generator (otherwise they don't work) and add -rand
option. Update docs.
Changes between 0.9.4 and 0.9.5 [xx XXX 2000]
Changes between 0.9.4 and 0.9.5 [xx XXX 2000]
+ *) Add -rand argument to smime and pkcs12 applications and read/write
+ of seed file.
+ [Steve Henson]
+
*) New 'passwd' tool for crypt(3) and apr1 password hashes.
[Bodo Moeller]
*) New 'passwd' tool for crypt(3) and apr1 password hashes.
[Bodo Moeller]
STACK *canames = NULL;
char *cpass = NULL, *mpass = NULL;
char *passin = NULL, *passout = NULL;
STACK *canames = NULL;
char *cpass = NULL, *mpass = NULL;
char *passin = NULL, *passout = NULL;
badarg = 1;
}
} else badarg = 1;
badarg = 1;
}
} else badarg = 1;
+ } else if (!strcmp (*args, "-rand")) {
+ if (args[1]) {
+ args++;
+ inrand = *args;
+ } else badarg = 1;
} else if (!strcmp (*args, "-inkey")) {
if (args[1]) {
args++;
} else if (!strcmp (*args, "-inkey")) {
if (args[1]) {
args++;
if(!(passin= getenv(*args))) {
BIO_printf(bio_err,
"Can't read environment variable %s\n",
if(!(passin= getenv(*args))) {
BIO_printf(bio_err,
"Can't read environment variable %s\n",
badarg = 1;
}
} else badarg = 1;
badarg = 1;
}
} else badarg = 1;
if(!(passout= getenv(*args))) {
BIO_printf(bio_err,
"Can't read environment variable %s\n",
if(!(passout= getenv(*args))) {
BIO_printf(bio_err,
"Can't read environment variable %s\n",
badarg = 1;
}
} else badarg = 1;
badarg = 1;
}
} else badarg = 1;
BIO_printf (bio_err, "-envpassin p environment variable containing input file pass phrase\n");
BIO_printf (bio_err, "-passout p output file pass phrase\n");
BIO_printf (bio_err, "-envpassout p environment variable containing output file pass phrase\n");
BIO_printf (bio_err, "-envpassin p environment variable containing input file pass phrase\n");
BIO_printf (bio_err, "-passout p output file pass phrase\n");
BIO_printf (bio_err, "-envpassout p environment variable containing output file pass phrase\n");
+ BIO_printf(bio_err, "-rand file:file:...\n");
+ BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
+ BIO_printf(bio_err, " the random number generator\n");
+ if(export_cert || inrand) {
+ app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+ if (inrand != NULL)
+ BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
+ }
ERR_load_crypto_strings();
#ifdef CRYPTO_MDEBUG
ERR_load_crypto_strings();
#ifdef CRYPTO_MDEBUG
PKCS12_free(p12);
ret = 0;
end:
PKCS12_free(p12);
ret = 0;
end:
+ if(export_cert || inrand) app_RAND_write_file(NULL, bio_err);
#ifdef CRYPTO_MDEBUG
CRYPTO_remove_all_info();
#endif
#ifdef CRYPTO_MDEBUG
CRYPTO_remove_all_info();
#endif
int flags = PKCS7_DETACHED;
char *to = NULL, *from = NULL, *subject = NULL;
char *CAfile = NULL, *CApath = NULL, *passin = NULL;
int flags = PKCS7_DETACHED;
char *to = NULL, *from = NULL, *subject = NULL;
char *CAfile = NULL, *CApath = NULL, *passin = NULL;
+ char *inrand = NULL;
+ int need_rand = 0;
args = argv + 1;
ret = 1;
args = argv + 1;
ret = 1;
flags |= PKCS7_BINARY;
else if (!strcmp (*args, "-nosigs"))
flags |= PKCS7_NOSIGS;
flags |= PKCS7_BINARY;
else if (!strcmp (*args, "-nosigs"))
flags |= PKCS7_NOSIGS;
- else if (!strcmp(*argv,"-passin")) {
- if (--argc < 1) badarg = 1;
- else passin= *(++argv);
+ else if (!strcmp(*args,"-rand")) {
+ if (args[1]) {
+ args++;
+ inrand = *args;
+ } else badarg = 1;
+ need_rand = 1;
+ } else if (!strcmp(*args,"-passin")) {
+ if (args[1]) {
+ args++;
+ passin = *args;
+ } else badarg = 1;
} else if (!strcmp(*argv,"-envpassin")) {
} else if (!strcmp(*argv,"-envpassin")) {
- if (--argc < 1) badarg = 1;
- else if(!(passin= getenv(*(++argv)))) {
- BIO_printf(bio_err,
- "Can't read environment variable %s\n",
- *argv);
- badarg = 1;
- }
