Make pkcs12 and smime applications seed random number

generator (otherwise they don't work) and add -rand option. Update docs.

Make pkcs12 and smime applications seed random number
generator (otherwise they don't work) and add -rand option. Update docs.
d13e4eb0 · Dr. Stephen Henson · 07fc3551 · d13e4eb0 · d13e4eb0 · d13e4eb0
Showing with 74 addition and 13 deletion

CHANGES CHANGES +4 -0

apps/pkcs12.c apps/pkcs12.c +18 -2

apps/smime.c apps/smime.c +36 -11

doc/apps/pkcs12.pod doc/apps/pkcs12.pod +8 -0

doc/apps/smime.pod doc/apps/smime.pod +8 -0

未找到文件。
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@

 Changes between 0.9.4 and 0.9.5  [xx XXX 2000]

+  *) Add -rand argument to smime and pkcs12 applications and read/write
+     of seed file.
+     [Steve Henson]
+
  *) New 'passwd' tool for crypt(3) and apr1 password hashes.
     [Bodo Moeller]


--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -114,6 +114,7 @@ int MAIN(int argc, char **argv)
    STACK *canames = NULL;
    char *cpass = NULL, *mpass = NULL;
    char *passin = NULL, *passout = NULL;
+    char *inrand = NULL;

    apps_startup();

@@ -170,6 +171,11 @@ int MAIN(int argc, char **argv)
 					badarg = 1;
 				}
 			} else badarg = 1;
+		} else if (!strcmp (*args, "-rand")) {
+		    if (args[1]) {
+			args++;	
+			inrand = *args;
+		    } else badarg = 1;
 		} else if (!strcmp (*args, "-inkey")) {
 		    if (args[1]) {
 			args++;	
@@ -212,7 +218,7 @@ int MAIN(int argc, char **argv)
 			if(!(passin= getenv(*args))) {
 				BIO_printf(bio_err,
 				 "Can't read environment variable %s\n",
-								*argv);
+								*args);
 				badarg = 1;
 			}
 		    } else badarg = 1;
@@ -222,7 +228,7 @@ int MAIN(int argc, char **argv)
 			if(!(passout= getenv(*args))) {
 				BIO_printf(bio_err,
 				 "Can't read environment variable %s\n",
-								*argv);
+								*args);
 				badarg = 1;
 			}
 		    } else badarg = 1;
@@ -290,6 +296,9 @@ int MAIN(int argc, char **argv)
 	BIO_printf (bio_err, "-envpassin p  environment variable containing input file pass phrase\n");
 	BIO_printf (bio_err, "-passout p    output file pass phrase\n");
 	BIO_printf (bio_err, "-envpassout p environment variable containing output file pass phrase\n");
+	BIO_printf(bio_err,  "-rand file:file:...\n");
+	BIO_printf(bio_err,  "              load the file (or the files in the directory) into\n");
+	BIO_printf(bio_err,  "              the random number generator\n");
    	goto end;
    }

@@ -306,6 +315,12 @@ int MAIN(int argc, char **argv)
 	mpass = macpass;
    }

+    if(export_cert || inrand) {
+    	app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+        if (inrand != NULL)
+		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+			app_RAND_load_files(inrand));
+    }
    ERR_load_crypto_strings();

 #ifdef CRYPTO_MDEBUG
@@ -558,6 +573,7 @@ int MAIN(int argc, char **argv)
    PKCS12_free(p12);
    ret = 0;
    end:
+    if(export_cert || inrand) app_RAND_write_file(NULL, bio_err);
 #ifdef CRYPTO_MDEBUG
    CRYPTO_remove_all_info();
 #endif

--- a/apps/smime.c
+++ b/apps/smime.c
@@ -102,7 +102,8 @@ int MAIN(int argc, char **argv)
 	int flags = PKCS7_DETACHED;
 	char *to = NULL, *from = NULL, *subject = NULL;
 	char *CAfile = NULL, *CApath = NULL, *passin = NULL;
-
+	char *inrand = NULL;
+	int need_rand = 0;
 	args = argv + 1;

