diff options
author | Rich Salz <rsalz@openssl.org> | 2017-07-05 10:58:48 -0400 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2017-07-16 19:20:45 -0400 |
commit | 3ee1eac27a2e3120fbdc60e12db091c082b8de21 (patch) | |
tree | c34ee07aa725e2019dbce1f7621702eb2bb5fd69 /apps/app_rand.c | |
parent | e90fc053c33a2241004451cfdeecfbf3cbdeb728 (diff) | |
download | openssl-new-3ee1eac27a2e3120fbdc60e12db091c082b8de21.tar.gz |
Standardize apps use of -rand, etc.
Standardized the -rand flag and added a new one:
-rand file...
Always reads the specified files
-writerand file
Always writes to the file on exit
For apps that use a config file, the RANDFILE config parameter reads
the file at startup (to seed the RNG) and write to it on exit if
the -writerand flag isn't used.
Ensured that every app that took -rand also took -writerand, and
made sure all of that agreed with all the documentation.
Fix error reporting in write_file and -rand
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3862)
Diffstat (limited to 'apps/app_rand.c')
-rw-r--r-- | apps/app_rand.c | 130 |
1 files changed, 52 insertions, 78 deletions
diff --git a/apps/app_rand.c b/apps/app_rand.c index 21445ac0f9..960d2fe6c6 100644 --- a/apps/app_rand.c +++ b/apps/app_rand.c @@ -10,108 +10,82 @@ #include "apps.h" #include <openssl/bio.h> #include <openssl/rand.h> +#include <openssl/conf.h> -static int seeded = 0; -static int egdsocket = 0; +static const char *save_rand_file; -int app_RAND_load_file(const char *file, int dont_warn) +void app_RAND_load_conf(CONF *c, const char *section) { - int consider_randfile = (file == NULL); - char buffer[200]; + const char *randfile = NCONF_get_string(c, section, "RANDFILE"); - if (file == NULL) { - file = RAND_file_name(buffer, sizeof buffer); -#ifndef OPENSSL_NO_EGD - } else if (RAND_egd(file) > 0) { - /* - * we try if the given filename is an EGD socket. if it is, we don't - * write anything back to the file. - */ - egdsocket = 1; - return 1; -#endif + if (randfile == NULL) { + ERR_clear_error(); + return; } - - if (file == NULL || !RAND_load_file(file, -1)) { - if (RAND_status() == 0) { - if (!dont_warn) { - BIO_printf(bio_err, "unable to load 'random state'\n"); - BIO_printf(bio_err, - "This means that the random number generator has not been seeded\n"); - BIO_printf(bio_err, "with much random data.\n"); - if (consider_randfile) { /* explanation does not apply when a - * file is explicitly named */ - BIO_printf(bio_err, - "Consider setting the RANDFILE environment variable to point at a file that\n"); - BIO_printf(bio_err, - "'random' data can be kept in (the file will be overwritten).\n"); - } - } - return 0; - } + if (RAND_load_file(randfile, -1) < 0) { + BIO_printf(bio_err, "Can't load %s into RNG\n", randfile); + ERR_print_errors(bio_err); + return; } - seeded = 1; - return 1; + if (save_rand_file == NULL) + save_rand_file = randfile; } -long app_RAND_load_files(char *name) +static int loadfiles(char *name) { char *p, *n; - int last; - long tot = 0; -#ifndef OPENSSL_NO_EGD - int egd; -#endif + int last, ret = 1; - for (;;) { + for ( ; ; ) { last = 0; - for (p = name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++) ; + for (p = name; *p != '\0' && *p != LIST_SEPARATOR_CHAR; p++) + continue; if (*p == '\0') last = 1; *p = '\0'; + if (RAND_load_file(name, -1) < 0) { + BIO_printf(bio_err, "Can't load %s into RNG\n", name); + ERR_print_errors(bio_err); + ret = 0; + } n = name; - name = p + 1; - if (*n == '\0') - break; - -#ifndef OPENSSL_NO_EGD - egd = RAND_egd(n); - if (egd > 0) - tot += egd; - else -#endif - tot += RAND_load_file(n, -1); if (last) break; + name = p + 1; + if (*name == '\0') + break; } - if (tot > 512) - app_RAND_allow_write_file(); - return (tot); + return ret; } -int app_RAND_write_file(const char *file) +void app_RAND_write(void) { - char buffer[200]; - - if (egdsocket || !seeded) { - /* - * If we didn't manage to read the seed file, don't write a - * file out -- it would suppress a crucial warning the next - * time we want to use it. - */ - return 0; + if (save_rand_file == NULL) + return; + if (RAND_write_file(save_rand_file) == -1) { + BIO_printf(bio_err, "Cannot write random bytes:\n"); + ERR_print_errors(bio_err); } - - if (file == NULL) - file = RAND_file_name(buffer, sizeof buffer); - if (file == NULL || !RAND_write_file(file)) { - BIO_printf(bio_err, "unable to write 'random state'\n"); - return 0; - } - return 1; } -void app_RAND_allow_write_file(void) + +/* + * See comments in opt_verify for explanation of this. + */ +enum r_range { OPT_R_ENUM }; + +int opt_rand(int opt) { - seeded = 1; + switch ((enum r_range)opt) { + case OPT_R__FIRST: + case OPT_R__LAST: + break; + case OPT_R_RAND: + return loadfiles(opt_arg()); + break; + case OPT_R_WRITERAND: + save_rand_file = opt_arg(); + break; + } + return 1; } |