Make it possible for users of the openssl applications to specify the

EGD should be used as seeding input, and where the named socket is.

Make it possible for users of the openssl applications to specify the
EGD should be used as seeding input, and where the named socket is.
20d242b0 · Richard Levitte · dffd72f1 · 20d242b0 · 20d242b0 · 20d242b0
9 changed file
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -121,6 +121,7 @@
 #include <openssl/dh.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/rand.h>

 #ifndef NO_DSA
 #include <openssl/dsa.h>
@@ -156,7 +157,7 @@ int MAIN(int argc, char **argv)
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,check=0,noout=0,C=0,ret=1;
 	char *infile,*outfile,*prog;
-	char *inrand=NULL;
+	char *inrand=NULL, *inegd=NULL;
 	int num = 0, g = 0;

 	apps_startup();
@@ -216,6 +217,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			inrand= *(++argv);
 			}
+		else if (strcmp(*argv,"-egd") == 0)
+			{
+			if (--argc < 1) goto bad;
+			inegd= *(++argv);
+			}
 		else if (((sscanf(*argv,"%d",&num) == 0) || (num <= 0)))
 			goto bad;
 		argv++;
@@ -241,8 +247,9 @@ bad:
 		BIO_printf(bio_err," -5            generate parameters using  5 as the generator value\n");
 		BIO_printf(bio_err," numbits       number of bits in to generate (default 512)\n");
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
-		BIO_printf(bio_err,"               - load the file (or the files in the directory) into\n");
+		BIO_printf(bio_err,"               load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"               the random number generator\n");
+		BIO_printf(bio_err," -egd file     load random seed from EGD socket\n");
 		BIO_printf(bio_err," -noout        no output\n");
 		goto end;
 		}
@@ -271,13 +278,17 @@ bad:

 	if(num) {

-		if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
+		if (!app_RAND_load_file(NULL, bio_err, 1)
+			&& inrand == NULL && inegd == NULL)
 			{
 			BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
 			}
 		if (inrand != NULL)
 			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
 				app_RAND_load_files(inrand));
+		if (inegd != NULL)
+			BIO_printf(bio_err,"%ld egd bytes loaded\n",
+				RAND_egd(inegd));

 #ifndef NO_DSA
 		if (dsaparam)

--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -69,6 +69,7 @@
 #include <openssl/dsa.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/rand.h>

 #undef PROG
 #define PROG	dsaparam_main
@@ -94,7 +95,7 @@ int MAIN(int argc, char **argv)
 	int i,badops=0,text=0;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,noout=0,C=0,ret=1;
-	char *infile,*outfile,*prog,*inrand=NULL;
+	char *infile,*outfile,*prog,*inrand=NULL,*inegd=NULL;
 	int numbits= -1,num,genkey=0;
 	int need_rand=0;

@@ -149,6 +150,12 @@ int MAIN(int argc, char **argv)
 			inrand= *(++argv);
 			need_rand=1;
 			}
+		else if (strcmp(*argv,"-egd") == 0)
+			{
+			if (--argc < 1) goto bad;
+			inegd= *(++argv);
+			need_rand=1;
+			}
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
 		else if (sscanf(*argv,"%d",&num) == 1)
@@ -179,7 +186,10 @@ bad:
 		BIO_printf(bio_err," -text         print the key in text\n");
 		BIO_printf(bio_err," -C            Output C code\n");
 		BIO_printf(bio_err," -noout        no output\n");
-		BIO_printf(bio_err," -rand         files to use for random number input\n");
+		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+		BIO_printf(bio_err,"               load the file (or the files in the directory) into\n");
+		BIO_printf(bio_err,"               the random number generator\n");
+		BIO_printf(bio_err," -egd file     load random seed from EGD socket\n");
 		BIO_printf(bio_err," number        number of bits to use for generating private key\n");
 		goto end;
 		}
@@ -217,10 +227,14 @@ bad:

 	if (need_rand)
 		{
-		app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+		app_RAND_load_file(NULL, bio_err,
+			(inrand != NULL || inegd != NULL));
 		if (inrand != NULL)
 			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
 				app_RAND_load_files(inrand));
+		if (inegd != NULL)
+			BIO_printf(bio_err,"%ld egd bytes loaded\n",
+				RAND_egd(inegd));
 		}

 	if (numbits > 0)

