提交 20d242b0 编写于 作者: R Richard Levitte

Make it possible for users of the openssl applications to specify the

EGD should be used as seeding input, and where the named socket is.
上级 dffd72f1
...@@ -121,6 +121,7 @@ ...@@ -121,6 +121,7 @@
#include <openssl/dh.h> #include <openssl/dh.h>
#include <openssl/x509.h> #include <openssl/x509.h>
#include <openssl/pem.h> #include <openssl/pem.h>
#include <openssl/rand.h>
#ifndef NO_DSA #ifndef NO_DSA
#include <openssl/dsa.h> #include <openssl/dsa.h>
...@@ -156,7 +157,7 @@ int MAIN(int argc, char **argv) ...@@ -156,7 +157,7 @@ int MAIN(int argc, char **argv)
BIO *in=NULL,*out=NULL; BIO *in=NULL,*out=NULL;
int informat,outformat,check=0,noout=0,C=0,ret=1; int informat,outformat,check=0,noout=0,C=0,ret=1;
char *infile,*outfile,*prog; char *infile,*outfile,*prog;
char *inrand=NULL; char *inrand=NULL, *inegd=NULL;
int num = 0, g = 0; int num = 0, g = 0;
apps_startup(); apps_startup();
...@@ -216,6 +217,11 @@ int MAIN(int argc, char **argv) ...@@ -216,6 +217,11 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
inrand= *(++argv); inrand= *(++argv);
} }
else if (strcmp(*argv,"-egd") == 0)
{
if (--argc < 1) goto bad;
inegd= *(++argv);
}
else if (((sscanf(*argv,"%d",&num) == 0) || (num <= 0))) else if (((sscanf(*argv,"%d",&num) == 0) || (num <= 0)))
goto bad; goto bad;
argv++; argv++;
...@@ -241,8 +247,9 @@ bad: ...@@ -241,8 +247,9 @@ bad:
BIO_printf(bio_err," -5 generate parameters using 5 as the generator value\n"); BIO_printf(bio_err," -5 generate parameters using 5 as the generator value\n");
BIO_printf(bio_err," numbits number of bits in to generate (default 512)\n"); BIO_printf(bio_err," numbits number of bits in to generate (default 512)\n");
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); BIO_printf(bio_err," load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n"); BIO_printf(bio_err," the random number generator\n");
BIO_printf(bio_err," -egd file load random seed from EGD socket\n");
BIO_printf(bio_err," -noout no output\n"); BIO_printf(bio_err," -noout no output\n");
goto end; goto end;
} }
...@@ -271,13 +278,17 @@ bad: ...@@ -271,13 +278,17 @@ bad:
if(num) { if(num) {
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) if (!app_RAND_load_file(NULL, bio_err, 1)
&& inrand == NULL && inegd == NULL)
{ {
BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
} }
if (inrand != NULL) if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n", BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand)); app_RAND_load_files(inrand));
if (inegd != NULL)
BIO_printf(bio_err,"%ld egd bytes loaded\n",
RAND_egd(inegd));
#ifndef NO_DSA #ifndef NO_DSA
if (dsaparam) if (dsaparam)
......
