openssl
/
openssl
mirror of https://github.com/openssl/openssl
1
0
Fork 0
Code Issues Releases Wiki Activity

Load rand state after loading providers 

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14135)
This commit is contained in:
Rich Salz 2021-02-08 13:45:23 -05:00 committed by Pauli
parent 182717bd8a
commit 51e5df0ed0
25 changed files with 38 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
apps/ca.c
View File

@ -209,7 +209,7 @@ const OPTIONS ca_options[] = {
{"noemailDN", OPT_NOEMAILDN, '-', "Don't add the EMAIL field to the DN"},
OPT_SECTION("Signing"),
{"md", OPT_MD, 's', "md to use; one of md2, md5, sha or sha1"},
{"md", OPT_MD, 's', "Digest to use, such as sha256"},
{"keyfile", OPT_KEYFILE, 's', "The CA private key"},
{"keyform", OPT_KEYFORM, 'f',
"Private key file format (ENGINE, other values ignored)"},
@ -521,6 +521,7 @@ end_of_options:
goto end;
app_RAND_load_conf(conf, BASE_SECTION);
app_RAND_load();
f = NCONF_get_string(conf, section, STRING_MASK);
if (f == NULL)

1
apps/cms.c
View File

@ -698,6 +698,7 @@ int cms_main(int argc, char **argv)
break;
}
}
app_RAND_load();
/* Remaining args are files to process. */
argc = opt_num_rest();

1
apps/dgst.c
View File

@ -227,6 +227,7 @@ int dgst_main(int argc, char **argv)
BIO_printf(bio_err, "%s: Can only sign or verify one file.\n", prog);
goto end;
}
app_RAND_load();
if (do_verify && sigfile == NULL) {
BIO_printf(bio_err,

1
apps/dhparam.c
View File

@ -158,6 +158,7 @@ int dhparam_main(int argc, char **argv)
} else if (argc != 0) {
goto opthelp;
}
app_RAND_load();
if (g && !num)

1
apps/dsaparam.c
View File

@ -135,6 +135,7 @@ int dsaparam_main(int argc, char **argv)
} else if (argc != 0) {
goto opthelp;
}
app_RAND_load();
/* generate a key */
numbits = num;

1
apps/ecparam.c
View File

@ -190,6 +190,7 @@ int ecparam_main(int argc, char **argv)
if (argc != 0)
goto opthelp;
app_RAND_load();
private = genkey ? 1 : 0;
in = bio_open_default(infile, 'r', informat);

1
apps/enc.c
View File

@ -293,6 +293,7 @@ int enc_main(int argc, char **argv)
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
app_RAND_load();
/* Get the cipher name, either from progname (if set) or flag. */
if (ciphername != NULL) {

1
apps/gendsa.c
View File

@ -108,6 +108,7 @@ int gendsa_main(int argc, char **argv)
if (argc != 1)
goto opthelp;
app_RAND_load();
dsaparams = argv[0];
private = 1;

1
apps/genrsa.c
View File

@ -164,6 +164,7 @@ opthelp:
goto opthelp;
}
app_RAND_load();
private = 1;
if (!app_passwd(NULL, passoutarg, NULL, &passout)) {
BIO_printf(bio_err, "Error getting password\n");

1
apps/include/apps.h
View File

@ -47,6 +47,7 @@
void app_RAND_load_conf(CONF *c, const char *section);
void app_RAND_write(void);
int app_RAND_load(void);
extern char *default_config_file; /* may be "" */
extern BIO *bio_in;

18
apps/lib/app_rand.c
View File

@ -14,6 +14,7 @@
#include <openssl/conf.h>
static char *save_rand_file;
static char *load_rand_file;
void app_RAND_load_conf(CONF *c, const char *section)
{
@ -31,27 +32,30 @@ void app_RAND_load_conf(CONF *c, const char *section)
save_rand_file = OPENSSL_strdup(randfile);
}
static int loadfiles(char *name)
int app_RAND_load(void)
{
char *p;
int last, ret = 1;
if (load_rand_file == NULL)
return 1;
for ( ; ; ) {
last = 0;
for (p = name; *p != '\0' && *p != LIST_SEPARATOR_CHAR; p++)
for (p = load_rand_file; *p != '\0' && *p != LIST_SEPARATOR_CHAR; p++)
continue;
if (*p == '\0')
last = 1;
*p = '\0';
if (RAND_load_file(name, -1) < 0) {
BIO_printf(bio_err, "Can't load %s into RNG\n", name);
if (RAND_load_file(load_rand_file, -1) < 0) {
BIO_printf(bio_err, "Can't load %s into RNG\n", load_rand_file);
ERR_print_errors(bio_err);
ret = 0;
}
if (last)
break;
name = p + 1;
if (*name == '\0')
load_rand_file = p + 1;
if (*load_rand_file == '\0')
break;
}
return ret;
@ -82,7 +86,7 @@ int opt_rand(int opt)
case OPT_R__LAST:
break;
case OPT_R_RAND:
return loadfiles(opt_arg());
load_rand_file = opt_arg();
break;
case OPT_R_WRITERAND:
OPENSSL_free(save_rand_file);

