diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2014-06-02 16:23:19 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2014-06-02 16:23:19 +0000 |
| commit | 12e8a3d50dec13dc6dabcd1d659f65c7ee8ae428 (patch) | |
| tree | ec8ae9c6a91c631dfb45df35bda4bd24f2183911 | |
| parent | f3baf6550c815e427dd00bc1c3ee8669876143cd (diff) | |
Stop pretending that openssl(1) applications support the -rand option.
The underlying code has long been removed, making this a no-op.
If your random subsystem actually requires that you seed it from a file,
then you really should go and buy a new random subsystem that was built
after 1990.
Diff from Brent Cook.
ok deraadt@
| -rw-r--r-- | lib/libssl/src/apps/cms.c | 9 | ||||
| -rw-r--r-- | lib/libssl/src/apps/dgst.c | 8 | ||||
| -rw-r--r-- | lib/libssl/src/apps/dhparam.c | 10 | ||||
| -rw-r--r-- | lib/libssl/src/apps/dsaparam.c | 7 | ||||
| -rw-r--r-- | lib/libssl/src/apps/ecparam.c | 9 | ||||
| -rw-r--r-- | lib/libssl/src/apps/gendh.c | 10 | ||||
| -rw-r--r-- | lib/libssl/src/apps/gendsa.c | 11 | ||||
| -rw-r--r-- | lib/libssl/src/apps/genrsa.c | 9 | ||||
| -rw-r--r-- | lib/libssl/src/apps/pkcs12.c | 10 | ||||
| -rw-r--r-- | lib/libssl/src/apps/rand.c | 10 | ||||
| -rw-r--r-- | lib/libssl/src/apps/req.c | 9 | ||||
| -rw-r--r-- | lib/libssl/src/apps/s_client.c | 8 | ||||
| -rw-r--r-- | lib/libssl/src/apps/s_server.c | 7 | ||||
| -rw-r--r-- | lib/libssl/src/apps/smime.c | 10 | ||||
| -rw-r--r-- | lib/libssl/src/apps/ts.c | 7 |
15 files changed, 11 insertions, 123 deletions
diff --git a/lib/libssl/src/apps/cms.c b/lib/libssl/src/apps/cms.c index 56a7c95630c..76178b40e20 100644 --- a/lib/libssl/src/apps/cms.c +++ b/lib/libssl/src/apps/cms.c @@ -127,7 +127,6 @@ cms_main(int argc, char **argv) char *to = NULL, *from = NULL, *subject = NULL; char *CAfile = NULL, *CApath = NULL; char *passargin = NULL, *passin = NULL; - char *inrand = NULL; const EVP_MD *sign_md = NULL; int informat = FORMAT_SMIME, outformat = FORMAT_SMIME; int rctformat = FORMAT_SMIME, keyform = FORMAT_PEM; @@ -315,11 +314,6 @@ cms_main(int argc, char **argv) BIO_printf(bio_err, "Invalid OID %s\n", *args); goto argerr; } - } else if (!strcmp(*args, "-rand")) { - if (!args[1]) - goto argerr; - args++; - inrand = *args; } #ifndef OPENSSL_NO_ENGINE else if (!strcmp(*args, "-engine")) { @@ -553,9 +547,6 @@ argerr: BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n"); #endif BIO_printf(bio_err, "-passin arg input file pass phrase source\n"); - BIO_printf(bio_err, "-rand file:file:...\n"); - BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); - BIO_printf(bio_err, " the random number generator\n"); BIO_printf(bio_err, "cert.pem recipient certificate(s) for encryption\n"); goto end; } diff --git a/lib/libssl/src/apps/dgst.c b/lib/libssl/src/apps/dgst.c index 23b7d40cc56..a862da98659 100644 --- a/lib/libssl/src/apps/dgst.c +++ b/lib/libssl/src/apps/dgst.c @@ -116,7 +116,7 @@ dgst_main(int argc, char **argv) int debug = 0; int keyform = FORMAT_PEM; const char *outfile = NULL, *keyfile = NULL; - const char *sigfile = NULL, *randfile = NULL; + const char *sigfile = NULL; int out_bin = -1, want_pub = 0, do_verify = 0; EVP_PKEY *sigkey = NULL; unsigned char *sigbuf = NULL; @@ -151,11 +151,7 @@ dgst_main(int argc, char **argv) separator = 1; else if (strcmp(*argv, "-r") == 0) separator = 2; - else if (strcmp(*argv, "-rand") == 0) { - if (--argc < 1) - break; - randfile = *(++argv); - } else if (strcmp(*argv, "-out") == 0) { + else if (strcmp(*argv, "-out") == 0) { if (--argc < 1) break; outfile = *(++argv); diff --git a/lib/libssl/src/apps/dhparam.c b/lib/libssl/src/apps/dhparam.c index 3245e69d754..c35f902b540 100644 --- a/lib/libssl/src/apps/dhparam.c +++ b/lib/libssl/src/apps/dhparam.c @@ -159,7 +159,6 @@ dhparam_main(int argc, char **argv) BIO *in = NULL, *out = NULL; int informat, outformat, check = 0, noout = 0, C = 0, ret = 1; char *infile, *outfile, *prog; - char *inrand = NULL; #ifndef OPENSSL_NO_ENGINE char *engine = NULL; #endif @@ -217,11 +216,7 @@ dhparam_main(int argc, char **argv) g = 2; else if (strcmp(*argv, "-5") == 0) g = 5; - else if (strcmp(*argv, "-rand") == 0) { - if (--argc < 1) - goto bad; - inrand = *(++argv); - } else if (((sscanf(*argv, "%d", &num) == 0) || (num <= 0))) + else if (((sscanf(*argv, "%d", &num) == 0) || (num <= 0))) goto bad; argv++; argc--; @@ -247,9 +242,6 @@ bad: #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err, " -engine e use engine e, possibly a hardware device.\n"); #endif - BIO_printf(bio_err, " -rand file:file:...\n"); - BIO_printf(bio_err, " - load the file (or the files in the directory) into\n"); - BIO_printf(bio_err, " the random number generator\n"); BIO_printf(bio_err, " -noout no output\n"); goto end; } diff --git a/lib/libssl/src/apps/dsaparam.c b/lib/libssl/src/apps/dsaparam.c index a4eb5b5dfc0..15f022d395b 100644 --- a/lib/libssl/src/apps/dsaparam.c +++ b/lib/libssl/src/apps/dsaparam.c @@ -117,7 +117,7 @@ dsaparam_main(int argc, char **argv) int i, badops = 0, text = 0; BIO *in = NULL, *out = NULL; int informat, outformat, noout = 0, C = 0, ret = 1; - char *infile, *outfile, *prog, *inrand = NULL; + char *infile, *outfile, *prog; int numbits = -1, num, genkey = 0; #ifndef OPENSSL_NO_ENGINE char *engine = NULL; @@ -175,10 +175,6 @@ dsaparam_main(int argc, char **argv) C = 1; else if (strcmp(*argv, "-genkey") == 0) { genkey = 1; - } else if (strcmp(*argv, "-rand") == 0) { - if (--argc < 1) - goto bad; - inrand = *(++argv); } else if (strcmp(*argv, "-noout") == 0) noout = 1; else if (sscanf(*argv, "%d", &num) == 1) { @@ -205,7 +201,6 @@ bad: BIO_printf(bio_err, " -C Output C code\n"); BIO_printf(bio_err, " -noout no output\n"); BIO_printf(bio_err, " -genkey generate a DSA key\n"); - BIO_printf(bio_err, " -rand files to use for random number input\n"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err, " -engine e use engine e, possibly a hardware device.