = {
{"encrypt", OPT_ENCRYPT, '-', "Encrypt with public key"},
{"decrypt", OPT_DECRYPT, '-', "Decrypt with private key"},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+ OPT_R_OPTIONS,
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif
case OPT_PASSIN:
passinarg = opt_arg();
break;
+ case OPT_R_CASES:
+ if (!opt_rand(o))
+ goto end;
+ break;
}
}
argc = opt_num_rest();
goto end;
}
-/* FIXME: seed PRNG only if needed */
- app_RAND_load_file(NULL, 0);
-
switch (key_type) {
case KEY_PRIVKEY:
pkey = load_key(keyfile, keyformat, 0, passin, e, "Private Key");
OPT_CERT, OPT_CRL, OPT_CRL_DOWNLOAD, OPT_SESS_OUT, OPT_SESS_IN,
OPT_CERTFORM, OPT_CRLFORM, OPT_VERIFY_RET_ERROR, OPT_VERIFY_QUIET,
OPT_BRIEF, OPT_PREXIT, OPT_CRLF, OPT_QUIET, OPT_NBIO,
- OPT_SSL_CLIENT_ENGINE, OPT_RAND, OPT_IGN_EOF, OPT_NO_IGN_EOF,
+ OPT_SSL_CLIENT_ENGINE, OPT_IGN_EOF, OPT_NO_IGN_EOF,
OPT_DEBUG, OPT_TLSEXTDEBUG, OPT_STATUS, OPT_WDEBUG,
OPT_MSG, OPT_MSGFILE, OPT_ENGINE, OPT_TRACE, OPT_SECURITY_DEBUG,
OPT_SECURITY_DEBUG_VERBOSE, OPT_SHOWCERTS, OPT_NBIO_TEST, OPT_STATE,
#ifndef OPENSSL_NO_CT
OPT_CT, OPT_NOCT, OPT_CTLOG_FILE,
#endif
- OPT_DANE_TLSA_RRDATA, OPT_DANE_EE_NO_NAME
+ OPT_DANE_TLSA_RRDATA, OPT_DANE_EE_NO_NAME,
+ OPT_R_ENUM
} OPTION_CHOICE;
const OPTIONS s_client_options[] = {
"Use the appropriate STARTTLS command before starting TLS"},
{"xmpphost", OPT_XMPPHOST, 's',
"Host to use with \"-starttls xmpp[-server]\""},
- {"rand", OPT_RAND, 's',
- "Load the file(s) into the random number generator"},
+ OPT_R_OPTIONS,
{"sess_out", OPT_SESS_OUT, '>', "File to write SSL session to"},
{"sess_in", OPT_SESS_IN, '<', "File to read SSL session from"},
{"use_srtp", OPT_USE_SRTP, 's',
char *cert_file = NULL, *key_file = NULL, *chain_file = NULL;
char *chCApath = NULL, *chCAfile = NULL, *host = NULL;
char *port = OPENSSL_strdup(PORT);
- char *inrand = NULL;
char *passarg = NULL, *pass = NULL, *vfyCApath = NULL, *vfyCAfile = NULL;
char *ReqCAfile = NULL;
char *sess_in = NULL, *crl_file = NULL, *p;
#endif
int read_buf_len = 0;
int fallback_scsv = 0;
- long randamt = 0;
OPTION_CHOICE o;
#ifndef OPENSSL_NO_DTLS
int enable_timeouts = 0;
}
#endif
break;
- case OPT_RAND:
- inrand = opt_arg();
+ case OPT_R_CASES:
+ if (!opt_rand(o))
+ goto end;
break;
case OPT_IGN_EOF:
c_ign_eof = 1;
if (!load_excert(&exc))
goto end;
- if (!app_RAND_load_file(NULL, 1) && inrand == NULL
- && !RAND_status()) {
- BIO_printf(bio_err,
- "warning, not much extra random data, consider using the -rand option\n");
- }
- if (inrand != NULL) {
- randamt = app_RAND_load_files(inrand);
- BIO_printf(bio_err, "%ld semi-random bytes loaded\n", randamt);
- }
-
if (bio_c_out == NULL) {
if (c_quiet && !c_debug) {
bio_c_out = BIO_new(BIO_s_null());
OPT_MAX_SEND_FRAG, OPT_SPLIT_SEND_FRAG, OPT_MAX_PIPELINES, OPT_READ_BUF,
OPT_SSL3, OPT_TLS1_3, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,
OPT_DTLS1_2, OPT_SCTP, OPT_TIMEOUT, OPT_MTU, OPT_LISTEN,
- OPT_ID_PREFIX, OPT_RAND, OPT_SERVERNAME, OPT_SERVERNAME_FATAL,
+ OPT_ID_PREFIX, OPT_SERVERNAME, OPT_SERVERNAME_FATAL,
OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN,
OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN,
OPT_KEYLOG_FILE, OPT_MAX_EARLY, OPT_EARLY_DATA,
+ OPT_R_ENUM,
OPT_S_ENUM,
OPT_V_ENUM,
OPT_X_ENUM
{"HTTP", OPT_HTTP, '-', "Like -WWW but ./path includes HTTP headers"},
{"id_prefix", OPT_ID_PREFIX, 's',
"Generate SSL/TLS session IDs prefixed by arg"},