...@@ -69,6 +69,7 @@ ...@@ -69,6 +69,7 @@
#include <openssl/dsa.h> #include <openssl/dsa.h>
#include <openssl/x509.h> #include <openssl/x509.h>
#include <openssl/pem.h> #include <openssl/pem.h>
#include <openssl/rand.h>
#undef PROG #undef PROG
#define PROG dsaparam_main #define PROG dsaparam_main
...@@ -94,7 +95,7 @@ int MAIN(int argc, char **argv) ...@@ -94,7 +95,7 @@ int MAIN(int argc, char **argv)
int i,badops=0,text=0; int i,badops=0,text=0;
BIO *in=NULL,*out=NULL; BIO *in=NULL,*out=NULL;
int informat,outformat,noout=0,C=0,ret=1; int informat,outformat,noout=0,C=0,ret=1;
char *infile,*outfile,*prog,*inrand=NULL; char *infile,*outfile,*prog,*inrand=NULL,*inegd=NULL;
int numbits= -1,num,genkey=0; int numbits= -1,num,genkey=0;
int need_rand=0; int need_rand=0;
...@@ -149,6 +150,12 @@ int MAIN(int argc, char **argv) ...@@ -149,6 +150,12 @@ int MAIN(int argc, char **argv)
inrand= *(++argv); inrand= *(++argv);
need_rand=1; need_rand=1;
} }
else if (strcmp(*argv,"-egd") == 0)
{
if (--argc < 1) goto bad;
inegd= *(++argv);
need_rand=1;
}
else if (strcmp(*argv,"-noout") == 0) else if (strcmp(*argv,"-noout") == 0)
noout=1; noout=1;
else if (sscanf(*argv,"%d",&num) == 1) else if (sscanf(*argv,"%d",&num) == 1)
...@@ -179,7 +186,10 @@ bad: ...@@ -179,7 +186,10 @@ bad:
BIO_printf(bio_err," -text print the key in text\n"); BIO_printf(bio_err," -text print the key in text\n");
BIO_printf(bio_err," -C Output C code\n"); BIO_printf(bio_err," -C Output C code\n");
BIO_printf(bio_err," -noout no output\n"); BIO_printf(bio_err," -noout no output\n");
BIO_printf(bio_err," -rand files to use for random number input\n"); BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
BIO_printf(bio_err," -egd file load random seed from EGD socket\n");
BIO_printf(bio_err," number number of bits to use for generating private key\n"); BIO_printf(bio_err," number number of bits to use for generating private key\n");
goto end; goto end;
} }
...@@ -217,10 +227,14 @@ bad: ...@@ -217,10 +227,14 @@ bad:
if (need_rand) if (need_rand)
{ {
app_RAND_load_file(NULL, bio_err, (inrand != NULL)); app_RAND_load_file(NULL, bio_err,
(inrand != NULL || inegd != NULL));
if (inrand != NULL) if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n", BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand)); app_RAND_load_files(inrand));
if (inegd != NULL)
BIO_printf(bio_err,"%ld egd bytes loaded\n",
RAND_egd(inegd));
} }
if (numbits > 0) if (numbits > 0)
......
...@@ -85,7 +85,7 @@ int MAIN(int argc, char **argv) ...@@ -85,7 +85,7 @@ int MAIN(int argc, char **argv)
int ret=1,num=DEFBITS; int ret=1,num=DEFBITS;
int g=2; int g=2;
char *outfile=NULL; char *outfile=NULL;
char *inrand=NULL; char *inrand=NULL,*inegd=NULL;
BIO *out=NULL; BIO *out=NULL;
apps_startup(); apps_startup();
...@@ -115,6 +115,11 @@ int MAIN(int argc, char **argv) ...@@ -115,6 +115,11 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
inrand= *(++argv); inrand= *(++argv);
} }
else if (strcmp(*argv,"-egd") == 0)
{
if (--argc < 1) goto bad;
inegd= *(++argv);
}
else else
break; break;
argv++; argv++;
...@@ -125,12 +130,13 @@ int MAIN(int argc, char **argv) ...@@ -125,12 +130,13 @@ int MAIN(int argc, char **argv)
bad: bad:
BIO_printf(bio_err,"usage: gendh [args] [numbits]\n"); BIO_printf(bio_err,"usage: gendh [args] [numbits]\n");
BIO_printf(bio_err," -out file - output the key to 'file\n"); BIO_printf(bio_err," -out file - output the key to 'file\n");
BIO_printf(bio_err," -2 use 2 as the generator value\n"); BIO_printf(bio_err," -2 - use 2 as the generator value\n");
/* BIO_printf(bio_err," -3 use 3 as the generator value\n"); */ /* BIO_printf(bio_err," -3 - use 3 as the generator value\n"); */
BIO_printf(bio_err," -5 use 5 as the generator value\n"); BIO_printf(bio_err," -5 - use 5 as the generator value\n");
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n"); BIO_printf(bio_err," the random number generator\n");
BIO_printf(bio_err," -egd file - load random seed from EGD socket\n");
goto end; goto end;
} }
...@@ -152,13 +158,16 @@ bad: ...@@ -152,13 +158,16 @@ bad:
} }
} }
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL && inegd == NULL)
{ {
BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
} }
if (inrand != NULL) if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n", BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand)); app_RAND_load_files(inrand));
if (inegd != NULL)
BIO_printf(bio_err,"%ld egd bytes loaded\n",
RAND_egd(inegd));
BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g); BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g);
BIO_printf(bio_err,"This is going to take a long time\n"); BIO_printf(bio_err,"This is going to take a long time\n");
......
