Undo the changes I just made. I'm not sure what I was thinking of.
The message to everyone is "Do not hack OpenSSL when stressed"...
diff --git a/CHANGES b/CHANGES
index 6e8aa42..2e42b7f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,15 +4,6 @@
Changes between 0.9.5a and 0.9.6 [xx XXX 2000]
- *) Add the possibility, through the -egd parameter, to tell the openssl
- applications that EGD should be used as seeding source, and where
- the EGD named socket is.
- [Richard Levitte]
-
- *) Add the possibility to tell RAND_egd() and RAND_egd_bytes() where
- the EGD named socket is through the environment variable RANDEGD.
- [Richard Levitte]
-
*) Add BSD-style MD5-based passwords to 'openssl passwd' (option '-1').
[Bodo Moeller]
diff --git a/apps/dhparam.c b/apps/dhparam.c
index a928633..a738c5a 100644
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -121,7 +121,6 @@
#include <openssl/dh.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
-#include <openssl/rand.h>
#ifndef NO_DSA
#include <openssl/dsa.h>
@@ -157,7 +156,7 @@
BIO *in=NULL,*out=NULL;
int informat,outformat,check=0,noout=0,C=0,ret=1;
char *infile,*outfile,*prog;
- char *inrand=NULL, *inegd=NULL;
+ char *inrand=NULL;
int num = 0, g = 0;
apps_startup();
@@ -217,11 +216,6 @@
if (--argc < 1) goto bad;
inrand= *(++argv);
}
- else if (strcmp(*argv,"-egd") == 0)
- {
- if (--argc < 1) goto bad;
- inegd= *(++argv);
- }
else if (((sscanf(*argv,"%d",&num) == 0) || (num <= 0)))
goto bad;
argv++;
@@ -247,9 +241,8 @@
BIO_printf(bio_err," -5 generate parameters using 5 as the generator value\n");
BIO_printf(bio_err," numbits number of bits in to generate (default 512)\n");
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
- BIO_printf(bio_err," load the file (or the files in the directory) into\n");
+ BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
- BIO_printf(bio_err," -egd file load random seed from EGD socket\n");
BIO_printf(bio_err," -noout no output\n");
goto end;
}
@@ -278,17 +271,13 @@
if(num) {
- if (!app_RAND_load_file(NULL, bio_err, 1)
- && inrand == NULL && inegd == NULL)
+ if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
{
BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
}
if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
- if (inegd != NULL)
- BIO_printf(bio_err,"%ld egd bytes loaded\n",
- RAND_egd(inegd));
#ifndef NO_DSA
if (dsaparam)
diff --git a/apps/dsaparam.c b/apps/dsaparam.c
index 7e3b12e..a15d6ea 100644
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -69,7 +69,6 @@
#include <openssl/dsa.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
-#include <openssl/rand.h>
#undef PROG
#define PROG dsaparam_main
@@ -95,7 +94,7 @@
int i,badops=0,text=0;
BIO *in=NULL,*out=NULL;
int informat,outformat,noout=0,C=0,ret=1;
- char *infile,*outfile,*prog,*inrand=NULL,*inegd=NULL;
+ char *infile,*outfile,*prog,*inrand=NULL;
int numbits= -1,num,genkey=0;
int need_rand=0;
@@ -150,12 +149,6 @@
inrand= *(++argv);
need_rand=1;
}
- else if (strcmp(*argv,"-egd") == 0)
- {
- if (--argc < 1) goto bad;
- inegd= *(++argv);
- need_rand=1;
- }
else if (strcmp(*argv,"-noout") == 0)
noout=1;
else if (sscanf(*argv,"%d",&num) == 1)
@@ -186,10 +179,7 @@
BIO_printf(bio_err," -text print the key in text\n");
BIO_printf(bio_err," -C Output C code\n");
BIO_printf(bio_err," -noout no output\n");
- BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
- BIO_printf(bio_err," load the file (or the files in the directory) into\n");
- BIO_printf(bio_err," the random number generator\n");
- BIO_printf(bio_err," -egd file load random seed from EGD socket\n");
+ BIO_printf(bio_err," -rand files to use for random number input\n");
BIO_printf(bio_err," number number of bits to use for generating private key\n");
goto end;
}
@@ -227,14 +217,10 @@
if (need_rand)
{
- app_RAND_load_file(NULL, bio_err,
- (inrand != NULL || inegd != NULL));
+ app_RAND_load_file(NULL, bio_err, (inrand != NULL));
if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
- if (inegd != NULL)
- BIO_printf(bio_err,"%ld egd bytes loaded\n",
- RAND_egd(inegd));
}
if (numbits > 0)
diff --git a/apps/gendh.c b/apps/gendh.c
index 5ad55da..caf5e8d 100644
--- a/apps/gendh.c
+++ b/apps/gendh.c
@@ -85,7 +85,7 @@
int ret=1,num=DEFBITS;
int g=2;
char *outfile=NULL;
- char *inrand=NULL,*inegd=NULL;
+ char *inrand=NULL;
BIO *out=NULL;
apps_startup();
@@ -115,11 +115,6 @@
if (--argc < 1) goto bad;
inrand= *(++argv);
}
- else if (strcmp(*argv,"-egd") == 0)
- {
- if (--argc < 1) goto bad;
- inegd= *(++argv);
- }
else
break;
argv++;
@@ -130,13 +125,12 @@
bad:
BIO_printf(bio_err,"usage: gendh [args] [numbits]\n");
BIO_printf(bio_err," -out file - output the key to 'file\n");
- BIO_printf(bio_err," -2 - use 2 as the generator value\n");
- /* BIO_printf(bio_err," -3 - use 3 as the generator value\n"); */
- BIO_printf(bio_err," -5 - use 5 as the generator value\n");
+ BIO_printf(bio_err," -2 use 2 as the generator value\n");
+ /* BIO_printf(bio_err," -3 use 3 as the generator value\n"); */
+ BIO_printf(bio_err," -5 use 5 as the generator value\n");
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