- {"rand", OPT_RAND, 's',
- "Load the file(s) into the random number generator"},
+ OPT_R_OPTIONS,
{"keymatexport", OPT_KEYMATEXPORT, 's',
"Export keying material using label"},
{"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p',
X509 *s_cert = NULL, *s_dcert = NULL;
X509_VERIFY_PARAM *vpm = NULL;
const char *CApath = NULL, *CAfile = NULL, *chCApath = NULL, *chCAfile = NULL;
- char *dpassarg = NULL, *dpass = NULL, *inrand = NULL;
+ char *dpassarg = NULL, *dpass = NULL;
char *passarg = NULL, *pass = NULL, *vfyCApath = NULL, *vfyCAfile = NULL;
char *crl_file = NULL, *prog;
#ifdef AF_UNIX
case OPT_ENGINE:
engine = setup_engine(opt_arg(), 1);
break;
- case OPT_RAND:
- inrand = opt_arg();
+ case OPT_R_CASES:
+ if (!opt_rand(o))
+ goto end;
break;
case OPT_SERVERNAME:
tlsextcbp.servername = opt_arg();
}
- if (!app_RAND_load_file(NULL, 1) && inrand == NULL
- && !RAND_status()) {
- BIO_printf(bio_err,
- "warning, not much extra random data, consider using the -rand option\n");
- }
- if (inrand != NULL)
- BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
-
if (bio_s_out == NULL) {
if (s_quiet && !s_debug) {
bio_s_out = BIO_new(BIO_s_null());
OPT_PK7OUT, OPT_TEXT, OPT_NOINTERN, OPT_NOVERIFY, OPT_NOCHAIN,
OPT_NOCERTS, OPT_NOATTR, OPT_NODETACH, OPT_NOSMIMECAP,
OPT_BINARY, OPT_NOSIGS, OPT_STREAM, OPT_INDEF, OPT_NOINDEF,
- OPT_CRLFEOL, OPT_RAND, OPT_ENGINE, OPT_PASSIN,
+ OPT_CRLFEOL, OPT_ENGINE, OPT_PASSIN,
OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP, OPT_MD,
OPT_CIPHER, OPT_INKEY, OPT_KEYFORM, OPT_CERTFILE, OPT_CAFILE,
+ OPT_R_ENUM,
OPT_V_ENUM,
OPT_CAPATH, OPT_NOCAFILE, OPT_NOCAPATH, OPT_IN, OPT_INFORM, OPT_OUT,
OPT_OUTFORM, OPT_CONTENT
{"indef", OPT_INDEF, '-', "Same as -stream" },
{"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"},
{"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of CR only"},
- {"rand", OPT_RAND, 's',
- "Load the file(s) into the random number generator"},
+ OPT_R_OPTIONS,
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"md", OPT_MD, 's', "Digest algorithm to use when signing or resigning"},
{"", OPT_CIPHER, '-', "Any supported cipher"},
const EVP_CIPHER *cipher = NULL;
const EVP_MD *sign_md = NULL;
const char *CAfile = NULL, *CApath = NULL, *prog = NULL;
- char *certfile = NULL, *keyfile = NULL, *contfile = NULL, *inrand = NULL;
- char *infile = NULL, *outfile = NULL, *signerfile = NULL, *recipfile =
- NULL;
- char *passinarg = NULL, *passin = NULL, *to = NULL, *from =
- NULL, *subject = NULL;
+ char *certfile = NULL, *keyfile = NULL, *contfile = NULL;
+ char *infile = NULL, *outfile = NULL, *signerfile = NULL, *recipfile = NULL;
+ char *passinarg = NULL, *passin = NULL, *to = NULL, *from = NULL, *subject = NULL;
OPTION_CHOICE o;
int noCApath = 0, noCAfile = 0;
- int flags = PKCS7_DETACHED, operation = 0, ret = 0, need_rand = 0, indef =
- 0;
+ int flags = PKCS7_DETACHED, operation = 0, ret = 0, indef = 0;
int informat = FORMAT_SMIME, outformat = FORMAT_SMIME, keyform =
FORMAT_PEM;
int vpmtouched = 0, rv = 0;
flags |= PKCS7_CRLFEOL;
mime_eol = "\r\n";
break;
- case OPT_RAND:
- inrand = opt_arg();
- need_rand = 1;
+ case OPT_R_CASES:
+ if (!opt_rand(o))
+ goto end;
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
}
signerfile = NULL;
keyfile = NULL;
- need_rand = 1;
} else if (operation == SMIME_DECRYPT) {
if (recipfile == NULL && keyfile == NULL) {
BIO_printf(bio_err,
BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
goto opthelp;
}
- need_rand = 1;
} else if (!operation) {
goto opthelp;
}
goto end;
}
- if (need_rand) {
- app_RAND_load_file(NULL, (inrand != NULL));
- if (inrand != NULL)
- BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
- }
-
ret = 2;
if (!(operation & SMIME_SIGNERS))
}
ret = 0;
end:
- if (need_rand)
- app_RAND_write_file(NULL);
if (ret)
ERR_print_errors(bio_err);
sk_X509_pop_free(encerts, X509_free);
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_ELAPSED, OPT_EVP, OPT_DECRYPT, OPT_ENGINE, OPT_MULTI,
- OPT_MR, OPT_MB, OPT_MISALIGN, OPT_ASYNCJOBS
+ OPT_MR, OPT_MB, OPT_MISALIGN, OPT_ASYNCJOBS, OPT_R_ENUM,
} OPTION_CHOICE;
const OPTIONS speed_options[] = {
{"async_jobs", OPT_ASYNCJOBS, 'p',
"Enable async mode and start pnum jobs"},
#endif
+ OPT_R_OPTIONS,
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
goto end;
#endif
break;
+ case OPT_R_CASES:
+ if (!opt_rand(o))
+ goto end;
+ break;
}
}
argc = opt_num_rest();
# define BASE_SECTION "srp"
# define CONFIG_FILE "openssl.cnf"
-# define ENV_RANDFILE "RANDFILE"
# define ENV_DATABASE "srpvfile"
# define ENV_DEFAULT_SRP "default_srp"
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_VERBOSE, OPT_CONFIG, OPT_NAME, OPT_SRPVFILE, OPT_ADD,
OPT_DELETE, OPT_MODIFY, OPT_LIST, OPT_GN, OPT_USERINFO,
- OPT_PASSIN, OPT_PASSOUT, OPT_ENGINE
+ OPT_PASSIN, OPT_PASSOUT, OPT_ENGINE, OPT_R_ENUM,
} OPTION_CHOICE;
const OPTIONS srp_options[] = {
{"userinfo", OPT_USERINFO, 's', "Additional info to be set for user"},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
+ OPT_R_OPTIONS,
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif
int doupdatedb = 0, mode = OPT_ERR;
char *user = NULL, *passinarg = NULL, *passoutarg = NULL;
char *passin = NULL, *passout = NULL, *gN = NULL, *userinfo = NULL;
- char *randfile = NULL, *section = NULL;
+ char *section = NULL;
char **gNrow = NULL, *configfile = NULL;
char *srpvfile = NULL, **pp, *prog;
OPTION_CHOICE o;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
+ case OPT_R_CASES:
+ if (!opt_rand(o))
+ goto end;
+ break;
}
}
argc = opt_num_rest();
goto end;
}
- if (randfile == NULL)
- randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
+ app_RAND_load_conf(conf, BASE_SECTION);
if (verbose)
BIO_printf(bio_err,
if (srpvfile == NULL)
goto end;
}
- if (randfile == NULL)
- ERR_clear_error();
- else
- app_RAND_load_file(randfile, 0);
if (verbose)
BIO_printf(bio_err, "Trying to read SRP verifier file \"%s\"\n",
OPENSSL_free(passout);
if (ret)
ERR_print_errors(bio_err);
- if (randfile != NULL)
- app_RAND_write_file(randfile);
NCONF_free(conf);
free_index(db);
release_engine(e);
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_ENGINE, OPT_CONFIG, OPT_SECTION, OPT_QUERY, OPT_DATA,
- OPT_DIGEST, OPT_RAND, OPT_TSPOLICY, OPT_NO_NONCE, OPT_CERT,
+ OPT_DIGEST, OPT_TSPOLICY, OPT_NO_NONCE, OPT_CERT,
OPT_IN, OPT_TOKEN_IN, OPT_OUT, OPT_TOKEN_OUT, OPT_TEXT,
OPT_REPLY, OPT_QUERYFILE, OPT_PASSIN, OPT_INKEY, OPT_SIGNER,
OPT_CHAIN, OPT_VERIFY, OPT_CAPATH, OPT_CAFILE, OPT_UNTRUSTED,
- OPT_MD, OPT_V_ENUM
+ OPT_MD, OPT_V_ENUM, OPT_R_ENUM
} OPTION_CHOICE;
const OPTIONS ts_options[] = {
{"query", OPT_QUERY, '-', "Generate a TS query"},
{"data", OPT_DATA, '<', "File to hash"},
{"digest", OPT_DIGEST, 's', "Digest (as a hex string)"},
- {"rand", OPT_RAND, 's',
- "Load the file(s) into the random number generator"},
+ OPT_R_OPTIONS,