...@@ -68,6 +68,7 @@ ...@@ -68,6 +68,7 @@
#include <openssl/dsa.h> #include <openssl/dsa.h>
#include <openssl/x509.h> #include <openssl/x509.h>
#include <openssl/pem.h> #include <openssl/pem.h>
#include <openssl/rand.h>
#define DEFBITS 512 #define DEFBITS 512
#undef PROG #undef PROG
...@@ -80,7 +81,7 @@ int MAIN(int argc, char **argv) ...@@ -80,7 +81,7 @@ int MAIN(int argc, char **argv)
DSA *dsa=NULL; DSA *dsa=NULL;
int ret=1; int ret=1;
char *outfile=NULL; char *outfile=NULL;
char *inrand=NULL,*dsaparams=NULL; char *inrand=NULL,*inegd=NULL,*dsaparams=NULL;
char *passargout = NULL, *passout = NULL; char *passargout = NULL, *passout = NULL;
BIO *out=NULL,*in=NULL; BIO *out=NULL,*in=NULL;
EVP_CIPHER *enc=NULL; EVP_CIPHER *enc=NULL;
...@@ -111,6 +112,11 @@ int MAIN(int argc, char **argv) ...@@ -111,6 +112,11 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
inrand= *(++argv); inrand= *(++argv);
} }
else if (strcmp(*argv,"-egd") == 0)
{
if (--argc < 1) goto bad;
inegd= *(++argv);
}
else if (strcmp(*argv,"-") == 0) else if (strcmp(*argv,"-") == 0)
goto bad; goto bad;
#ifndef NO_DES #ifndef NO_DES
...@@ -148,6 +154,7 @@ bad: ...@@ -148,6 +154,7 @@ bad:
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n"); BIO_printf(bio_err," the random number generator\n");
BIO_printf(bio_err," -egd file - load random seed from EGD socket\n");
BIO_printf(bio_err," dsaparam-file\n"); BIO_printf(bio_err," dsaparam-file\n");
BIO_printf(bio_err," - a DSA parameter file as generated by the dsaparam command\n"); BIO_printf(bio_err," - a DSA parameter file as generated by the dsaparam command\n");
goto end; goto end;
...@@ -188,13 +195,16 @@ bad: ...@@ -188,13 +195,16 @@ bad:
} }
} }
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL && inegd == NULL)
{ {
BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
} }
if (inrand != NULL) if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n", BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand)); app_RAND_load_files(inrand));
if (inegd != NULL)
BIO_printf(bio_err,"%ld egd bytes loaded\n",
RAND_egd(inegd));
BIO_printf(bio_err,"Generating DSA key, %d bits\n", BIO_printf(bio_err,"Generating DSA key, %d bits\n",
BN_num_bits(dsa->p)); BN_num_bits(dsa->p));
......
