diff options
| author | Rich Salz <rsalz@akamai.com> | 2021-02-08 13:45:23 -0500 |
|---|---|---|
| committer | Pauli <ppzgs1@gmail.com> | 2021-02-12 08:34:17 +1000 |
| commit | 51e5df0ed01efa47335940425cc8744ecff1b6ae (patch) | |
| tree | 067d0db16e79f27db232d29ecbf2355cc24e1f0c /apps | |
| parent | 182717bd8a7a438c110d3a3b28387477833b4edc (diff) | |
Load rand state after loading providers
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14135)
Diffstat (limited to 'apps')
| -rwxr-xr-x | apps/ca.c | 3 | ||||
| -rw-r--r-- | apps/cms.c | 1 | ||||
| -rw-r--r-- | apps/dgst.c | 1 | ||||
| -rw-r--r-- | apps/dhparam.c | 1 | ||||
| -rw-r--r-- | apps/dsaparam.c | 1 | ||||
| -rw-r--r-- | apps/ecparam.c | 1 | ||||
| -rw-r--r-- | apps/enc.c | 1 | ||||
| -rw-r--r-- | apps/gendsa.c | 1 | ||||
| -rw-r--r-- | apps/genrsa.c | 1 | ||||
| -rw-r--r-- | apps/include/apps.h | 1 | ||||
| -rw-r--r-- | apps/lib/app_rand.c | 18 | ||||
| -rw-r--r-- | apps/passwd.c | 1 | ||||
| -rw-r--r-- | apps/pkcs12.c | 1 | ||||
| -rw-r--r-- | apps/pkcs8.c | 1 | ||||
| -rw-r--r-- | apps/pkeyutl.c | 2 | ||||
| -rw-r--r-- | apps/rand.c | 1 | ||||
| -rw-r--r-- | apps/req.c | 1 | ||||
| -rw-r--r-- | apps/rsautl.c | 1 | ||||
| -rw-r--r-- | apps/s_client.c | 5 | ||||
| -rw-r--r-- | apps/s_server.c | 1 | ||||
| -rw-r--r-- | apps/smime.c | 1 | ||||
| -rw-r--r-- | apps/speed.c | 1 | ||||
| -rw-r--r-- | apps/srp.c | 1 | ||||
| -rw-r--r-- | apps/ts.c | 1 | ||||
| -rw-r--r-- | apps/x509.c | 1 |
25 files changed, 38 insertions, 11 deletions
@@ -209,7 +209,7 @@ const OPTIONS ca_options[] = { {"noemailDN", OPT_NOEMAILDN, '-', "Don't add the EMAIL field to the DN"}, OPT_SECTION("Signing"), - {"md", OPT_MD, 's', "md to use; one of md2, md5, sha or sha1"}, + {"md", OPT_MD, 's', "Digest to use, such as sha256"}, {"keyfile", OPT_KEYFILE, 's', "The CA private key"}, {"keyform", OPT_KEYFORM, 'f', "Private key file format (ENGINE, other values ignored)"}, @@ -521,6 +521,7 @@ end_of_options: goto end; app_RAND_load_conf(conf, BASE_SECTION); + app_RAND_load(); f = NCONF_get_string(conf, section, STRING_MASK); if (f == NULL) diff --git a/apps/cms.c b/apps/cms.c index 36fb88e15c..451f0862c2 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -698,6 +698,7 @@ int cms_main(int argc, char **argv) break; } } + app_RAND_load(); /* Remaining args are files to process. */ argc = opt_num_rest(); diff --git a/apps/dgst.c b/apps/dgst.c index 0eb84f5169..8f22334b37 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -227,6 +227,7 @@ int dgst_main(int argc, char **argv) BIO_printf(bio_err, "%s: Can only sign or verify one file.\n", prog); goto end; } + app_RAND_load(); if (do_verify && sigfile == NULL) { BIO_printf(bio_err, diff --git a/apps/dhparam.c b/apps/dhparam.c index cfa399e459..30fdfbbf6e 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -158,6 +158,7 @@ int dhparam_main(int argc, char **argv) } else if (argc != 0) { goto opthelp; } + app_RAND_load(); if (g && !num) diff --git a/apps/dsaparam.c b/apps/dsaparam.c index f09318f54b..70c698dbec 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -135,6 +135,7 @@ int dsaparam_main(int argc, char **argv) } else if (argc != 0) { goto opthelp; } + app_RAND_load(); /* generate a key */ numbits = num; diff --git a/apps/ecparam.c b/apps/ecparam.c index 762da3f2c9..e05a3a495f 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -190,6 +190,7 @@ int ecparam_main(int argc, char **argv) if (argc != 0) goto opthelp; + app_RAND_load(); private = genkey ? 