--- a/apps/gendh.c
+++ b/apps/gendh.c
@@ -85,7 +85,7 @@ int MAIN(int argc, char **argv)
 	int ret=1,num=DEFBITS;
 	int g=2;
 	char *outfile=NULL;
-	char *inrand=NULL;
+	char *inrand=NULL,*inegd=NULL;
 	BIO *out=NULL;

 	apps_startup();
@@ -115,6 +115,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			inrand= *(++argv);
 			}
+		else if (strcmp(*argv,"-egd") == 0)
+			{
+			if (--argc < 1) goto bad;
+			inegd= *(++argv);
+			}
 		else
 			break;
 		argv++;
@@ -125,12 +130,13 @@ int MAIN(int argc, char **argv)
 bad:
 		BIO_printf(bio_err,"usage: gendh [args] [numbits]\n");
 		BIO_printf(bio_err," -out file - output the key to 'file\n");
-		BIO_printf(bio_err," -2    use 2 as the generator value\n");
-	/*	BIO_printf(bio_err," -3    use 3 as the generator value\n"); */
-		BIO_printf(bio_err," -5    use 5 as the generator value\n");
+		BIO_printf(bio_err," -2        - use 2 as the generator value\n");
+	/*	BIO_printf(bio_err," -3        - use 3 as the generator value\n"); */
+		BIO_printf(bio_err," -5        - use 5 as the generator value\n");
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"             the random number generator\n");
+		BIO_printf(bio_err," -egd file - load random seed from EGD socket\n");
 		goto end;
 		}
 		
@@ -152,13 +158,16 @@ bad:
 			}
 		}

-	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
+	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL && inegd == NULL)
 		{
 		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
 		}
 	if (inrand != NULL)
 		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
 			app_RAND_load_files(inrand));
+	if (inegd != NULL)
+		BIO_printf(bio_err,"%ld egd bytes loaded\n",
+			RAND_egd(inegd));

 	BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g);
 	BIO_printf(bio_err,"This is going to take a long time\n");

--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -68,6 +68,7 @@
 #include <openssl/dsa.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/rand.h>

 #define DEFBITS	512
 #undef PROG
@@ -80,7 +81,7 @@ int MAIN(int argc, char **argv)
 	DSA *dsa=NULL;
 	int ret=1;
 	char *outfile=NULL;
-	char *inrand=NULL,*dsaparams=NULL;
+	char *inrand=NULL,*inegd=NULL,*dsaparams=NULL;
 	char *passargout = NULL, *passout = NULL;
 	BIO *out=NULL,*in=NULL;
 	EVP_CIPHER *enc=NULL;
@@ -111,6 +112,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			inrand= *(++argv);
 			}
+		else if (strcmp(*argv,"-egd") == 0)
+			{
+			if (--argc < 1) goto bad;
+			inegd= *(++argv);
+			}
 		else if (strcmp(*argv,"-") == 0)
 			goto bad;
 #ifndef NO_DES
@@ -148,6 +154,7 @@ bad:
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"             the random number generator\n");
+		BIO_printf(bio_err," -egd file - load random seed from EGD socket\n");
 		BIO_printf(bio_err," dsaparam-file\n");
 		BIO_printf(bio_err,"           - a DSA parameter file as generated by the dsaparam command\n");
 		goto end;
@@ -188,13 +195,16 @@ bad:
 			}
 		}

-	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
+	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL && inegd == NULL)
 		{
 		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
 		}
 	if (inrand != NULL)
 		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
 			app_RAND_load_files(inrand));
+	if (inegd != NULL)
+		BIO_printf(bio_err,"%ld egd bytes loaded\n",
+			RAND_egd(inegd));

 	BIO_printf(bio_err,"Generating DSA key, %d bits\n",
 							BN_num_bits(dsa->p));

--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -69,6 +69,7 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/rand.h>