...@@ -69,6 +69,7 @@ ...@@ -69,6 +69,7 @@
#include <openssl/evp.h> #include <openssl/evp.h>
#include <openssl/x509.h> #include <openssl/x509.h>
#include <openssl/pem.h> #include <openssl/pem.h>
#include <openssl/rand.h>
#define DEFBITS 512 #define DEFBITS 512
#undef PROG #undef PROG
...@@ -88,7 +89,7 @@ int MAIN(int argc, char **argv) ...@@ -88,7 +89,7 @@ int MAIN(int argc, char **argv)
unsigned long f4=RSA_F4; unsigned long f4=RSA_F4;
char *outfile=NULL; char *outfile=NULL;
char *passargout = NULL, *passout = NULL; char *passargout = NULL, *passout = NULL;
char *inrand=NULL; char *inrand=NULL,*inegd=NULL;
BIO *out=NULL; BIO *out=NULL;
apps_startup(); apps_startup();
...@@ -121,6 +122,11 @@ int MAIN(int argc, char **argv) ...@@ -121,6 +122,11 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
inrand= *(++argv); inrand= *(++argv);
} }
else if (strcmp(*argv,"-egd") == 0)
{
if (--argc < 1) goto bad;
inegd= *(++argv);
}
#ifndef NO_DES #ifndef NO_DES
else if (strcmp(*argv,"-des") == 0) else if (strcmp(*argv,"-des") == 0)
enc=EVP_des_cbc(); enc=EVP_des_cbc();
...@@ -157,6 +163,7 @@ bad: ...@@ -157,6 +163,7 @@ bad:
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," load the file (or the files in the directory) into\n"); BIO_printf(bio_err," load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n"); BIO_printf(bio_err," the random number generator\n");
BIO_printf(bio_err," -egd file load random seed from EGD socket\n");
goto err; goto err;
} }
...@@ -178,13 +185,16 @@ bad: ...@@ -178,13 +185,16 @@ bad:
} }
} }
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL && inegd == NULL)
{ {
BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
} }
if (inrand != NULL) if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n", BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand)); app_RAND_load_files(inrand));
if (inegd != NULL)
BIO_printf(bio_err,"%ld egd bytes loaded\n",
RAND_egd(inegd));
BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n", BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n",
num); num);
......
...@@ -65,6 +65,7 @@ ...@@ -65,6 +65,7 @@
#include <openssl/crypto.h> #include <openssl/crypto.h>
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/pem.h> #include <openssl/pem.h>
#include <openssl/rand.h>
#include <openssl/pkcs12.h> #include <openssl/pkcs12.h>
#define PROG pkcs12_main #define PROG pkcs12_main
...@@ -116,7 +117,7 @@ int MAIN(int argc, char **argv) ...@@ -116,7 +117,7 @@ int MAIN(int argc, char **argv)
char *cpass = NULL, *mpass = NULL; char *cpass = NULL, *mpass = NULL;
char *passargin = NULL, *passargout = NULL, *passarg = NULL; char *passargin = NULL, *passargout = NULL, *passarg = NULL;
char *passin = NULL, *passout = NULL; char *passin = NULL, *passout = NULL;
char *inrand = NULL; char *inrand = NULL,*inegd=NULL;
apps_startup(); apps_startup();
...@@ -178,6 +179,11 @@ int MAIN(int argc, char **argv) ...@@ -178,6 +179,11 @@ int MAIN(int argc, char **argv)
args++; args++;
inrand = *args; inrand = *args;
} else badarg = 1; } else badarg = 1;
} else if (!strcmp (*args, "-egd")) {
if (args[1]) {
args++;
inegd = *args;
} else badarg = 1;
} else if (!strcmp (*args, "-inkey")) { } else if (!strcmp (*args, "-inkey")) {
if (args[1]) { if (args[1]) {
args++; args++;
...@@ -269,6 +275,7 @@ int MAIN(int argc, char **argv) ...@@ -269,6 +275,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
BIO_printf(bio_err, " the random number generator\n"); BIO_printf(bio_err, " the random number generator\n");
BIO_printf(bio_err, "-egd file load random seed from EGD socket\n");
goto end; goto end;
} }
...@@ -296,10 +303,13 @@ int MAIN(int argc, char **argv) ...@@ -296,10 +303,13 @@ int MAIN(int argc, char **argv)
} }
if(export_cert || inrand) { if(export_cert || inrand) {
app_RAND_load_file(NULL, bio_err, (inrand != NULL)); app_RAND_load_file(NULL, bio_err, (inrand != NULL || inegd != NULL));
if (inrand != NULL) if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n", BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand)); app_RAND_load_files(inrand));
if (inegd != NULL)
BIO_printf(bio_err,"%ld egd bytes loaded\n",
RAND_egd(inegd));
} }
ERR_load_crypto_strings(); ERR_load_crypto_strings();
......