 	ret = 1;
@@ -145,17 +146,27 @@ int MAIN(int argc, char **argv)
 				flags |= PKCS7_BINARY;
 		else if (!strcmp (*args, "-nosigs"))
 				flags |= PKCS7_NOSIGS;
-		else if (!strcmp(*argv,"-passin")) {
-			if (--argc < 1) badarg = 1;
-			else passin= *(++argv);
+		else if (!strcmp(*args,"-rand")) {
+			if (args[1]) {
+				args++;
+				inrand = *args;
+			} else badarg = 1;
+			need_rand = 1;
+		} else if (!strcmp(*args,"-passin")) {
+			if (args[1]) {
+				args++;
+				passin = *args;
+			} else badarg = 1;
 		} else if (!strcmp(*argv,"-envpassin")) {
-			if (--argc < 1) badarg = 1;
-			else if(!(passin= getenv(*(++argv)))) {
-				BIO_printf(bio_err,
-				 "Can't read environment variable %s\n",
-								*argv);
-				badarg = 1;
-			}
+			if (args[1]) {
+				args++;
+				if(!(passin= getenv(*args))) {
+					BIO_printf(bio_err,
+					 "Can't read environment variable %s\n",
+								*args);
+					badarg = 1;
+				}
+			} else badarg = 1;
 		} else if (!strcmp (*args, "-to")) {
 			if (args[1]) {
 				args++;
@@ -220,6 +231,7 @@ int MAIN(int argc, char **argv)
 			BIO_printf(bio_err, "No signer certificate specified\n");
 			badarg = 1;
 		}
+		need_rand = 1;
 	} else if(operation == SMIME_DECRYPT) {
 		if(!recipfile) {
 			BIO_printf(bio_err, "No recipient certificate and key specified\n");
@@ -230,6 +242,7 @@ int MAIN(int argc, char **argv)
 			BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
 			badarg = 1;
 		}
+		need_rand = 1;
 	} else if(!operation) badarg = 1;

 	if (badarg) {
@@ -268,10 +281,20 @@ int MAIN(int argc, char **argv)
 		BIO_printf (bio_err, "-text          include or delete text MIME headers\n");
 		BIO_printf (bio_err, "-CApath dir    trusted certificates directory\n");
 		BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
+		BIO_printf(bio_err,  "-rand file:file:...\n");
+		BIO_printf(bio_err,  "               load the file (or the files in the directory) into\n");
+		BIO_printf(bio_err,  "               the random number generator\n");
 		BIO_printf (bio_err, "cert.pem       recipient certificate(s) for encryption\n");
 		goto end;
 	}

+	if (need_rand) {
+		app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+		if (inrand != NULL)
+			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+				app_RAND_load_files(inrand));
+	}
+
 	ret = 2;

 	if(operation != SMIME_SIGN) flags &= ~PKCS7_DETACHED;
@@ -499,6 +522,8 @@ end:
 #ifdef CRYPTO_MDEBUG
 	CRYPTO_remove_all_info();
 #endif
+	if (need_rand)
+		app_RAND_write_file(NULL, bio_err);
 	if(ret) ERR_print_errors(bio_err);
 	sk_X509_pop_free(encerts, X509_free);
 	sk_X509_pop_free(other, X509_free);

--- a/doc/apps/pkcs12.pod
+++ b/doc/apps/pkcs12.pod
@@ -41,6 +41,7 @@ B<openssl> B<pkcs12>
 [B<-envpassin var>]
 [B<-passout password>]
 [B<-envpassout var>]
+[B<-rand file(s)>]

 =head1 DESCRIPTION

@@ -253,6 +254,13 @@ option.
 This option is included for compatibility with previous versions, it used
 to be needed to use MAC iterations counts but they are now used by default.

+=item B<-rand file(s)>
+
+a file or files containing random data used to seed the random number
+generator. Multiple files can be specified separated by a OS-dependent
+character.  For MS-Windows, the separator is B<;>.  For OpenVMS, it's
+B<,>.  For all others, it's B<:>.
+
 =back

 =head1 NOTES

--- a/doc/apps/smime.pod
+++ b/doc/apps/smime.pod
@@ -28,6 +28,7 @@ B<openssl> B<smime>
 [B<-from ad>]
 [B<-subject s>]
 [B<-text>]
+[B<-rand file(s)>]
 [cert.pem]...

 =head1 DESCRIPTION
@@ -173,6 +174,13 @@ corresponding certificate. If this option is not specified then the
 private key must be included in the certificate file specified with
 the B<-recip> or B<-signer> file.

+=item B<-rand file(s)>
+
+a file or files containing random data used to seed the random number
+generator. Multiple files can be specified separated by a OS-dependent
+character.  For MS-Windows, the separator is B<;>.  For OpenVMS, it's
+B<,>.  For all others, it's B<:>.
+
 =item B<cert.pem...>

 one or more certificates of message recipients: used when encrypting