 #define DEFBITS	512
 #undef PROG
@@ -88,7 +89,7 @@ int MAIN(int argc, char **argv)
 	unsigned long f4=RSA_F4;
 	char *outfile=NULL;
 	char *passargout = NULL, *passout = NULL;
-	char *inrand=NULL;
+	char *inrand=NULL,*inegd=NULL;
 	BIO *out=NULL;

 	apps_startup();
@@ -121,6 +122,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			inrand= *(++argv);
 			}
+		else if (strcmp(*argv,"-egd") == 0)
+			{
+			if (--argc < 1) goto bad;
+			inegd= *(++argv);
+			}
 #ifndef NO_DES
 		else if (strcmp(*argv,"-des") == 0)
 			enc=EVP_des_cbc();
@@ -157,6 +163,7 @@ bad:
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"                 load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"                 the random number generator\n");
+		BIO_printf(bio_err," -egd file       load random seed from EGD socket\n");
 		goto err;
 		}
 		
@@ -178,13 +185,16 @@ bad:
 			}
 		}

-	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
+	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL && inegd == NULL)
 		{
 		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
 		}
 	if (inrand != NULL)
 		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
 			app_RAND_load_files(inrand));
+	if (inegd != NULL)
+		BIO_printf(bio_err,"%ld egd bytes loaded\n",
+			RAND_egd(inegd));

 	BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n",
 		num);

--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -65,6 +65,7 @@
 #include <openssl/crypto.h>
 #include <openssl/err.h>
 #include <openssl/pem.h>
+#include <openssl/rand.h>
 #include <openssl/pkcs12.h>

 #define PROG pkcs12_main
@@ -116,7 +117,7 @@ int MAIN(int argc, char **argv)
    char *cpass = NULL, *mpass = NULL;
    char *passargin = NULL, *passargout = NULL, *passarg = NULL;
    char *passin = NULL, *passout = NULL;
-    char *inrand = NULL;
+    char *inrand = NULL,*inegd=NULL;

    apps_startup();

@@ -178,6 +179,11 @@ int MAIN(int argc, char **argv)
 			args++;	
 			inrand = *args;
 		    } else badarg = 1;
+		} else if (!strcmp (*args, "-egd")) {
+		    if (args[1]) {
+			args++;	
+			inegd = *args;
+		    } else badarg = 1;
 		} else if (!strcmp (*args, "-inkey")) {
 		    if (args[1]) {
 			args++;	
@@ -269,6 +275,7 @@ int MAIN(int argc, char **argv)
 	BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 	BIO_printf(bio_err,  "              load the file (or the files in the directory) into\n");
 	BIO_printf(bio_err,  "              the random number generator\n");
+	BIO_printf(bio_err,  "-egd file     load random seed from EGD socket\n");
    	goto end;
    }

@@ -296,10 +303,13 @@ int MAIN(int argc, char **argv)
    }

    if(export_cert || inrand) {
-    	app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+    	app_RAND_load_file(NULL, bio_err, (inrand != NULL || inegd != NULL));
        if (inrand != NULL)
 		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
 			app_RAND_load_files(inrand));
+	if (inegd != NULL)
+		BIO_printf(bio_err,"%ld egd bytes loaded\n",
+			RAND_egd(inegd));
    }
    ERR_load_crypto_strings();


--- a/apps/rand.c
+++ b/apps/rand.c
@@ -15,6 +15,7 @@

 /* -out file         - write to file
 * -rand file:file   - PRNG seed files
+ * -egd file         - PRNG seed from EGD named socket
 * -base64           - encode output
 * num               - write 'num' bytes
 */
@@ -26,7 +27,7 @@ int MAIN(int argc, char **argv)
 	int i, r, ret = 1;
 	int badopt;
 	char *outfile = NULL;
-	char *inrand = NULL;
+	char *inrand = NULL,*inegd=NULL;
 	int base64 = 0;
 	BIO *out = NULL;
 	int num = -1;
@@ -55,6 +56,13 @@ int MAIN(int argc, char **argv)
 			else
 				badopt = 1;
 			}
+		else if (strcmp(argv[i], "-egd") == 0)
+			{
+			if ((argv[i+1] != NULL) && (inegd == NULL))
+				inegd = argv[++i];
+			else
+				badopt = 1;
+			}
 		else if (strcmp(argv[i], "-base64") == 0)
 			{
 			if (!base64)
@@ -86,14 +94,18 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err, "where options are\n");
 		BIO_printf(bio_err, "-out file            - write to file\n");
 		BIO_printf(bio_err, "-rand file%cfile%c...  - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+		BIO_printf(bio_err, "-egd file            - seed PRNG from EGD named socket\n");
 		BIO_printf(bio_err, "-base64              - encode output\n");
 		goto err;
 		}