+ if (args[1]) {
+ args++;
+ if(!(passin= getenv(*args))) {
+ BIO_printf(bio_err,
+ "Can't read environment variable %s\n",
+ *args);
+ badarg = 1;
+ }
+ } else badarg = 1;
} else if (!strcmp (*args, "-to")) {
if (args[1]) {
args++;
} else if (!strcmp (*args, "-to")) {
if (args[1]) {
args++;
BIO_printf(bio_err, "No signer certificate specified\n");
badarg = 1;
}
BIO_printf(bio_err, "No signer certificate specified\n");
badarg = 1;
}
} else if(operation == SMIME_DECRYPT) {
if(!recipfile) {
BIO_printf(bio_err, "No recipient certificate and key specified\n");
} else if(operation == SMIME_DECRYPT) {
if(!recipfile) {
BIO_printf(bio_err, "No recipient certificate and key specified\n");
BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
badarg = 1;
}
BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
badarg = 1;
}
} else if(!operation) badarg = 1;
if (badarg) {
} else if(!operation) badarg = 1;
if (badarg) {
BIO_printf (bio_err, "-text include or delete text MIME headers\n");
BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
BIO_printf (bio_err, "-text include or delete text MIME headers\n");
BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
+ BIO_printf(bio_err, "-rand file:file:...\n");
+ BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
+ BIO_printf(bio_err, " the random number generator\n");
BIO_printf (bio_err, "cert.pem recipient certificate(s) for encryption\n");
goto end;
}
BIO_printf (bio_err, "cert.pem recipient certificate(s) for encryption\n");
goto end;
}
+ if (need_rand) {
+ app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+ if (inrand != NULL)
+ BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
+ }
+
ret = 2;
if(operation != SMIME_SIGN) flags &= ~PKCS7_DETACHED;
ret = 2;
if(operation != SMIME_SIGN) flags &= ~PKCS7_DETACHED;
#ifdef CRYPTO_MDEBUG
CRYPTO_remove_all_info();
#endif
#ifdef CRYPTO_MDEBUG
CRYPTO_remove_all_info();
#endif
+ if (need_rand)
+ app_RAND_write_file(NULL, bio_err);
if(ret) ERR_print_errors(bio_err);
sk_X509_pop_free(encerts, X509_free);
sk_X509_pop_free(other, X509_free);
if(ret) ERR_print_errors(bio_err);
sk_X509_pop_free(encerts, X509_free);
sk_X509_pop_free(other, X509_free);
[B<-envpassin var>]
[B<-passout password>]
[B<-envpassout var>]
[B<-envpassin var>]
[B<-passout password>]
[B<-envpassout var>]
This option is included for compatibility with previous versions, it used
to be needed to use MAC iterations counts but they are now used by default.
This option is included for compatibility with previous versions, it used
to be needed to use MAC iterations counts but they are now used by default.
+=item B<-rand file(s)>
+
+a file or files containing random data used to seed the random number
+generator. Multiple files can be specified separated by a OS-dependent
+character. For MS-Windows, the separator is B<;>. For OpenVMS, it's
+B<,>. For all others, it's B<:>.
+
[B<-from ad>]
[B<-subject s>]
[B<-text>]
[B<-from ad>]
[B<-subject s>]
[B<-text>]
[cert.pem]...
=head1 DESCRIPTION
[cert.pem]...
=head1 DESCRIPTION
private key must be included in the certificate file specified with
the B<-recip> or B<-signer> file.
private key must be included in the certificate file specified with
the B<-recip> or B<-signer> file.
+=item B<-rand file(s)>
+
+a file or files containing random data used to seed the random number
+generator. Multiple files can be specified separated by a OS-dependent
+character. For MS-Windows, the separator is B<;>. For OpenVMS, it's
+B<,>. For all others, it's B<:>.
+
=item B<cert.pem...>
one or more certificates of message recipients: used when encrypting
=item B<cert.pem...>
one or more certificates of message recipients: used when encrypting