diff options
author | Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> | 2019-11-13 16:02:09 +0100 |
---|---|---|
committer | Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> | 2019-11-24 08:35:14 +0100 |
commit | 23f3993127c0a05651e28701d91edb478ebe6efa (patch) | |
tree | 6ee21d66ade039064e05a0078ca8c526b650d3af /test | |
parent | 0c080f73e8fc3cf7e73a42b15011d8a0a0c8aab7 (diff) |
Remove RANDFILE settings from configuration files
OpenSSL 1.1.1 introduced a new CSPRNG with an improved seeding
mechanism, which makes it dispensable to define a RANDFILE for
saving and restoring randomness. This commit removes the RANDFILE
declarations from our own configuration files and adds documentation
that this option is not needed anymore and retained mainly for
compatibility reasons.
Fixes #10433
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10436)
Diffstat (limited to 'test')
-rw-r--r-- | test/CAss.cnf | 3 | ||||
-rw-r--r-- | test/CAssdh.cnf | 2 | ||||
-rw-r--r-- | test/CAssdsa.cnf | 2 | ||||
-rw-r--r-- | test/CAssrsa.cnf | 2 | ||||
-rw-r--r-- | test/CAtsa.cnf | 3 | ||||
-rw-r--r-- | test/P1ss.cnf | 2 | ||||
-rw-r--r-- | test/P2ss.cnf | 2 | ||||
-rw-r--r-- | test/Sssdsa.cnf | 2 | ||||
-rw-r--r-- | test/Sssrsa.cnf | 2 | ||||
-rw-r--r-- | test/Uss.cnf | 1 | ||||
-rw-r--r-- | test/conf_include_test.c | 7 | ||||
-rw-r--r-- | test/recipes/25-test_req.t | 4 | ||||
-rw-r--r-- | test/recipes/80-test_ssl_old.t | 4 | ||||
-rw-r--r-- | test/recipes/90-test_includes_data/conf-includes/includes1.cnf | 3 | ||||
-rw-r--r-- | test/smime-certs/ca.cnf | 1 | ||||
-rw-r--r-- | test/test.cnf | 3 |
16 files changed, 0 insertions, 43 deletions
diff --git a/test/CAss.cnf b/test/CAss.cnf index b20a242760..8ca62b5cf7 100644 --- a/test/CAss.cnf +++ b/test/CAss.cnf @@ -3,8 +3,6 @@ # This is mostly being used for generation of certificate requests. # -RANDFILE = ./.rnd - #################################################################### [ req ] default_bits = 2048 @@ -43,7 +41,6 @@ certificate = $dir/cacert.pem # The CA certificate serial = $dir/serial # The current serial number crl = $dir/crl.pem # The current CRL private_key = $dir/private/cakey.pem# The private key -RANDFILE = $dir/private/.rand # private random number file x509_extensions = v3_ca # The extensions to add to the cert diff --git a/test/CAssdh.cnf b/test/CAssdh.cnf index 4e0a908679..7c08a6e1cc 100644 --- a/test/CAssdh.cnf +++ b/test/CAssdh.cnf @@ -4,8 +4,6 @@ # # hacked by iang to do DH certs - CA -RANDFILE = ./.rnd - #################################################################### [ req ] distinguished_name = req_distinguished_name diff --git a/test/CAssdsa.cnf b/test/CAssdsa.cnf index a6b4d1810c..8328abd7b4 100644 --- a/test/CAssdsa.cnf +++ b/test/CAssdsa.cnf @@ -4,8 +4,6 @@ # # hacked by iang to do DSA certs - CA -RANDFILE = ./.rnd - #################################################################### [ req ] distinguished_name = req_distinguished_name diff --git a/test/CAssrsa.cnf b/test/CAssrsa.cnf index eb24a6dfc0..d5aa20a72b 100644 --- a/test/CAssrsa.cnf +++ b/test/CAssrsa.cnf @@ -4,8 +4,6 @@ # # create RSA certs - CA -RANDFILE = ./.rnd - #################################################################### [ req ] distinguished_name = req_distinguished_name diff --git a/test/CAtsa.cnf b/test/CAtsa.cnf index d1642879be..e7ca8c5a1e 100644 --- a/test/CAtsa.cnf +++ b/test/CAtsa.cnf @@ -3,8 +3,6 @@ # This config is used by the Time Stamp Authority tests. # -RANDFILE = ./.rnd - # Extra OBJECT IDENTIFIER info: oid_section = new_oids @@ -32,7 +30,6 @@ new_certs_dir = $dir/newcerts # default place for new certs. certificate = $dir/cacert.pem # The CA certificate serial = $dir/serial # The current serial number private_key = $dir/private/cakey.pem# The private key -RANDFILE = $dir/private/.rand # private random number file default_days = 365 # how long to certify for default_md = sha256 # which md to use. diff --git a/test/P1ss.cnf b/test/P1ss.cnf index e6118dc816..03f3cdb1ad 100644 --- a/test/P1ss.cnf +++ b/test/P1ss.cnf @@ -3,8 +3,6 @@ # This is mostly being used for generation of certificate requests. # -RANDFILE = ./.rnd - #################################################################### [ req ] default_bits = 2048 diff --git a/test/P2ss.cnf b/test/P2ss.cnf index d530e31f99..5adaecc7d5 100644 --- a/test/P2ss.cnf +++ b/test/P2ss.cnf @@ -3,8 +3,6 @@ # This is mostly being used for generation of certificate requests. # -RANDFILE = ./.rnd - #################################################################### [ req ] default_bits = 2048 diff --git a/test/Sssdsa.cnf b/test/Sssdsa.cnf index 8e170a28ef..2fb35e0880 100644 --- a/test/Sssdsa.cnf +++ b/test/Sssdsa.cnf @@ -4,8 +4,6 @@ # # hacked by iang to do DSA certs - Server -RANDFILE = ./.rnd - #################################################################### [ req ] distinguished_name = req_distinguished_name diff --git a/test/Sssrsa.cnf b/test/Sssrsa.cnf index 8c79a03fca..f2b6e72b91 100644 --- a/test/Sssrsa.cnf +++ b/test/Sssrsa.cnf @@ -4,8 +4,6 @@ # # create RSA certs - Server -RANDFILE = ./.rnd - #################################################################### [ req ] distinguished_name = req_distinguished_name diff --git a/test/Uss.cnf b/test/Uss.cnf index f655e7448d..27517bd106 100644 --- a/test/Uss.cnf +++ b/test/Uss.cnf @@ -3,7 +3,6 @@ # This is mostly being used for generation of certificate requests. # -RANDFILE = ./.rnd CN2 = Brother 2 #################################################################### diff --git a/test/conf_include_test.c b/test/conf_include_test.c index 16459c46d7..0cf8d49740 100644 --- a/test/conf_include_test.c +++ b/test/conf_include_test.c @@ -90,13 +90,6 @@ static int test_load_config(void) return 0; } - /* verify whether RANDFILE is set correctly */ - str = NCONF_get_string(conf, "", "RANDFILE"); - if (!TEST_ptr(str) || !TEST_str_eq(str, "./.rnd")) { - TEST_note("RANDFILE incorrect"); - return 0; - } - /* verify whether CA_default/default_days is set */ val = 0; if (!TEST_int_eq(NCONF_get_number(conf, "CA_default", "default_days", &val), 1) diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t index 6da8e897f5..0e085b435d 100644 --- a/test/recipes/25-test_req.t +++ b/test/recipes/25-test_req.t @@ -19,10 +19,6 @@ plan tests => 13; require_ok(srctop_file('test','recipes','tconversion.pl')); -open RND, ">>", ".rnd"; -print RND "string to make the random number generator think it has randomness"; -close RND; - # What type of key to generate? my @req_new; if (disabled("rsa")) { diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t index 0290b489eb..2d213b7daa 100644 --- a/test/recipes/80-test_ssl_old.t +++ b/test/recipes/80-test_ssl_old.t @@ -100,10 +100,6 @@ testssl("keyU.ss", $Ucert, $CAcert); # ----------- # subtest functions sub testss { - open RND, ">>", ".rnd"; - print RND "string to make the random number generator think it has randomness"; - close RND; - my @req_dsa = ("-newkey", "dsa:".srctop_file("apps", "dsa1024.pem")); my $dsaparams = srctop_file("apps", "dsa1024.pem"); diff --git a/test/recipes/90-test_includes_data/conf-includes/includes1.cnf b/test/recipes/90-test_includes_data/conf-includes/includes1.cnf index 66c89006d0..5959b23e4b 100644 --- a/test/recipes/90-test_includes_data/conf-includes/includes1.cnf +++ b/test/recipes/90-test_includes_data/conf-includes/includes1.cnf @@ -4,8 +4,6 @@ # This is mostly being used for generation of certificate requests. # -RANDFILE = ./.rnd - #################################################################### [ ca ] default_ca = CA_default # The default ca section @@ -23,7 +21,6 @@ certificate = $dir/CAcert.pem # The CA certificate serial = $dir/serial # The current serial number crl = $dir/crl.pem # The current CRL private_key = $dir/private/CAkey.pem# The private key -RANDFILE = $dir/private/.rand # private random number file default_days = 365 # how long to certify for default_crl_days= 30 # how long before next CRL diff --git a/test/smime-certs/ca.cnf b/test/smime-certs/ca.cnf index 835b2c672d..00d40e7479 100644 --- a/test/smime-certs/ca.cnf +++ b/test/smime-certs/ca.cnf @@ -5,7 +5,6 @@ # This definition stops the following lines choking if HOME or CN # is undefined. HOME = . -RANDFILE = $ENV::HOME/.rnd CN = "Not Defined" default_ca = ca diff --git a/test/test.cnf b/test/test.cnf index 718b0bf1f2..1e2fa31cce 100644 --- a/test/test.cnf +++ b/test/test.cnf @@ -3,8 +3,6 @@ # This is mostly being used for generation of certificate requests. # -RANDFILE = ./.rnd - #################################################################### [ ca ] default_ca = CA_default # The default ca section @@ -22,7 +20,6 @@ certificate = $dir/CAcert.pem # The CA certificate serial = $dir/serial # The current serial number crl = $dir/crl.pem # The current CRL private_key = $dir/private/CAkey.pem# The private key -RANDFILE = $dir/private/.rand # private random number file default_days = 365 # how long to certify for default_crl_days= 30 # how long before next CRL |