Make pkcs12 and smime applications seed random number

generator (otherwise they don't work) and add -rand
option. Update docs.

diff --git a/CHANGES b/CHANGES
index 2e10a0f8c5ad956b8f658cb4fe51e085fcdd60a2..0bb813b7d0499da61a82b171d3999b97287f4829 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
 
  Changes between 0.9.4 and 0.9.5  [xx XXX 2000]
 
+  *) Add -rand argument to smime and pkcs12 applications and read/write
+     of seed file.
+     [Steve Henson]
+
   *) New 'passwd' tool for crypt(3) and apr1 password hashes.
      [Bodo Moeller]
 

diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index a54555b46778df6414914445d762d627d5a4c674..7b129029480f9ed5846b9ecaa9f1a765a0381a1c 100644 (file)
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -114,6 +114,7 @@ int MAIN(int argc, char **argv)
     STACK *canames = NULL;
     char *cpass = NULL, *mpass = NULL;
     char *passin = NULL, *passout = NULL;
+    char *inrand = NULL;
 
     apps_startup();
 
@@ -170,6 +171,11 @@ int MAIN(int argc, char **argv)
                                        badarg = 1;
                                }
                        } else badarg = 1;
+               } else if (!strcmp (*args, "-rand")) {
+                   if (args[1]) {
+                       args++; 
+                       inrand = *args;
+                   } else badarg = 1;
                } else if (!strcmp (*args, "-inkey")) {
                    if (args[1]) {
                        args++; 
@@ -212,7 +218,7 @@ int MAIN(int argc, char **argv)
                        if(!(passin= getenv(*args))) {
                                BIO_printf(bio_err,
                                 "Can't read environment variable %s\n",
-                                                               *argv);
+                                                               *args);
                                badarg = 1;
                        }
                    } else badarg = 1;
@@ -222,7 +228,7 @@ int MAIN(int argc, char **argv)
                        if(!(passout= getenv(*args))) {
                                BIO_printf(bio_err,
                                 "Can't read environment variable %s\n",
-                                                               *argv);
+                                                               *args);
                                badarg = 1;
                        }
                    } else badarg = 1;
@@ -290,6 +296,9 @@ int MAIN(int argc, char **argv)
        BIO_printf (bio_err, "-envpassin p  environment variable containing input file pass phrase\n");
        BIO_printf (bio_err, "-passout p    output file pass phrase\n");
        BIO_printf (bio_err, "-envpassout p environment variable containing output file pass phrase\n");
+       BIO_printf(bio_err,  "-rand file:file:...\n");
+       BIO_printf(bio_err,  "              load the file (or the files in the directory) into\n");
+       BIO_printf(bio_err,  "              the random number generator\n");
        goto end;
     }
 
@@ -306,6 +315,12 @@ int MAIN(int argc, char **argv)
        mpass = macpass;
     }
 
+    if(export_cert || inrand) {
+       app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+        if (inrand != NULL)
+               BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+                       app_RAND_load_files(inrand));
+    }
     ERR_load_crypto_strings();
 
 #ifdef CRYPTO_MDEBUG
@@ -558,6 +573,7 @@ int MAIN(int argc, char **argv)
     PKCS12_free(p12);
     ret = 0;
     end:
+    if(export_cert || inrand) app_RAND_write_file(NULL, bio_err);
 #ifdef CRYPTO_MDEBUG
     CRYPTO_remove_all_info();
 #endif

diff --git a/apps/smime.c b/apps/smime.c
index 9c84841168b88532c4f04547e80f46e886ccb08b..0d87960d69e315cd4f686e032de2fc54f7158c9e 100644 (file)
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -102,7 +102,8 @@ int MAIN(int argc, char **argv)
        int flags = PKCS7_DETACHED;
        char *to = NULL, *from = NULL, *subject = NULL;
        char *CAfile = NULL, *CApath = NULL, *passin = NULL;
-
+       char *inrand = NULL;
+       int need_rand = 0;
        args = argv + 1;
 