\n"); #endif diff --git a/lib/libssl/src/apps/ecparam.c b/lib/libssl/src/apps/ecparam.c index e5c26c3ad0e..70824e58ded 100644 --- a/lib/libssl/src/apps/ecparam.c +++ b/lib/libssl/src/apps/ecparam.c @@ -107,7 +107,6 @@ * explicit * -no_seed - if 'explicit' parameters are chosen do not use the seed * -genkey - generate ec key - * -rand file - files to use for random number input * -engine e - use engine e, possibly a hardware device */ @@ -124,7 +123,7 @@ ecparam_main(int argc, char **argv) int new_form = 0; int asn1_flag = OPENSSL_EC_NAMED_CURVE; int new_asn1_flag = 0; - char *curve_name = NULL, *inrand = NULL; + char *curve_name = NULL; int list_curves = 0, no_seed = 0, check = 0, badops = 0, text = 0, i, genkey = 0; char *infile = NULL, *outfile = NULL, *prog; @@ -204,10 +203,6 @@ ecparam_main(int argc, char **argv) noout = 1; else if (strcmp(*argv, "-genkey") == 0) { genkey = 1; - } else if (strcmp(*argv, "-rand") == 0) { - if (--argc < 1) - goto bad; - inrand = *(++argv); } else if (strcmp(*argv, "-engine") == 0) { if (--argc < 1) goto bad; @@ -266,8 +261,6 @@ bad: " use the seed\n"); BIO_printf(bio_err, " -genkey generate ec" " key\n"); - BIO_printf(bio_err, " -rand file files to use for" - " random number input\n"); BIO_printf(bio_err, " -engine e use engine e, " "possibly a hardware device\n"); goto end; diff --git a/lib/libssl/src/apps/gendh.c b/lib/libssl/src/apps/gendh.c index 53b09985f75..337529dcff7 100644 --- a/lib/libssl/src/apps/gendh.c +++ b/lib/libssl/src/apps/gendh.c @@ -97,7 +97,6 @@ gendh_main(int argc, char **argv) int ret = 1, num = DEFBITS; int g = 2; char *outfile = NULL; - char *inrand = NULL; #ifndef OPENSSL_NO_ENGINE char *engine = NULL; #endif @@ -131,11 +130,7 @@ gendh_main(int argc, char **argv) engine = *(++argv); } #endif - else if (strcmp(*argv, "-rand") == 0) { - if (--argc < 1) - goto bad; - inrand = *(++argv); - } else + else break; argv++; argc--; @@ -153,9 +148,6 @@ bad: #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err, " -engine e - use engine e, possibly a hardware device.\n"); #endif - BIO_printf(bio_err, " -rand file:file:...\n"); - BIO_printf(bio_err, " - load the file (or the files in the directory) into\n"); - BIO_printf(bio_err, " the random number generator\n"); goto end; } #ifndef OPENSSL_NO_ENGINE diff --git a/lib/libssl/src/apps/gendsa.c b/lib/libssl/src/apps/gendsa.c index 86e03ed882e..14576c71a4e 100644 --- a/lib/libssl/src/apps/gendsa.c +++ b/lib/libssl/src/apps/gendsa.c @@ -85,7 +85,7 @@ gendsa_main(int argc, char **argv) DSA *dsa = NULL; int ret = 1; char *outfile = NULL; - char *inrand = NULL, *dsaparams = NULL; + char *dsaparams = NULL; char *passargout = NULL, *passout = NULL; BIO *out = NULL, *in = NULL; const EVP_CIPHER *enc = NULL; @@ -117,11 +117,7 @@ gendsa_main(int argc, char **argv) engine = *(++argv); } #endif - else if (strcmp(*argv, "-rand") == 0) { - if (--argc < 1) - goto bad; - inrand = *(++argv); - } else if (strcmp(*argv, "-") == 0) + else if (strcmp(*argv, "-") == 0) goto bad; #ifndef OPENSSL_NO_DES else if (strcmp(*argv, "-des") == 0) @@ -179,9 +175,6 @@ bad: #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err, " -engine e - use engine e, possibly a hardware device.\n"); #endif - BIO_printf(bio_err, " -rand file:file:...