1 : 0; in = bio_open_default(infile, 'r', informat); diff --git a/apps/enc.c b/apps/enc.c index 0a8591de83..4549895b9e 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -293,6 +293,7 @@ int enc_main(int argc, char **argv) argc = opt_num_rest(); if (argc != 0) goto opthelp; + app_RAND_load(); /* Get the cipher name, either from progname (if set) or flag. */ if (ciphername != NULL) { diff --git a/apps/gendsa.c b/apps/gendsa.c index c90a01d979..81ab10d07c 100644 --- a/apps/gendsa.c +++ b/apps/gendsa.c @@ -108,6 +108,7 @@ int gendsa_main(int argc, char **argv) if (argc != 1) goto opthelp; + app_RAND_load(); dsaparams = argv[0]; private = 1; diff --git a/apps/genrsa.c b/apps/genrsa.c index 2cc1abfbe5..39c23e7df8 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -164,6 +164,7 @@ opthelp: goto opthelp; } + app_RAND_load(); private = 1; if (!app_passwd(NULL, passoutarg, NULL, &passout)) { BIO_printf(bio_err, "Error getting password\n"); diff --git a/apps/include/apps.h b/apps/include/apps.h index d4241fa61e..45a9c4e758 100644 --- a/apps/include/apps.h +++ b/apps/include/apps.h @@ -47,6 +47,7 @@ void app_RAND_load_conf(CONF *c, const char *section); void app_RAND_write(void); +int app_RAND_load(void); extern char *default_config_file; /* may be "" */ extern BIO *bio_in; diff --git a/apps/lib/app_rand.c b/apps/lib/app_rand.c index 1861343a9c..cd4ee6753e 100644 --- a/apps/lib/app_rand.c +++ b/apps/lib/app_rand.c @@ -14,6 +14,7 @@ #include <openssl/conf.h> static char *save_rand_file; +static char *load_rand_file; void app_RAND_load_conf(CONF *c, const char *section) { @@ -31,27 +32,30 @@ void app_RAND_load_conf(CONF *c, const char *section) save_rand_file = OPENSSL_strdup(randfile); } -static int loadfiles(char *name) +int app_RAND_load(void) { char *p; int last, ret = 1; + if (load_rand_file == NULL) + return 1; + for ( ; ; ) { last = 0; - for (p = name; *p != '\0' && *p != LIST_SEPARATOR_CHAR; p++) + for (p = load_rand_file; *p != '\0' && *p != LIST_SEPARATOR_CHAR; p++) continue; if (*p == '\0') last = 1; *p = '\0'; - if (RAND_load_file(name, -1) < 0) { - BIO_printf(bio_err, "Can't load %s into RNG\n", name); + if (RAND_load_file(load_rand_file, -1) < 0) { + BIO_printf(bio_err, "Can't load %s into RNG\n", load_rand_file); ERR_print_errors(bio_err); ret = 0; } if (last) break; - name = p + 1; - if (*name == '\0') + load_rand_file = p + 1; + if (*load_rand_file == '\0') break; } return ret; @@ -82,7 +86,7 @@ int opt_rand(int opt) case OPT_R__LAST: break; case OPT_R_RAND: - return loadfiles(opt_arg()); + load_rand_file = opt_arg(); break; case OPT_R_WRITERAND: OPENSSL_free(save_rand_file); diff --git a/apps/passwd.c b/apps/passwd.c index f8a0493c4c..08b94622da 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -195,6 +195,7 @@ int passwd_main(int argc, char **argv) passwds = argv; } + app_RAND_load(); if (mode == passwd_unset) { /* use default */ mode = passwd_md5; diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 60e12cf932..8cc1f8eeb5 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -341,6 +341,7 @@ int pkcs12_main(int argc, char **argv) if (argc != 0) goto opthelp; + app_RAND_load(); if (export_pkcs12) { if ((options & INFO) != 0) WARN_EXPORT("info"); diff --git a/apps/pkcs8.c b/apps/pkcs8.c index ae0824c6d2..1c459e7bc2 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -200,6 +200,7 @@ int pkcs8_main(int argc, char **argv) goto opthelp; private = 1; + app_RAND_load(); if (!app_passwd(passinarg, passoutarg, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c index 4eb15c30f4..28c4401745 100644 --- a/apps/pkeyutl.c +++ b/apps/pkeyutl.c @@ -255,6 +255,8 @@ int pkeyutl_main(int argc, char **argv) if (argc != 0) goto opthelp; + app_RAND_load(); + if (rawin && pkey_op != EVP_PKEY_OP_SIGN && pkey_op != EVP_PKEY_OP_VERIFY) { BIO_printf(bio_err, "%s: -rawin can only be used with -sign or -verify\n", diff --git a/apps/rand.c b/apps/rand.c index c78123e161..69a13f975e 100644 --- a/apps/rand.c +++ b/apps/rand.c @@ -99,6 +99,7 @@ int rand_main(int argc, char **argv) goto opthelp; } + app_RAND_load(); out = bio_open_default(outfile, 'w', format); if (out == NULL) goto end; diff --git a/apps/req.c b/apps/req.c index 75840ae387..4cd31cf4ba 100644 --- a/apps/req.c +++ b/apps/req.c @@ -480,6 +480,7 @@ int req_main(int argc, char **argv) if (argc != 0) goto opthelp; + app_RAND_load(); if (!gen_x509) { if (days != UNSET_DAYS) BIO_printf(bio_err, "Ignoring -days without -x509; not generating a certificate\n"); diff --git a/apps/rsautl.c b/apps/rsautl.c index 333edb9363..ae4855f8f5 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -177,6 +177,7 @@ int rsautl_main(int argc, char **argv) if (argc != 0) goto opthelp; + app_RAND_load(); if (need_priv && (key_type != KEY_PRIVKEY)) { BIO_printf(bio_err, "A private key is needed for this operation\n"); goto end; diff --git a/apps/s_client.c b/apps/s_client.c index 188ce26a8f..90f9411f45 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -1574,9 +1574,7 @@ int s_client_main(int argc, char **argv) /* Optional argument is connect string if -connect not used. */ argc = opt_num_rest(); if (argc == 1) { - /* - * Don't allow -connect and a separate argument. - */ + /* Don't allow -connect and a separate argument. */ if (connectstr != NULL) { BIO_printf(bio_err, "%s: cannot provide both -connect option and target parameter\n", @@ -1588,6 +1586,7 @@ int s_client_main(int argc, char **argv) } else if (argc != 0) { goto opthelp; } + app_RAND_load(); if (count4or6 >= 2) { BIO_printf(bio_err, "%s: Can't use both -4 and -6\n", prog); diff --git a/apps/s_server.c b/apps/s_server.c index 2f9b469953..498e629dbf 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1662,6 +1662,7 @@ int s_server_main(int argc, char *argv[]) if (argc != 0) goto opthelp; + app_RAND_load(); #ifndef OPENSSL_NO_NEXTPROTONEG if (min_version == TLS1_3_VERSION && next_proto_neg_in != NULL) { BIO_printf(bio_err, "Cannot supply -nextprotoneg with TLSv1.3\n"); diff --git a/apps/smime.c b/apps/smime.c index 2a9ee27a34..db9cf8f1f1 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -360,6 +360,7 @@ int smime_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); + app_RAND_load(); if (!(operation & SMIME_SIGNERS) && (skkeys != NULL || sksigners != NULL)) { BIO_puts(bio_err, "Multiple signers or keys not allowed\n"); goto opthelp; diff --git a/apps/speed.c b/apps/speed.c index fd2a8e951a..c41fca483f 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -1854,6 +1854,7 @@ int speed_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); + app_RAND_load(); for (; *argv; argv++) { const char *algo = *argv; diff --git a/apps/srp.c b/apps/srp.c index 764dba2c6b..2edc448c6c 100644 --- a/apps/srp.c +++ b/apps/srp.c @@ -306,6 +306,7 @@ int srp_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); + app_RAND_load(); if (srpvfile != NULL && configfile != NULL) { BIO_printf(bio_err, "-srpvfile and -configfile cannot be specified together.\n"); @@ -292,6 +292,7 @@ int ts_main(int argc, char **argv) if (argc != 0 || mode == OPT_ERR) goto opthelp; + app_RAND_load(); if (mode == OPT_REPLY && passin && !app_passwd(passin, NULL, &password, NULL)) { BIO_printf(bio_err, "Error getting password.\n"); diff --git a/apps/x509.c b/apps/x509.c index 3fdd44f2f3..2ddb549939 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -579,6 +579,7 @@ int x509_main(int argc, char **argv) if (argc != 0) goto opthelp; + app_RAND_load(); if (preserve_dates && days != UNSET_DAYS) { BIO_printf(bio_err, "Cannot use -preserve_dates with -days option\n"); goto end; |