{"tspolicy", OPT_TSPOLICY, 's', "Policy OID to use"},
{"no_nonce", OPT_NO_NONCE, '-', "Do not include a nonce"},
{"cert", OPT_CERT, '-', "Put cert request into query"},
const char *section = NULL;
char **helpp;
char *password = NULL;
- char *data = NULL, *digest = NULL, *rnd = NULL, *policy = NULL;
+ char *data = NULL, *digest = NULL, *policy = NULL;
char *in = NULL, *out = NULL, *queryfile = NULL, *passin = NULL;
char *inkey = NULL, *signer = NULL, *chain = NULL, *CApath = NULL;
const EVP_MD *md = NULL;
case OPT_DIGEST:
digest = opt_arg();
break;
- case OPT_RAND:
- rnd = opt_arg();
+ case OPT_R_CASES:
+ if (!opt_rand(o))
+ goto end;
break;
case OPT_TSPOLICY:
policy = opt_arg();
if (mode == OPT_ERR || opt_num_rest() != 0)
goto opthelp;
- /* Seed the random number generator if it is going to be used. */
- if (mode == OPT_QUERY && !no_nonce) {
- if (!app_RAND_load_file(NULL, 1) && rnd == NULL)
- BIO_printf(bio_err, "warning, not much extra random "
- "data, consider using the -rand option\n");
- if (rnd != NULL)
- BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
- app_RAND_load_files(rnd));
- }
-
if (mode == OPT_REPLY && passin &&
!app_passwd(passin, NULL, &password, NULL)) {
BIO_printf(bio_err, "Error getting password.\n");
end:
X509_VERIFY_PARAM_free(vpm);
- app_RAND_write_file(NULL);
NCONF_free(conf);
OPENSSL_free(password);
return (ret);
OPT_CLRREJECT, OPT_ALIAS, OPT_CACREATESERIAL, OPT_CLREXT, OPT_OCSPID,
OPT_SUBJECT_HASH_OLD,
OPT_ISSUER_HASH_OLD,
- OPT_BADSIG, OPT_MD, OPT_ENGINE, OPT_NOCERT, OPT_PRESERVE_DATES
+ OPT_BADSIG, OPT_MD, OPT_ENGINE, OPT_NOCERT, OPT_PRESERVE_DATES,
+ OPT_R_ENUM
} OPTION_CHOICE;
const OPTIONS x509_options[] = {
{"text", OPT_TEXT, '-', "Print the certificate in text form"},
{"C", OPT_C, '-', "Print out C code forms"},
{"extfile", OPT_EXTFILE, '<', "File with X509V3 extensions to add"},
+ OPT_R_OPTIONS,
{"extensions", OPT_EXTENSIONS, 's', "Section from config file to use"},
{"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"},
{"certopt", OPT_CERTOPT, 's', "Various certificate text options"},
char *prog;
int x509req = 0, days = DEF_DAYS, modulus = 0, pubkey = 0, pprint = 0;
int C = 0, CAformat = FORMAT_PEM, CAkeyformat = FORMAT_PEM;
- int fingerprint = 0, reqfile = 0, need_rand = 0, checkend = 0;
+ int fingerprint = 0, reqfile = 0, checkend = 0;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM;
int next_serial = 0, subject_hash = 0, issuer_hash = 0, ocspid = 0;
int noout = 0, sign_flag = 0, CA_flag = 0, CA_createserial = 0, email = 0;
outfile = opt_arg();
break;
case OPT_REQ:
- reqfile = need_rand = 1;
+ reqfile = 1;
break;
case OPT_SIGOPT:
case OPT_EXTFILE:
extfile = opt_arg();
break;
+ case OPT_R_CASES:
+ if (!opt_rand(o))
+ goto end;
+ break;
case OPT_EXTENSIONS:
extsect = opt_arg();
break;
case OPT_SIGNKEY:
keyfile = opt_arg();
sign_flag = ++num;
- need_rand = 1;
break;
case OPT_CA:
CAfile = opt_arg();
CA_flag = ++num;
- need_rand = 1;
break;
case OPT_CAKEY:
CAkeyfile = opt_arg();
if (out == NULL)
goto end;
- if (need_rand)
- app_RAND_load_file(NULL, 0);
-
if (!app_passwd(passinarg, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
goto end;
}
- assert(need_rand);
if (!sign(x, Upkey, days, clrext, digest, extconf, extsect, preserve_dates))
goto end;
} else if (CA_flag == i) {
goto end;
}
- assert(need_rand);
if (!x509_certify(ctx, CAfile, digest, x, xca,
CApkey, sigopts,
CAserial, CA_createserial, days, clrext,