...@@ -15,6 +15,7 @@ ...@@ -15,6 +15,7 @@
/* -out file - write to file /* -out file - write to file
* -rand file:file - PRNG seed files * -rand file:file - PRNG seed files
* -egd file - PRNG seed from EGD named socket
* -base64 - encode output * -base64 - encode output
* num - write 'num' bytes * num - write 'num' bytes
*/ */
...@@ -26,7 +27,7 @@ int MAIN(int argc, char **argv) ...@@ -26,7 +27,7 @@ int MAIN(int argc, char **argv)
int i, r, ret = 1; int i, r, ret = 1;
int badopt; int badopt;
char *outfile = NULL; char *outfile = NULL;
char *inrand = NULL; char *inrand = NULL,*inegd=NULL;
int base64 = 0; int base64 = 0;
BIO *out = NULL; BIO *out = NULL;
int num = -1; int num = -1;
...@@ -55,6 +56,13 @@ int MAIN(int argc, char **argv) ...@@ -55,6 +56,13 @@ int MAIN(int argc, char **argv)
else else
badopt = 1; badopt = 1;
} }
else if (strcmp(argv[i], "-egd") == 0)
{
if ((argv[i+1] != NULL) && (inegd == NULL))
inegd = argv[++i];
else
badopt = 1;
}
else if (strcmp(argv[i], "-base64") == 0) else if (strcmp(argv[i], "-base64") == 0)
{ {
if (!base64) if (!base64)
...@@ -86,14 +94,18 @@ int MAIN(int argc, char **argv) ...@@ -86,14 +94,18 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "where options are\n"); BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, "-out file - write to file\n"); BIO_printf(bio_err, "-out file - write to file\n");
BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err, "-egd file - seed PRNG from EGD named socket\n");
BIO_printf(bio_err, "-base64 - encode output\n"); BIO_printf(bio_err, "-base64 - encode output\n");
goto err; goto err;
} }
app_RAND_load_file(NULL, bio_err, (inrand != NULL)); app_RAND_load_file(NULL, bio_err, (inrand != NULL || inegd != NULL));
if (inrand != NULL) if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n", BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand)); app_RAND_load_files(inrand));
if (inegd != NULL)
BIO_printf(bio_err,"%ld egd bytes loaded\n",
RAND_egd(inegd));
out = BIO_new(BIO_s_file()); out = BIO_new(BIO_s_file());
if (out == NULL) if (out == NULL)
......
...@@ -103,6 +103,7 @@ ...@@ -103,6 +103,7 @@
* -key file - make a request using key in file (or use it for verification). * -key file - make a request using key in file (or use it for verification).
* -keyform - key file format. * -keyform - key file format.
* -rand file(s) - load the file(s) into the PRNG. * -rand file(s) - load the file(s) into the PRNG.
* -egd file - load PRNG seed from EGD named socket.
* -newkey - make a key and a request. * -newkey - make a key and a request.
* -modulus - print RSA modulus. * -modulus - print RSA modulus.
* -x509 - output a self signed X509 structure instead. * -x509 - output a self signed X509 structure instead.