\n"); - BIO_printf(bio_err, " - load the file (or the files in the directory) into\n"); - BIO_printf(bio_err, " the random number generator\n"); BIO_printf(bio_err, " dsaparam-file\n"); BIO_printf(bio_err, " - a DSA parameter file as generated by the dsaparam command\n"); goto end; diff --git a/lib/libssl/src/apps/genrsa.c b/lib/libssl/src/apps/genrsa.c index 300b4b0da2d..9481dc4218d 100644 --- a/lib/libssl/src/apps/genrsa.c +++ b/lib/libssl/src/apps/genrsa.c @@ -106,7 +106,6 @@ genrsa_main(int argc, char **argv) #ifndef OPENSSL_NO_ENGINE char *engine = NULL; #endif - char *inrand = NULL; BIO *out = NULL; BIGNUM *bn = BN_new(); RSA *rsa = NULL; @@ -143,11 +142,6 @@ genrsa_main(int argc, char **argv) engine = *(++argv); } #endif - else if (strcmp(*argv, "-rand") == 0) { - if (--argc < 1) - goto bad; - inrand = *(++argv); - } #ifndef OPENSSL_NO_DES else if (strcmp(*argv, "-des") == 0) enc = EVP_des_cbc(); @@ -206,9 +200,6 @@ bad: #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err, " -engine e use engine e, possibly a hardware device.\n"); #endif - BIO_printf(bio_err, " -rand file:file:...\n"); - BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); - BIO_printf(bio_err, " the random number generator\n"); goto err; } ERR_load_crypto_strings(); diff --git a/lib/libssl/src/apps/pkcs12.c b/lib/libssl/src/apps/pkcs12.c index f2f1e055443..45cf59cdf30 100644 --- a/lib/libssl/src/apps/pkcs12.c +++ b/lib/libssl/src/apps/pkcs12.c @@ -124,7 +124,6 @@ pkcs12_main(int argc, char **argv) char *cpass = NULL, *mpass = NULL; char *passargin = NULL, *passargout = NULL, *passarg = NULL; char *passin = NULL, *passout = NULL; - char *inrand = NULL; char *macalg = NULL; char *CApath = NULL, *CAfile = NULL; #ifndef OPENSSL_NO_ENGINE @@ -214,12 +213,6 @@ pkcs12_main(int argc, char **argv) } else if (!strcmp(*args, "-keypbe")) { if (!set_pbe(bio_err, &key_pbe, *++args)) badarg = 1; - } else if (!strcmp(*args, "-rand")) { - if (args[1]) { - args++; - inrand = *args; - } else - badarg = 1; } else if (!strcmp(*args, "-inkey")) { if (args[1]) { args++; @@ -364,9 +357,6 @@ pkcs12_main(int argc, char **argv) #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n"); #endif - BIO_printf(bio_err, "-rand file:file:...\n"); - BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); - BIO_printf(bio_err, " the random number generator\n"); BIO_printf(bio_err, "-CSP name Microsoft CSP name\n"); BIO_printf(bio_err, "-LMK Add local machine keyset attribute to private key\n"); goto end; diff --git a/lib/libssl/src/apps/rand.c b/lib/libssl/src/apps/rand.c index 8606e0a40b7..422dcef7444 100644 --- a/lib/libssl/src/apps/rand.c +++ b/lib/libssl/src/apps/rand.c @@ -64,7 +64,6 @@ #include <openssl/rand.h> /* -out file - write to file - * -rand file:file - PRNG seed files * -base64 - base64 encode output * -hex - hex encode output * num - write 'num' bytes @@ -78,7 +77,6 @@ rand_main(int argc, char **argv) int i, r, ret = 1; int badopt; char *outfile = NULL; - char *inrand = NULL; int base64 = 0; int hex = 0; BIO *out = NULL; @@ -107,12 +105,7 @@ rand_main(int argc, char **argv) badopt = 1; } #endif - else if (strcmp(argv[i], "-rand") == 0) { - if ((argv[i + 1] != NULL) && (inrand == NULL)) - inrand = argv[++i]; - else - badopt = 1; - } else if (strcmp(argv[i], "-base64") == 0) { + else if (strcmp(argv[i], "-base64") == 0) { if (!base64) base64 = 1; else @@ -146,7 +139,6 @@ rand_main(int argc, char **argv) #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err, "-engine e - use engine e, possibly a hardware device.