}
ret = 0;
end:
- if (need_rand)
- app_RAND_write_file(NULL);
NCONF_free(extconf);
BIO_free_all(out);
X509_STORE_free(ctx);
if (out == NULL)
out = openssl_fopen(file, "wb");
- if (out == NULL)
+ if (out == NULL) {
+ RANDerr(RAND_F_RAND_LOAD_FILE, RAND_R_CANNOT_OPEN_FILE);
+ ERR_add_error_data(2, "Filename=", file);
return -1;
+ }
#if !defined(NO_CHMOD) && !defined(OPENSSL_NO_POSIX_IO)
/*
[B<-utf8>]
[B<-create_serial>]
[B<-multivalue-rdn>]
+[B<-rand file...>]
+[B<-writerand file>]
=head1 DESCRIPTION
If -multi-rdn is not used then the UID value is I<123456+CN=John Doe>.
+=item B<-rand file...>
+
+A file or files containing random data used to seed the random number
+generator.
+Multiple files can be specified separated by an OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
+=item [B<-writerand file>]
+
+Writes random data to the specified I<file> upon exit.
+This can be used with a subsequent B<-rand> flag.
+
=back
=head1 CRL OPTIONS
=item B<RANDFILE>
-A file used to read and write random number seed information, or
-an EGD socket (see L<RAND_egd(3)>).
+At startup the specified file is loaded into the random number generator,
+and at exit 256 bytes will be written to it.
=item B<default_days>
[B<-inkey file>]
[B<-keyopt name:parameter>]
[B<-passin arg>]
-[B<-rand file(s)>]
+[B<-rand file...>]
+[B<-writerand file>]
[B<cert.pem...>]
[B<-to addr>]
[B<-from addr>]
The private key password source. For more information about the format of B<arg>
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
-=item B<-rand file(s)>
+=item B<-rand file...>
A file or files containing random data used to seed the random number
-generator, or an EGD socket (see L<RAND_egd(3)>).
+generator.
Multiple files can be specified separated by an OS-dependent character.
The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
all others.
+=item [B<-writerand file>]
+
+Writes random data to the specified I<file> upon exit.
+This can be used with a subsequent B<-rand> flag.
+
=item B<cert.pem...>
One or more certificates of message recipients: used when encrypting
[B<-signature filename>]
[B<-hmac key>]
[B<-fips-fingerprint>]
+[B<-rand file...>]
[B<-engine id>]
[B<-engine_impl>]
[B<file...>]
=back
-=item B<-rand file(s)>
+=item B<-rand file...>
A file or files containing random data used to seed the random number
-generator, or an EGD socket (see L<RAND_egd(3)>).
+generator.
Multiple files can be specified separated by an OS-dependent character.
The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
all others.
+=item [B<-writerand file>]
+
+Writes random data to the specified I<file> upon exit.
+This can be used with a subsequent B<-rand> flag.
+
=item B<-fips-fingerprint>
Compute HMAC using a specific key for certain OpenSSL-FIPS operations.
[B<-C>]
[B<-2>]
[B<-5>]
-[B<-rand> I<file(s)>]
+[B<-rand file...>]
+[B<-writerand file>]
[B<-engine id>]
[I<numbits>]
present but B<numbits> is present, parameters are generated with the
default generator 2.
-=item B<-rand> I<file(s)>
+=item B<-rand file...>
A file or files containing random data used to seed the random number
-generator, or an EGD socket (see L<RAND_egd(3)>).
+generator.
Multiple files can be specified separated by an OS-dependent character.
The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
all others.
+=item [B<-writerand file>]
+
+Writes random data to the specified I<file> upon exit.