1
apps/passwd.c
View File

@ -195,6 +195,7 @@ int passwd_main(int argc, char **argv)
passwds = argv;
}
app_RAND_load();
if (mode == passwd_unset) {
/* use default */
mode = passwd_md5;

1
apps/pkcs12.c
View File

@ -341,6 +341,7 @@ int pkcs12_main(int argc, char **argv)
if (argc != 0)
goto opthelp;
app_RAND_load();
if (export_pkcs12) {
if ((options & INFO) != 0)
WARN_EXPORT("info");

1
apps/pkcs8.c
View File

@ -200,6 +200,7 @@ int pkcs8_main(int argc, char **argv)
goto opthelp;
private = 1;
app_RAND_load();
if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");

2
apps/pkeyutl.c
View File

@ -255,6 +255,8 @@ int pkeyutl_main(int argc, char **argv)
if (argc != 0)
goto opthelp;
app_RAND_load();
if (rawin && pkey_op != EVP_PKEY_OP_SIGN && pkey_op != EVP_PKEY_OP_VERIFY) {
BIO_printf(bio_err,
"%s: -rawin can only be used with -sign or -verify\n",

1
apps/rand.c
View File

@ -99,6 +99,7 @@ int rand_main(int argc, char **argv)
goto opthelp;
}
app_RAND_load();
out = bio_open_default(outfile, 'w', format);
if (out == NULL)
goto end;

1
apps/req.c
View File

@ -480,6 +480,7 @@ int req_main(int argc, char **argv)
if (argc != 0)
goto opthelp;
app_RAND_load();
if (!gen_x509) {
if (days != UNSET_DAYS)
BIO_printf(bio_err, "Ignoring -days without -x509; not generating a certificate\n");

1
apps/rsautl.c
View File

@ -177,6 +177,7 @@ int rsautl_main(int argc, char **argv)
if (argc != 0)
goto opthelp;
app_RAND_load();
if (need_priv && (key_type != KEY_PRIVKEY)) {
BIO_printf(bio_err, "A private key is needed for this operation\n");
goto end;

5
apps/s_client.c
View File

@ -1574,9 +1574,7 @@ int s_client_main(int argc, char **argv)
/* Optional argument is connect string if -connect not used. */
argc = opt_num_rest();
if (argc == 1) {
/*
* Don't allow -connect and a separate argument.
*/
/* Don't allow -connect and a separate argument. */
if (connectstr != NULL) {
BIO_printf(bio_err,
"%s: cannot provide both -connect option and target parameter\n",
@ -1588,6 +1586,7 @@ int s_client_main(int argc, char **argv)
} else if (argc != 0) {
goto opthelp;
}
app_RAND_load();
if (count4or6 >= 2) {
BIO_printf(bio_err, "%s: Can't use both -4 and -6\n", prog);

1
apps/s_server.c
View File

@ -1662,6 +1662,7 @@ int s_server_main(int argc, char *argv[])
if (argc != 0)
goto opthelp;
app_RAND_load();
#ifndef OPENSSL_NO_NEXTPROTONEG
if (min_version == TLS1_3_VERSION && next_proto_neg_in != NULL) {
BIO_printf(bio_err, "Cannot supply -nextprotoneg with TLSv1.3\n");

1
apps/smime.c
View File

@ -360,6 +360,7 @@ int smime_main(int argc, char **argv)
argc = opt_num_rest();
argv = opt_rest();
app_RAND_load();
if (!(operation & SMIME_SIGNERS) && (skkeys != NULL || sksigners != NULL)) {
BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
goto opthelp;

1
apps/speed.c
View File

@ -1854,6 +1854,7 @@ int speed_main(int argc, char **argv)
argc = opt_num_rest();
argv = opt_rest();
app_RAND_load();
for (; *argv; argv++) {
const char *algo = *argv;

1
apps/srp.c
View File

@ -306,6 +306,7 @@ int srp_main(int argc, char **argv)
argc = opt_num_rest();
argv = opt_rest();
app_RAND_load();
if (srpvfile != NULL && configfile != NULL) {
BIO_printf(bio_err,
"-srpvfile and -configfile cannot be specified together.\n");

1
apps/ts.c
View File

@ -292,6 +292,7 @@ int ts_main(int argc, char **argv)
if (argc != 0 || mode == OPT_ERR)
goto opthelp;
app_RAND_load();
if (mode == OPT_REPLY && passin &&
!app_passwd(passin, NULL, &password, NULL)) {
BIO_printf(bio_err, "Error getting password.\n");

1
apps/x509.c
View File

@ -579,6 +579,7 @@ int x509_main(int argc, char **argv)
if (argc != 0)
goto opthelp;
app_RAND_load();
if (preserve_dates && days != UNSET_DAYS) {
BIO_printf(bio_err, "Cannot use -preserve_dates with -days option\n");
goto end;