diff options
author | Rich Salz <rsalz@openssl.org> | 2017-07-05 10:58:48 -0400 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2017-07-16 19:20:45 -0400 |
commit | 3ee1eac27a2e3120fbdc60e12db091c082b8de21 (patch) | |
tree | c34ee07aa725e2019dbce1f7621702eb2bb5fd69 /apps/ca.c | |
parent | e90fc053c33a2241004451cfdeecfbf3cbdeb728 (diff) |
Standardize apps use of -rand, etc.
Standardized the -rand flag and added a new one:
-rand file...
Always reads the specified files
-writerand file
Always writes to the file on exit
For apps that use a config file, the RANDFILE config parameter reads
the file at startup (to seed the RNG) and write to it on exit if
the -writerand flag isn't used.
Ensured that every app that took -rand also took -writerand, and
made sure all of that agreed with all the documentation.
Fix error reporting in write_file and -rand
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3862)
Diffstat (limited to 'apps/ca.c')
-rw-r--r-- | apps/ca.c | 14 |
1 files changed, 8 insertions, 6 deletions
@@ -153,6 +153,7 @@ typedef enum OPTION_choice { OPT_GENCRL, OPT_MSIE_HACK, OPT_CRLDAYS, OPT_CRLHOURS, OPT_CRLSEC, OPT_INFILES, OPT_SS_CERT, OPT_SPKAC, OPT_REVOKE, OPT_VALID, OPT_EXTENSIONS, OPT_EXTFILE, OPT_STATUS, OPT_UPDATEDB, OPT_CRLEXTS, + OPT_R_ENUM, /* Do not change the order here; see related case statements below */ OPT_CRL_REASON, OPT_CRL_HOLD, OPT_CRL_COMPROMISE, OPT_CRL_CA_COMPROMISE } OPTION_CHOICE; @@ -217,6 +218,7 @@ const OPTIONS ca_options[] = { "sets compromise time to val and the revocation reason to keyCompromise"}, {"crl_CA_compromise", OPT_CRL_CA_COMPROMISE, 's', "sets compromise time to val and the revocation reason to CACompromise"}, + OPT_R_OPTIONS, #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, #endif @@ -247,7 +249,7 @@ int ca_main(int argc, char **argv) char *outdir = NULL, *outfile = NULL, *rev_arg = NULL, *ser_status = NULL; const char *serialfile = NULL, *subj = NULL; char *prog, *startdate = NULL, *enddate = NULL; - char *dbfile = NULL, *f, *randfile = NULL; + char *dbfile = NULL, *f; char new_cert[CERT_MAX + 1]; char tmp[10 + 1] = "\0"; char *const *pp; @@ -332,6 +334,10 @@ opthelp: case OPT_PASSIN: passinarg = opt_arg(); break; + case OPT_R_CASES: + if (!opt_rand(o)) + goto end; + break; case OPT_KEY: key = opt_arg(); break; @@ -465,10 +471,7 @@ end_of_options: } } - randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE"); - if (randfile == NULL) - ERR_clear_error(); - app_RAND_load_file(randfile, 0); + app_RAND_load_conf(conf, BASE_SECTION); f = NCONF_get_string(conf, section, STRING_MASK); if (f == NULL) @@ -1220,7 +1223,6 @@ end_of_options: if (ret) ERR_print_errors(bio_err); - app_RAND_write_file(randfile); if (free_key) OPENSSL_free(key); BN_free(serial); |