+This can be used with a subsequent B<-rand> flag.
+
=item I<numbits>
This option specifies that a parameter set should be generated of size
[B<-noout>]
[B<-text>]
[B<-C>]
-[B<-rand file(s)>]
+[B<-rand file...>]
+[B<-writerand file>]
[B<-genkey>]
[B<-engine id>]
[B<numbits>]
This option will generate a DSA either using the specified or generated
parameters.
-=item B<-rand file(s)>
+=item B<-rand file...>
A file or files containing random data used to seed the random number
-generator, or an EGD socket (see L<RAND_egd(3)>).
+generator.
Multiple files can be specified separated by an OS-dependent character.
The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
all others.
+=item [B<-writerand file>]
+
+Writes random data to the specified I<file> upon exit.
+This can be used with a subsequent B<-rand> flag.
+
=item B<numbits>
This option specifies that a parameter set should be generated of size
[B<-conv_form arg>]
[B<-param_enc arg>]
[B<-no_seed>]
-[B<-rand file(s)>]
+[B<-rand file...>]
+[B<-writerand file>]
[B<-genkey>]
[B<-engine id>]
This option will generate an EC private key using the specified parameters.
-=item B<-rand file(s)>
+=item B<-rand file...>
A file or files containing random data used to seed the random number
-generator, or an EGD socket (see L<RAND_egd(3)>).
+generator.
Multiple files can be specified separated by an OS-dependent character.
The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
all others.
+=item [B<-writerand file>]
+
+Writes random data to the specified I<file> upon exit.
+This can be used with a subsequent B<-rand> flag.
+
=item B<-engine id>
Specifying an engine (by its unique B<id> string) will cause B<ecparam>
[B<-nopad>]
[B<-debug>]
[B<-none>]
+[B<-rand file...>]
+[B<-writerand file>]
[B<-engine id>]
=head1 DESCRIPTION
Use NULL cipher (no encryption or decryption of input).
+=item B<-rand file...>
+
+A file or files containing random data used to seed the random number
+generator.
+Multiple files can be specified separated by an OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
+=item [B<-writerand file>]
+
+Writes random data to the specified I<file> upon exit.
+This can be used with a subsequent B<-rand> flag.
+
=back
=head1 NOTES
[B<-des>]
[B<-des3>]
[B<-idea>]
-[B<-rand file(s)>]
+[B<-rand file...>]
+[B<-writerand file>]
[B<-engine id>]
[B<paramfile>]
cipher before outputting it. A pass phrase is prompted for.
If none of these options is specified no encryption is used.
-=item B<-rand file(s)>
+=item B<-rand file...>
A file or files containing random data used to seed the random number
-generator, or an EGD socket (see L<RAND_egd(3)>).
+generator.
Multiple files can be specified separated by an OS-dependent character.
The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
all others.
+=item [B<-writerand file>]
+
+Writes random data to the specified I<file> upon exit.
+This can be used with a subsequent B<-rand> flag.
+
=item B<-engine id>
Specifying an engine (by its unique B<id> string) will cause B<gendsa>
[B<-idea>]
[B<-f4>]
[B<-3>]
-[B<-rand file(s)>]
+[B<-rand file...>]
+[B<-writerand file>]
[B<-engine id>]
[B<numbits>]
The public exponent to use, either 65537 or 3. The default is 65537.
-=item B<-rand file(s)>
+=item B<-rand file...>
A file or files containing random data used to seed the random number
-generator, or an EGD socket (see L<RAND_egd(3)>).
+generator.
Multiple files can be specified separated by an OS-dependent character.
The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
all others.
+=item [B<-writerand file>]
+
+Writes random data to the specified I<file> upon exit.
+This can be used with a subsequent B<-rand> flag.
+
=item B<-engine id>
Specifying an engine (by its unique B<id> string) will cause B<genrsa>
[B<-noverify>]
[B<-quiet>]
[B<-table>]
+[B<-rand file...>]
+[B<-writerand file>]
{I<password>}
=head1 DESCRIPTION
In the output list, prepend the cleartext password and a TAB character
to each password hash.
+=item B<-rand file...>
+
+A file or files containing random data used to seed the random number
+generator.
+Multiple files can be specified separated by an OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
+=item [B<-writerand file>]
+
+Writes random data to the specified I<file> upon exit.
+This can be used with a subsequent B<-rand> flag.
+
=back
=head1 EXAMPLES
[B<-password arg>]
[B<-passin arg>]
[B<-passout arg>]
-[B<-rand file(s)>]
+[B<-rand file...>]
+[B<-writerand file>]
[B<-CAfile file>]
[B<-CApath dir>]
[B<-no-CAfile>]
Don't attempt to provide the MAC integrity.