...@@ -156,7 +157,7 @@ int MAIN(int argc, char **argv) ...@@ -156,7 +157,7 @@ int MAIN(int argc, char **argv)
char *req_exts = NULL; char *req_exts = NULL;
EVP_CIPHER *cipher=NULL; EVP_CIPHER *cipher=NULL;
int modulus=0; int modulus=0;
char *inrand=NULL; char *inrand=NULL,*inegd=NULL;
char *passargin = NULL, *passargout = NULL; char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL; char *passin = NULL, *passout = NULL;
char *p; char *p;
...@@ -245,6 +246,11 @@ int MAIN(int argc, char **argv) ...@@ -245,6 +246,11 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
inrand= *(++argv); inrand= *(++argv);
} }
else if (strcmp(*argv,"-egd") == 0)
{
if (--argc < 1) goto bad;
inegd= *(++argv);
}
else if (strcmp(*argv,"-newkey") == 0) else if (strcmp(*argv,"-newkey") == 0)
{ {
int is_numeric; int is_numeric;
...@@ -381,6 +387,7 @@ bad: ...@@ -381,6 +387,7 @@ bad:
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," load the file (or the files in the directory) into\n"); BIO_printf(bio_err," load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n"); BIO_printf(bio_err," the random number generator\n");
BIO_printf(bio_err," -egd file load random seed from EGD socket\n");
BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n"); BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n"); BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
...@@ -555,7 +562,9 @@ bad: ...@@ -555,7 +562,9 @@ bad:
app_RAND_load_file(randfile, bio_err, 0); app_RAND_load_file(randfile, bio_err, 0);
if (inrand) if (inrand)
app_RAND_load_files(inrand); app_RAND_load_files(inrand);
if (inegd)
RAND_egd(inegd);
if (newkey <= 0) if (newkey <= 0)
{ {
newkey=(int)CONF_get_number(req_conf,SECTION,BITS); newkey=(int)CONF_get_number(req_conf,SECTION,BITS);
......
...@@ -63,6 +63,7 @@ ...@@ -63,6 +63,7 @@
#include "apps.h" #include "apps.h"
#include <openssl/crypto.h> #include <openssl/crypto.h>
#include <openssl/pem.h> #include <openssl/pem.h>
#include <openssl/rand.h>
#include <openssl/err.h> #include <openssl/err.h>
#undef PROG #undef PROG
...@@ -100,7 +101,7 @@ int MAIN(int argc, char **argv) ...@@ -100,7 +101,7 @@ int MAIN(int argc, char **argv)
char *to = NULL, *from = NULL, *subject = NULL; char *to = NULL, *from = NULL, *subject = NULL;
char *CAfile = NULL, *CApath = NULL; char *CAfile = NULL, *CApath = NULL;
char *passargin = NULL, *passin = NULL; char *passargin = NULL, *passin = NULL;
char *inrand = NULL; char *inrand = NULL,*inegd=NULL;
int need_rand = 0; int need_rand = 0;
args = argv + 1; args = argv + 1;
...@@ -150,6 +151,12 @@ int MAIN(int argc, char **argv) ...@@ -150,6 +151,12 @@ int MAIN(int argc, char **argv)
inrand = *args; inrand = *args;
} else badarg = 1; } else badarg = 1;
need_rand = 1; need_rand = 1;
} else if (!strcmp(*args,"-egd")) {
if (args[1]) {
args++;
inegd = *args;
} else badarg = 1;
need_rand = 1;
} else if (!strcmp(*args,"-passin")) { } else if (!strcmp(*args,"-passin")) {
if (args[1]) { if (args[1]) {
args++; args++;
...@@ -272,6 +279,7 @@ int MAIN(int argc, char **argv) ...@@ -272,6 +279,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
BIO_printf(bio_err, " the random number generator\n"); BIO_printf(bio_err, " the random number generator\n");
BIO_printf(bio_err, "-egd file load random seed from EGD socket\n");
BIO_printf (bio_err, "cert.pem recipient certificate(s) for encryption\n"); BIO_printf (bio_err, "cert.pem recipient certificate(s) for encryption\n");
goto end; goto end;
} }
...@@ -282,10 +290,13 @@ int MAIN(int argc, char **argv) ...@@ -282,10 +290,13 @@ int MAIN(int argc, char **argv)
} }
if (need_rand) { if (need_rand) {
app_RAND_load_file(NULL, bio_err, (inrand != NULL)); app_RAND_load_file(NULL, bio_err, (inrand != NULL || inegd != NULL));
if (inrand != NULL) if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n", BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand)); app_RAND_load_files(inrand));
if (inegd != NULL)
BIO_printf(bio_err,"%ld egd bytes loaded\n",
RAND_egd(inegd));
} }
ret = 2; ret = 2;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册