\n"); #endif - BIO_printf(bio_err, "-rand file:file:... - seed PRNG from files\n"); BIO_printf(bio_err, "-base64 - base64 encode output\n"); BIO_printf(bio_err, "-hex - hex encode output\n"); goto err; diff --git a/lib/libssl/src/apps/req.c b/lib/libssl/src/apps/req.c index 855f11256f7..2e9154be16e 100644 --- a/lib/libssl/src/apps/req.c +++ b/lib/libssl/src/apps/req.c @@ -115,7 +115,6 @@ * -config file - Load configuration file. * -key file - make a request using key in file (or use it for verification). * -keyform arg - key file format. - * -rand file(s) - load the file(s) into the PRNG. * -newkey - make a key and a request. * -modulus - print RSA modulus. * -pubkey - output Public Key. @@ -179,7 +178,6 @@ req_main(int argc, char **argv) const EVP_CIPHER *cipher = NULL; ASN1_INTEGER *serial = NULL; int modulus = 0; - char *inrand = NULL; char *passargin = NULL, *passargout = NULL; char *passin = NULL, *passout = NULL; char *p; @@ -262,10 +260,6 @@ req_main(int argc, char **argv) if (--argc < 1) goto bad; passargout = *(++argv); - } else if (strcmp(*argv, "-rand") == 0) { - if (--argc < 1) - goto bad; - inrand = *(++argv); } else if (strcmp(*argv, "-newkey") == 0) { if (--argc < 1) goto bad; @@ -381,9 +375,6 @@ bad: BIO_printf(bio_err, " -key file use the private key contained in file\n"); BIO_printf(bio_err, " -keyform arg key file format\n"); BIO_printf(bio_err, " -keyout arg file to send the key to\n"); - BIO_printf(bio_err, " -rand file:file:...\n"); - BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); - BIO_printf(bio_err, " the random number generator\n"); BIO_printf(bio_err, " -newkey rsa:bits generate a new RSA key of 'bits' in size\n"); BIO_printf(bio_err, " -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n"); #ifndef OPENSSL_NO_ECDSA diff --git a/lib/libssl/src/apps/s_client.c b/lib/libssl/src/apps/s_client.c index 0720dc9f2b4..33e4d2a542a 100644 --- a/lib/libssl/src/apps/s_client.c +++ b/lib/libssl/src/apps/s_client.c @@ -316,7 +316,6 @@ sc_usage(void) #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err, " -engine id - Initialise and use the specified engine\n"); #endif - BIO_printf(bio_err, " -rand file:file:...\n"); BIO_printf(bio_err, " -sess_out arg - file to write SSL session to\n"); BIO_printf(bio_err, " -sess_in arg - file to read SSL session from\n"); #ifndef OPENSSL_NO_TLSEXT @@ -437,7 +436,6 @@ s_client_main(int argc, char **argv) const SSL_METHOD *meth = NULL; int socket_type = SOCK_STREAM; BIO *sbio; - char *inrand = NULL; int mbuf_len = 0; struct timeval timeout, *timeoutp; #ifndef OPENSSL_NO_ENGINE @@ -692,11 +690,7 @@ s_client_main(int argc, char **argv) ssl_client_engine_id = *(++argv); } #endif - else if (strcmp(*argv, "-rand") == 0) { - if (--argc < 1) - goto bad; - inrand = *(++argv); - } else if (strcmp(*argv, "-4") == 0) { + else if (strcmp(*argv, "-4") == 0) { af = AF_INET; } else if (strcmp(*argv, "-6") == 0) { af = AF_INET6; diff --git a/lib/libssl/src/apps/s_server.c b/lib/libssl/src/apps/s_server.c index 450f98c7bcb..77384ec2019 100644 --- a/lib/libssl/src/apps/s_server.c +++ b/lib/libssl/src/apps/s_server.c @@ -455,7 +455,6 @@ sv_usage(void) BIO_printf(bio_err, " -engine id - Initialise and use the specified engine\n"); #endif BIO_printf(bio_err, " -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n"); - BIO_printf(bio_err, " -rand file:file:...