        ret = 1;
@@ -145,17 +146,27 @@ int MAIN(int argc, char **argv)
                                flags |= PKCS7_BINARY;
                else if (!strcmp (*args, "-nosigs"))
                                flags |= PKCS7_NOSIGS;
-               else if (!strcmp(*argv,"-passin")) {
-                       if (--argc < 1) badarg = 1;
-                       else passin= *(++argv);
+               else if (!strcmp(*args,"-rand")) {
+                       if (args[1]) {
+                               args++;
+                               inrand = *args;
+                       } else badarg = 1;
+                       need_rand = 1;
+               } else if (!strcmp(*args,"-passin")) {
+                       if (args[1]) {
+                               args++;
+                               passin = *args;
+                       } else badarg = 1;
                } else if (!strcmp(*argv,"-envpassin")) {
-                       if (--argc < 1) badarg = 1;
-                       else if(!(passin= getenv(*(++argv)))) {
-                               BIO_printf(bio_err,
-                                "Can't read environment variable %s\n",
-                                                               *argv);
-                               badarg = 1;
-                       }
+                       if (args[1]) {
+                               args++;
+                               if(!(passin= getenv(*args))) {
+                                       BIO_printf(bio_err,
+                                        "Can't read environment variable %s\n",
+                                                               *args);
+                                       badarg = 1;
+                               }
+                       } else badarg = 1;
                } else if (!strcmp (*args, "-to")) {
                        if (args[1]) {
                                args++;
@@ -220,6 +231,7 @@ int MAIN(int argc, char **argv)
                        BIO_printf(bio_err, "No signer certificate specified\n");
                        badarg = 1;
                }
+               need_rand = 1;
        } else if(operation == SMIME_DECRYPT) {
                if(!recipfile) {
                        BIO_printf(bio_err, "No recipient certificate and key specified\n");
@@ -230,6 +242,7 @@ int MAIN(int argc, char **argv)
                        BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
                        badarg = 1;
                }
+               need_rand = 1;
        } else if(!operation) badarg = 1;
 
        if (badarg) {
@@ -268,10 +281,20 @@ int MAIN(int argc, char **argv)
                BIO_printf (bio_err, "-text          include or delete text MIME headers\n");
                BIO_printf (bio_err, "-CApath dir    trusted certificates directory\n");
                BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
+               BIO_printf(bio_err,  "-rand file:file:...\n");
+               BIO_printf(bio_err,  "               load the file (or the files in the directory) into\n");
+               BIO_printf(bio_err,  "               the random number generator\n");
                BIO_printf (bio_err, "cert.pem       recipient certificate(s) for encryption\n");
                goto end;
        }
 
+       if (need_rand) {
+               app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+               if (inrand != NULL)
+                       BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+                               app_RAND_load_files(inrand));
+       }
+
        ret = 2;
 
        if(operation != SMIME_SIGN) flags &= ~PKCS7_DETACHED;
@@ -499,6 +522,8 @@ end:
 #ifdef CRYPTO_MDEBUG
        CRYPTO_remove_all_info();
 #endif
+       if (need_rand)
+               app_RAND_write_file(NULL, bio_err);
        if(ret) ERR_print_errors(bio_err);
        sk_X509_pop_free(encerts, X509_free);
        sk_X509_pop_free(other, X509_free);

diff --git a/doc/apps/pkcs12.pod b/doc/apps/pkcs12.pod
index 6a17b910b66e793c48e3c5241f8ce3a4489bd826..d8cace9d0a116f35cac4a060d6e60223698efb6d 100644 (file)
--- a/doc/apps/pkcs12.pod
+++ b/doc/apps/pkcs12.pod
@@ -41,6 +41,7 @@ B<openssl> B<pkcs12>
 [B<-envpassin var>]
 [B<-passout password>]
 [B<-envpassout var>]
+[B<-rand file(s)>]
 
 =head1 DESCRIPTION
 
@@ -253,6 +254,13 @@ option.
 This option is included for compatibility with previous versions, it used
 to be needed to use MAC iterations counts but they are now used by default.
 
+=item B<-rand file(s)>
+
+a file or files containing random data used to seed the random number
+generator. Multiple files can be specified separated by a OS-dependent
+character.  For MS-Windows, the separator is B<;>.  For OpenVMS, it's
+B<,>.  For all others, it's B<:>.
+
 =back
 
 =head1 NOTES

diff --git a/doc/apps/smime.pod b/doc/apps/smime.pod
index b43fb6dc1ba2efa79bba530b43bf77b9ebf6ffe0..79e070d6aad55a6d323293aebd923c1896333ec5 100644 (file)
--- a/doc/apps/smime.pod
+++ b/doc/apps/smime.pod
@@ -28,6 +28,7 @@ B<openssl> B<smime>
 [B<-from ad>]
 [B<-subject s>]
 [B<-text>]
+[B<-rand file(s)>]
 [cert.pem]...
 
 =head1 DESCRIPTION
@@ -173,6 +174,13 @@ corresponding certificate. If this option is not specified then the
 private key must be included in the certificate file specified with
 the B<-recip> or B<-signer> file.
 
+=item B<-rand file(s)>
+
+a file or files containing random data used to seed the random number
+generator. Multiple files can be specified separated by a OS-dependent
+character.  For MS-Windows, the separator is B<;>.  For OpenVMS, it's
+B<,>.  For all others, it's B<:>.
+
 =item B<cert.pem...>
 
 one or more certificates of message recipients: used when encrypting