{"noemailDN", OPT_NOEMAILDN, '-', "Don't add the EMAIL field to the DN"},
OPT_SECTION("Signing"),
- {"md", OPT_MD, 's', "md to use; one of md2, md5, sha or sha1"},
+ {"md", OPT_MD, 's', "Digest to use, such as sha256"},
{"keyfile", OPT_KEYFILE, 's', "The CA private key"},
{"keyform", OPT_KEYFORM, 'f',
"Private key file format (ENGINE, other values ignored)"},
goto end;
app_RAND_load_conf(conf, BASE_SECTION);
+ app_RAND_load();
f = NCONF_get_string(conf, section, STRING_MASK);
if (f == NULL)
break;
}
}
+ app_RAND_load();
/* Remaining args are files to process. */
argc = opt_num_rest();
BIO_printf(bio_err, "%s: Can only sign or verify one file.\n", prog);
goto end;
}
+ app_RAND_load();
if (do_verify && sigfile == NULL) {
BIO_printf(bio_err,
} else if (argc != 0) {
goto opthelp;
}
+ app_RAND_load();
if (g && !num)
} else if (argc != 0) {
goto opthelp;
}
+ app_RAND_load();
/* generate a key */
numbits = num;
if (argc != 0)
goto opthelp;
+ app_RAND_load();
private = genkey ? 1 : 0;
in = bio_open_default(infile, 'r', informat);
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
+ app_RAND_load();
/* Get the cipher name, either from progname (if set) or flag. */
if (ciphername != NULL) {
if (argc != 1)
goto opthelp;
+ app_RAND_load();
dsaparams = argv[0];
private = 1;
goto opthelp;
}
+ app_RAND_load();
private = 1;
if (!app_passwd(NULL, passoutarg, NULL, &passout)) {
BIO_printf(bio_err, "Error getting password\n");
void app_RAND_load_conf(CONF *c, const char *section);
void app_RAND_write(void);
+int app_RAND_load(void);
extern char *default_config_file; /* may be "" */
extern BIO *bio_in;
#include <openssl/conf.h>
static char *save_rand_file;
+static char *load_rand_file;
void app_RAND_load_conf(CONF *c, const char *section)
{
save_rand_file = OPENSSL_strdup(randfile);
}
-static int loadfiles(char *name)
+int app_RAND_load(void)
{
char *p;
int last, ret = 1;
+ if (load_rand_file == NULL)
+ return 1;
+
for ( ; ; ) {
last = 0;
- for (p = name; *p != '\0' && *p != LIST_SEPARATOR_CHAR; p++)
+ for (p = load_rand_file; *p != '\0' && *p != LIST_SEPARATOR_CHAR; p++)
continue;
if (*p == '\0')
last = 1;
*p = '\0';
- if (RAND_load_file(name, -1) < 0) {
- BIO_printf(bio_err, "Can't load %s into RNG\n", name);
+ if (RAND_load_file(load_rand_file, -1) < 0) {
+ BIO_printf(bio_err, "Can't load %s into RNG\n", load_rand_file);
ERR_print_errors(bio_err);
ret = 0;
}
if (last)
break;
- name = p + 1;
- if (*name == '\0')
+ load_rand_file = p + 1;
+ if (*load_rand_file == '\0')
break;
}
return ret;
case OPT_R__LAST:
break;
case OPT_R_RAND:
- return loadfiles(opt_arg());
+ load_rand_file = opt_arg();
break;
case OPT_R_WRITERAND:
OPENSSL_free(save_rand_file);
passwds = argv;
}
+ app_RAND_load();
if (mode == passwd_unset) {
/* use default */
mode = passwd_md5;
if (argc != 0)
goto opthelp;
+ app_RAND_load();
if (export_pkcs12) {
if ((options & INFO) != 0)
WARN_EXPORT("info");
goto opthelp;
private = 1;
+ app_RAND_load();
if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
if (argc != 0)
goto opthelp;
+ app_RAND_load();
+
if (rawin && pkey_op != EVP_PKEY_OP_SIGN && pkey_op != EVP_PKEY_OP_VERIFY) {
BIO_printf(bio_err,
"%s: -rawin can only be used with -sign or -verify\n",
goto opthelp;
}
+ app_RAND_load();
out = bio_open_default(outfile, 'w', format);
if (out == NULL)
goto end;
if (argc != 0)
goto opthelp;
+ app_RAND_load();
if (!gen_x509) {
if (days != UNSET_DAYS)
BIO_printf(bio_err, "Ignoring -days without -x509; not generating a certificate\n");
if (argc != 0)
goto opthelp;
+ app_RAND_load();
if (need_priv && (key_type != KEY_PRIVKEY)) {
BIO_printf(bio_err, "A private key is needed for this operation\n");
goto end;
/* Optional argument is connect string if -connect not used. */
argc = opt_num_rest();
if (argc == 1) {
- /*
- * Don't allow -connect and a separate argument.
- */
+ /* Don't allow -connect and a separate argument. */
if (connectstr != NULL) {
BIO_printf(bio_err,
"%s: cannot provide both -connect option and target parameter\n",
} else if (argc != 0) {
goto opthelp;
}
+ app_RAND_load();
if (count4or6 >= 2) {
BIO_printf(bio_err, "%s: Can't use both -4 and -6\n", prog);
if (argc != 0)
goto opthelp;
+ app_RAND_load();
#ifndef OPENSSL_NO_NEXTPROTONEG
if (min_version == TLS1_3_VERSION && next_proto_neg_in != NULL) {
BIO_printf(bio_err, "Cannot supply -nextprotoneg with TLSv1.3\n");
argc = opt_num_rest();
argv = opt_rest();
+ app_RAND_load();
if (!(operation & SMIME_SIGNERS) && (skkeys != NULL || sksigners != NULL)) {
BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
goto opthelp;
argc = opt_num_rest();
argv = opt_rest();
+ app_RAND_load();
for (; *argv; argv++) {
const char *algo = *argv;
argc = opt_num_rest();
argv = opt_rest();
+ app_RAND_load();
if (srpvfile != NULL && configfile != NULL) {
BIO_printf(bio_err,
"-srpvfile and -configfile cannot be specified together.\n");
if (argc != 0 || mode == OPT_ERR)
goto opthelp;
+ app_RAND_load();
if (mode == OPT_REPLY && passin &&
!app_passwd(passin, NULL, &password, NULL)) {
BIO_printf(bio_err, "Error getting password.\n");
if (argc != 0)
goto opthelp;
+ app_RAND_load();
if (preserve_dates && days != UNSET_DAYS) {
BIO_printf(bio_err, "Cannot use -preserve_dates with -days option\n");
goto end;