-	app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+	app_RAND_load_file(NULL, bio_err, (inrand != NULL || inegd != NULL));
 	if (inrand != NULL)
 		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
 			app_RAND_load_files(inrand));
+	if (inegd != NULL)
+		BIO_printf(bio_err,"%ld egd bytes loaded\n",
+			RAND_egd(inegd));

 	out = BIO_new(BIO_s_file());
 	if (out == NULL)

--- a/apps/req.c
+++ b/apps/req.c
@@ -103,6 +103,7 @@
 * -key file	- make a request using key in file (or use it for verification).
 * -keyform	- key file format.
 * -rand file(s) - load the file(s) into the PRNG.
+ * -egd file	- load PRNG seed from EGD named socket.
 * -newkey	- make a key and a request.
 * -modulus	- print RSA modulus.
 * -x509	- output a self signed X509 structure instead.
@@ -156,7 +157,7 @@ int MAIN(int argc, char **argv)
 	char *req_exts = NULL;
 	EVP_CIPHER *cipher=NULL;
 	int modulus=0;
-	char *inrand=NULL;
+	char *inrand=NULL,*inegd=NULL;
 	char *passargin = NULL, *passargout = NULL;
 	char *passin = NULL, *passout = NULL;
 	char *p;
@@ -245,6 +246,11 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			inrand= *(++argv);
 			}
+		else if (strcmp(*argv,"-egd") == 0)
+			{
+			if (--argc < 1) goto bad;
+			inegd= *(++argv);
+			}
 		else if (strcmp(*argv,"-newkey") == 0)
 			{
 			int is_numeric;
@@ -381,6 +387,7 @@ bad:
 		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"                load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"                the random number generator\n");
+		BIO_printf(bio_err," -egd file      load random seed from EGD socket\n");
 		BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
 		BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");

@@ -555,7 +562,9 @@ bad:
 		app_RAND_load_file(randfile, bio_err, 0);
 		if (inrand)
 			app_RAND_load_files(inrand);
-	
+		if (inegd)
+			RAND_egd(inegd);
+
 		if (newkey <= 0)
 			{
 			newkey=(int)CONF_get_number(req_conf,SECTION,BITS);

--- a/apps/smime.c
+++ b/apps/smime.c
@@ -63,6 +63,7 @@
 #include "apps.h"
 #include <openssl/crypto.h>
 #include <openssl/pem.h>
+#include <openssl/rand.h>
 #include <openssl/err.h>

 #undef PROG
@@ -100,7 +101,7 @@ int MAIN(int argc, char **argv)
 	char *to = NULL, *from = NULL, *subject = NULL;
 	char *CAfile = NULL, *CApath = NULL;
 	char *passargin = NULL, *passin = NULL;
-	char *inrand = NULL;
+	char *inrand = NULL,*inegd=NULL;
 	int need_rand = 0;
 	args = argv + 1;

@@ -150,6 +151,12 @@ int MAIN(int argc, char **argv)
 				inrand = *args;
 			} else badarg = 1;
 			need_rand = 1;
+		} else if (!strcmp(*args,"-egd")) {
+			if (args[1]) {
+				args++;
+				inegd = *args;
+			} else badarg = 1;
+			need_rand = 1;
 		} else if (!strcmp(*args,"-passin")) {
 			if (args[1]) {
 				args++;
@@ -272,6 +279,7 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,  "               load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,  "               the random number generator\n");
+		BIO_printf(bio_err,  "-egd file      load random seed from EGD socket\n");
 		BIO_printf (bio_err, "cert.pem       recipient certificate(s) for encryption\n");
 		goto end;
 	}
@@ -282,10 +290,13 @@ int MAIN(int argc, char **argv)
 	}

 	if (need_rand) {
-		app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+		app_RAND_load_file(NULL, bio_err, (inrand != NULL || inegd != NULL));
 		if (inrand != NULL)
 			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
 				app_RAND_load_files(inrand));
+		if (inegd != NULL)
+			BIO_printf(bio_err,"%ld egd bytes loaded\n",
+				RAND_egd(inegd));
 	}

 	ret = 2;