-=item B<-rand file(s)>
+=item B<-rand file...>
A file or files containing random data used to seed the random number
-generator, or an EGD socket (see L<RAND_egd(3)>).
+generator.
Multiple files can be specified separated by an OS-dependent character.
The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
all others.
+=item [B<-writerand file>]
+
+Writes random data to the specified I<file> upon exit.
+This can be used with a subsequent B<-rand> flag.
+
=item B<-CAfile file>
CA storage as a file.
[B<-passout arg>]
[B<-iter count>]
[B<-noiter>]
+[B<-rand file...>]
+[B<-writerand file>]
[B<-nocrypt>]
[B<-traditional>]
[B<-v2 alg>]
when absolutely necessary. Certain software such as some versions of Java
code signing software used unencrypted private keys.
+=item B<-rand file...>
+
+A file or files containing random data used to seed the random number
+generator.
+Multiple files can be specified separated by an OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
+=item [B<-writerand file>]
+
+Writes random data to the specified I<file> upon exit.
+This can be used with a subsequent B<-rand> flag.
+
=item B<-v2 alg>
This option sets the PKCS#5 v2.0 algorithm.
[B<-pkeyopt opt:value>]
[B<-hexdump>]
[B<-asn1parse>]
+[B<-rand file...>]
+[B<-writerand file>]
[B<-engine id>]
[B<-engine_impl>]
Parse the ASN.1 output data, this is useful when combined with the
B<-verifyrecover> option when an ASN1 structure is signed.
+=item B<-rand file...>
+
+A file or files containing random data used to seed the random number
+generator.
+Multiple files can be specified separated by an OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
+=item [B<-writerand file>]
+
+Writes random data to the specified I<file> upon exit.
+This can be used with a subsequent B<-rand> flag.
+
=item B<-engine id>
Specifying an engine (by its unique B<id> string) will cause B<pkeyutl>
B<openssl rand>
[B<-help>]
[B<-out> I<file>]
-[B<-rand> I<file(s)>]
+[B<-rand file...>]
+[B<-writerand file>]
[B<-base64>]
[B<-hex>]
I<num>
Print out a usage message.
-=item B<-out> I<file>
+=item B<-out file>
Write to I<file> instead of standard output.
-=item B<-rand> I<file(s)>
+=item B<-rand file...>
-Use specified file or files or EGD socket (see L<RAND_egd(3)>)
-for seeding the random number generator.
+A file or files containing random data used to seed the random number
+generator.
Multiple files can be specified separated by an OS-dependent character.
The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
all others.
+=item [B<-writerand file>]
+
+Writes random data to the specified I<file> upon exit.
+This can be used with a subsequent B<-rand> flag.
+
=item B<-base64>
Perform base64 encoding on the output.
[B<-verify>]
[B<-modulus>]
[B<-new>]
-[B<-rand file(s)>]
+[B<-rand file...>]
+[B<-writerand file>]
[B<-newkey rsa:bits>]
[B<-newkey alg:file>]
[B<-nodes>]
If the B<-key> option is not used it will generate a new RSA private
key using information specified in the configuration file.
-=item B<-rand file(s)>
+=item B<-rand file...>
A file or files containing random data used to seed the random number
-generator, or an EGD socket (see L<RAND_egd(3)>).
+generator.
Multiple files can be specified separated by an OS-dependent character.
The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
all others.
+=item [B<-writerand file>]
+
+Writes random data to the specified I<file> upon exit.
+This can be used with a subsequent B<-rand> flag.
+
=item B<-newkey arg>
This option creates a new certificate request and a new private
=item B<RANDFILE>
-This specifies a filename in which random number seed information is
-placed and read from, or an EGD socket (see L<RAND_egd(3)>).
+At startup the specified file is loaded into the random number generator,
+and at exit 256 bytes will be written to it.
It is used for private key generation.
=item B<encrypt_key>
[B<-verify>]
[B<-encrypt>]
[B<-decrypt>]
+[B<-rand file...>]
+[B<-writerand file>]
[B<-pkcs>]
[B<-ssl>]
[B<-raw>]
Decrypt the input data using an RSA private key.
+=item B<-rand file...>
+
+A file or files containing random data used to seed the random number
+generator.
+Multiple files can be specified separated by an OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
+=item [B<-writerand file>]
+
+Writes random data to the specified I<file> upon exit.
+This can be used with a subsequent B<-rand> flag.