\n"); #ifndef OPENSSL_NO_TLSEXT BIO_printf(bio_err, " -servername host - servername for HostName TLS extension\n"); BIO_printf(bio_err, " -servername_fatal - on mismatch send fatal alert (default warning alert)\n"); @@ -696,7 +695,6 @@ s_server_main(int argc, char *argv[]) const SSL_METHOD *meth = NULL; int socket_type = SOCK_STREAM; ENGINE *e = NULL; - char *inrand = NULL; int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM; char *passarg = NULL, *pass = NULL; char *dpassarg = NULL, *dpass = NULL; @@ -969,11 +967,6 @@ s_server_main(int argc, char *argv[]) engine_id = *(++argv); } #endif - else if (strcmp(*argv, "-rand") == 0) { - if (--argc < 1) - goto bad; - inrand = *(++argv); - } #ifndef OPENSSL_NO_TLSEXT else if (strcmp(*argv, "-servername") == 0) { if (--argc < 1) diff --git a/lib/libssl/src/apps/smime.c b/lib/libssl/src/apps/smime.c index fe5d0f597d8..3c3fa9d4be4 100644 --- a/lib/libssl/src/apps/smime.c +++ b/lib/libssl/src/apps/smime.c @@ -108,7 +108,6 @@ smime_main(int argc, char **argv) char *to = NULL, *from = NULL, *subject = NULL; char *CAfile = NULL, *CApath = NULL; char *passargin = NULL, *passin = NULL; - char *inrand = NULL; int indef = 0; const EVP_MD *sign_md = NULL; int informat = FORMAT_SMIME, outformat = FORMAT_SMIME; @@ -198,12 +197,6 @@ smime_main(int argc, char **argv) flags |= PKCS7_NOOLDMIMETYPE; else if (!strcmp(*args, "-crlfeol")) flags |= PKCS7_CRLFEOL; - else if (!strcmp(*args, "-rand")) { - if (!args[1]) - goto argerr; - args++; - inrand = *args; - } #ifndef OPENSSL_NO_ENGINE else if (!strcmp(*args, "-engine")) { if (!args[1]) @@ -412,9 +405,6 @@ argerr: BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n"); #endif BIO_printf(bio_err, "-passin arg input file pass phrase source\n"); - BIO_printf(bio_err, "-rand file:file:...\n"); - BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); - BIO_printf(bio_err, " the random number generator\n"); BIO_printf(bio_err, "cert.pem recipient certificate(s) for encryption\n"); goto end; } diff --git a/lib/libssl/src/apps/ts.c b/lib/libssl/src/apps/ts.c index df2e179ce02..403e99ba739 100644 --- a/lib/libssl/src/apps/ts.c +++ b/lib/libssl/src/apps/ts.c @@ -133,7 +133,6 @@ ts_main(int argc, char **argv) char *data = NULL; char *digest = NULL; const EVP_MD *md = NULL; - char *rnd = NULL; char *policy = NULL; int no_nonce = 0; int cert = 0; @@ -181,10 +180,6 @@ ts_main(int argc, char **argv) if (argc-- < 1) goto usage; digest = *++argv; - } else if (strcmp(*argv, "-rand") == 0) { - if (argc-- < 1) - goto usage; - rnd = *++argv; } else if (strcmp(*argv, "-policy") == 0) { if (argc-- < 1) goto usage; @@ -315,7 +310,7 @@ ts_main(int argc, char **argv) usage: BIO_printf(bio_err, "usage:\n" - "ts -query [-rand file:file:...] [-config configfile] " + "ts -query [-config configfile] " "[-data file_to_hash] [-digest digest_bytes]" "[-md2|-md4|-md5|-sha|-sha1|-mdc2|-ripemd160] " "[-policy object_id] [-no_nonce] [-cert] " |