Standardize apps use of -rand, etc.

Standardized the -rand flag and added a new one:
    -rand file...
            Always reads the specified files
    -writerand file
            Always writes to the file on exit

For apps that use a config file, the RANDFILE config parameter reads
the file at startup (to seed the RNG) and write to it on exit if
the -writerand flag isn't used.

Ensured that every app that took -rand also took -writerand, and
made sure all of that agreed with all the documentation.

Fix error reporting in write_file and -rand

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3862)

1 files changed, 52 insertions, 78 deletions

diff --git a/apps/app_rand.c b/apps/app_rand.c
index 21445ac0f9..960d2fe6c6 100644
--- a/apps/app_rand.c
+++ b/apps/app_rand.c
@@ -10,108 +10,82 @@
 #include "apps.h"
 #include <openssl/bio.h>
 #include <openssl/rand.h>
+#include <openssl/conf.h>
 
-static int seeded = 0;
-static int egdsocket = 0;
+static const char *save_rand_file;
 
-int app_RAND_load_file(const char *file, int dont_warn)
+void app_RAND_load_conf(CONF *c, const char *section)
 {
-    int consider_randfile = (file == NULL);
-    char buffer[200];
+    const char *randfile = NCONF_get_string(c, section, "RANDFILE");
 
-    if (file == NULL) {
-        file = RAND_file_name(buffer, sizeof buffer);
-#ifndef OPENSSL_NO_EGD
-    } else if (RAND_egd(file) > 0) {
-        /*
-         * we try if the given filename is an EGD socket. if it is, we don't
-         * write anything back to the file.
-         */
-        egdsocket = 1;
-        return 1;
-#endif
+    if (randfile == NULL) {
+        ERR_clear_error();
+        return;
     }
-
-    if (file == NULL || !RAND_load_file(file, -1)) {
-        if (RAND_status() == 0) {
-            if (!dont_warn) {
-                BIO_printf(bio_err, "unable to load 'random state'\n");
-                BIO_printf(bio_err,
-                           "This means that the random number generator has not been seeded\n");
-                BIO_printf(bio_err, "with much random data.\n");
-                if (consider_randfile) { /* explanation does not apply when a
-                                          * file is explicitly named */
-                    BIO_printf(bio_err,
-                               "Consider setting the RANDFILE environment variable to point at a file that\n");
-                    BIO_printf(bio_err,
-                               "'random' data can be kept in (the file will be overwritten).\n");
-                }
-            }
-            return 0;
-        }
+    if (RAND_load_file(randfile, -1) < 0) {
+        BIO_printf(bio_err, "Can't load %s into RNG\n", randfile);
+        ERR_print_errors(bio_err);
+        return;
     }
-    seeded = 1;
-    return 1;
+    if (save_rand_file == NULL)
+        save_rand_file = randfile;
 }
 
-long app_RAND_load_files(char *name)
+static int loadfiles(char *name)
 {
     char *p, *n;
-    int last;
-    long tot = 0;
-#ifndef OPENSSL_NO_EGD
-    int egd;
-#endif
+    int last, ret = 1;
 
-    for (;;) {
+    for ( ; ; ) {
         last = 0;
-        for (p = name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++) ;
+        for (p = name; *p != '\0' && *p != LIST_SEPARATOR_CHAR; p++)
+            continue;
         if (*p == '\0')
             last = 1;
         *p = '\0';
+        if (RAND_load_file(name, -1) < 0) {
+            BIO_printf(bio_err, "Can't load %s into RNG\n", name);
+            ERR_print_errors(bio_err);
+            ret = 0;
+        }
         n = name;
-        name = p + 1;
-        if (*n == '\0')
-            break;
-
-#ifndef OPENSSL_NO_EGD
-        egd = RAND_egd(n);
-        if (egd > 0)
-            tot += egd;
-        else
-#endif
-            tot += RAND_load_file(n, -1);
         if (last)
             break;
+        name = p + 1;
+        if (*name == '\0')
+            break;
     }
-    if (tot > 512)
-        app_RAND_allow_write_file();
-    return (tot);
+    return ret;
 }
 
-int app_RAND_write_file(const char *file)
+void app_RAND_write(void)
 {
-    char buffer[200];
-
-    if (egdsocket || !seeded) {
-        /*
-         * If we didn't manage to read the seed file, don't write a
-         * file out -- it would suppress a crucial warning the next
-         * time we want to use it.
-         */
-        return 0;
+    if (save_rand_file == NULL)
+        return;
+    if (RAND_write_file(save_rand_file) == -1) {
+        BIO_printf(bio_err, "Cannot write random bytes:\n");
+        ERR_print_errors(bio_err);
     }
-
-    if (file == NULL)
-        file = RAND_file_name(buffer, sizeof buffer);
-    if (file == NULL || !RAND_write_file(file)) {
-        BIO_printf(bio_err, "unable to write 'random state'\n");
-        return 0;
-    }
-    return 1;
 }
 
-void app_RAND_allow_write_file(void)
+
+/*
+ * See comments in opt_verify for explanation of this.
+ */
+enum r_range { OPT_R_ENUM };
+
+int opt_rand(int opt)
 {
-    seeded = 1;
+    switch ((enum r_range)opt) {
+    case OPT_R__FIRST:
+    case OPT_R__LAST:
+        break;
+    case OPT_R_RAND:
+        return loadfiles(opt_arg());
+        break;
+    case OPT_R_WRITERAND:
+        save_rand_file = opt_arg();
+        break;
+    }
+    return 1;
 }