+
=item B<-pkcs, -oaep, -ssl, -raw>
The padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP,
[B<-no_ticket>]
[B<-sess_out filename>]
[B<-sess_in filename>]
-[B<-rand file(s)>]
+[B<-rand file...>]
+[B<-writerand file>]
[B<-serverinfo types>]
[B<-status>]
[B<-alpn protocols>]
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
-=item B<-rand file(s)>
+=item B<-rand file...>
A file or files containing random data used to seed the random number
-generator, or an EGD socket (see L<RAND_egd(3)>).
+generator.
Multiple files can be specified separated by an OS-dependent character.
The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
all others.
+=item [B<-writerand file>]
+
+Writes random data to the specified I<file> upon exit.
+This can be used with a subsequent B<-rand> flag.
+
=item B<-serverinfo types>
A list of comma-separated TLS Extension Types (numbers between 0 and
[B<-tlsextdebug>]
[B<-HTTP>]
[B<-id_prefix val>]
-[B<-rand val>]
+[B<-rand file...>]
+[B<-writerand file>]
[B<-keymatexport val>]
[B<-keymatexportlen +int>]
[B<-CRL infile>]
servers, when each of which might be generating a unique range of session
IDs (eg. with a certain prefix).
-=item B<-rand val>
+=item B<-rand file...>
A file or files containing random data used to seed the random number
-generator, or an EGD socket (see L<RAND_egd(3)>).
+generator.
Multiple files can be specified separated by an OS-dependent character.
The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
all others.
+=item [B<-writerand file>]
+
+Writes random data to the specified I<file> upon exit.
+This can be used with a subsequent B<-rand> flag.
+
=item B<-verify_return_error>
Verification errors normally just print a message but allow the
[B<-indef>]
[B<-noindef>]
[B<-stream>]
-[B<-rand file(s)>]
+[B<-rand file...>]
+[B<-writerand file>]
[B<-md digest>]
[cert.pem]...
The private key password source. For more information about the format of B<arg>
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
-=item B<-rand file(s)>
+=item B<-rand file...>
A file or files containing random data used to seed the random number
-generator, or an EGD socket (see L<RAND_egd(3)>).
+generator.
Multiple files can be specified separated by an OS-dependent character.
The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
all others.
+=item [B<-writerand file>]
+
+Writes random data to the specified I<file> upon exit.
+This can be used with a subsequent B<-rand> flag.
+
=item B<cert.pem...>
One or more certificates of message recipients: used when encrypting
[B<-elapsed>]
[B<-evp algo>]
[B<-decrypt>]
+[B<-rand file...>]
+[B<-writerand file>]
[B<algorithm...>]
=head1 DESCRIPTION
Time the decryption instead of encryption. Affects only the EVP testing.
+=item B<-rand file...>
+
+A file or files containing random data used to seed the random number
+generator.
+Multiple files can be specified separated by an OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
+=item [B<-writerand file>]
+
+Writes random data to the specified I<file> upon exit.
+This can be used with a subsequent B<-rand> flag.
+
=item B<[zero or more test algorithms]>
If any options are given, B<speed> tests those algorithms, otherwise all of
B<openssl> B<ts>
B<-query>
-[B<-rand> file:file...]
+[B<-rand file...>]
+[B<-writerand file>]
[B<-config> configfile]
[B<-data> file_to_hash]
[B<-digest> digest_bytes]
=over 4
-=item B<-rand> file:file...
+=item B<-rand file...>
-The files containing random data for seeding the random number
-generator. Multiple files can be specified, the separator is B<;> for
-MS-Windows, B<,> for VMS and B<:> for all other platforms. (Optional)
+A file or files containing random data used to seed the random number
+generator.
+Multiple files can be specified separated by an OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
+=item [B<-writerand file>]
+
+Writes random data to the specified I<file> upon exit.
+This can be used with a subsequent B<-rand> flag.
=item B<-config> configfile
[B<-clrext>]
[B<-extfile filename>]
[B<-extensions section>]
+[B<-rand file...>]
+[B<-writerand file>]
[B<-engine id>]
[B<-preserve_dates>]
If not specified then SHA1 is used with B<-fingerprint> or
the default digest for the signing algorithm is used, typically SHA256.
+=item B<-rand file...>
+
+A file or files containing random data used to seed the random number
+generator.
+Multiple files can be specified separated by an OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
+=item [B<-writerand file>]
+
+Writes random data to the specified I<file> upon exit.
+This can be used with a subsequent B<-rand> flag.
+
=item B<-engine id>
Specifying an engine (by its unique B<id> string) will cause B<x509>