- BIO_printf(bio_err," -egd file - load random seed from EGD socket\n");
goto end;
}
@@ -158,16 +152,13 @@
}
}
- if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL && inegd == NULL)
+ if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
{
BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
}
if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
- if (inegd != NULL)
- BIO_printf(bio_err,"%ld egd bytes loaded\n",
- RAND_egd(inegd));
BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g);
BIO_printf(bio_err,"This is going to take a long time\n");
diff --git a/apps/gendsa.c b/apps/gendsa.c
index dd83d1b..1937613 100644
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -68,7 +68,6 @@
#include <openssl/dsa.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
-#include <openssl/rand.h>
#define DEFBITS 512
#undef PROG
@@ -81,7 +80,7 @@
DSA *dsa=NULL;
int ret=1;
char *outfile=NULL;
- char *inrand=NULL,*inegd=NULL,*dsaparams=NULL;
+ char *inrand=NULL,*dsaparams=NULL;
char *passargout = NULL, *passout = NULL;
BIO *out=NULL,*in=NULL;
EVP_CIPHER *enc=NULL;
@@ -112,11 +111,6 @@
if (--argc < 1) goto bad;
inrand= *(++argv);
}
- else if (strcmp(*argv,"-egd") == 0)
- {
- if (--argc < 1) goto bad;
- inegd= *(++argv);
- }
else if (strcmp(*argv,"-") == 0)
goto bad;
#ifndef NO_DES
@@ -154,7 +148,6 @@
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
- BIO_printf(bio_err," -egd file - load random seed from EGD socket\n");
BIO_printf(bio_err," dsaparam-file\n");
BIO_printf(bio_err," - a DSA parameter file as generated by the dsaparam command\n");
goto end;
@@ -195,16 +188,13 @@
}
}
- if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL && inegd == NULL)
+ if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
{
BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
}
if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
- if (inegd != NULL)
- BIO_printf(bio_err,"%ld egd bytes loaded\n",
- RAND_egd(inegd));
BIO_printf(bio_err,"Generating DSA key, %d bits\n",
BN_num_bits(dsa->p));
diff --git a/apps/genrsa.c b/apps/genrsa.c
index 3a9995b..5cf47e6 100644
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -69,7 +69,6 @@
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
-#include <openssl/rand.h>
#define DEFBITS 512
#undef PROG
@@ -89,7 +88,7 @@
unsigned long f4=RSA_F4;
char *outfile=NULL;
char *passargout = NULL, *passout = NULL;
- char *inrand=NULL,*inegd=NULL;
+ char *inrand=NULL;
BIO *out=NULL;
apps_startup();
@@ -122,11 +121,6 @@
if (--argc < 1) goto bad;
inrand= *(++argv);
}
- else if (strcmp(*argv,"-egd") == 0)
- {
- if (--argc < 1) goto bad;
- inegd= *(++argv);
- }
#ifndef NO_DES
else if (strcmp(*argv,"-des") == 0)
enc=EVP_des_cbc();
@@ -163,7 +157,6 @@
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
- BIO_printf(bio_err," -egd file load random seed from EGD socket\n");
goto err;
}
@@ -185,16 +178,13 @@
}
}
- if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL && inegd == NULL)
+ if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
{
BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
}
if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
- if (inegd != NULL)
- BIO_printf(bio_err,"%ld egd bytes loaded\n",
- RAND_egd(inegd));
BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n",
num);
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 0dab723..3f95894 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -65,7 +65,6 @@
#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/pem.h>
-#include <openssl/rand.h>
#include <openssl/pkcs12.h>
#define PROG pkcs12_main
@@ -117,7 +116,7 @@
char *cpass = NULL, *mpass = NULL;
char *passargin = NULL, *passargout = NULL, *passarg = NULL;
char *passin = NULL, *passout = NULL;
- char *inrand = NULL,*inegd=NULL;
+ char *inrand = NULL;
apps_startup();
@@ -179,11 +178,6 @@
args++;
inrand = *args;
} else badarg = 1;
- } else if (!strcmp (*args, "-egd")) {
- if (args[1]) {
- args++;
- inegd = *args;
- } else badarg = 1;
} else if (!strcmp (*args, "-inkey")) {
if (args[1]) {
args++;
@@ -275,7 +269,6 @@
BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
BIO_printf(bio_err, " the random number generator\n");
- BIO_printf(bio_err, "-egd file load random seed from EGD socket\n");
goto end;
}
@@ -303,13 +296,10 @@
}
if(export_cert || inrand) {
- app_RAND_load_file(NULL, bio_err, (inrand != NULL || inegd != NULL));
+ app_RAND_load_file(NULL, bio_err, (inrand != NULL));
if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
- if (inegd != NULL)
- BIO_printf(bio_err,"%ld egd bytes loaded\n",
- RAND_egd(inegd));
}
ERR_load_crypto_strings();
diff --git a/apps/rand.c b/apps/rand.c
index b0c5092..fa9bc02 100644
--- a/apps/rand.c
+++ b/apps/rand.c
@@ -15,7 +15,6 @@
/* -out file - write to file
* -rand file:file - PRNG seed files
- * -egd file - PRNG seed from EGD named socket
* -base64 - encode output
* num - write 'num' bytes
*/
@@ -27,7 +26,7 @@
int i, r, ret = 1;
int badopt;
char *outfile = NULL;
- char *inrand = NULL,*inegd=NULL;
+ char *inrand = NULL;
int base64 = 0;
BIO *out = NULL;
int num = -1;
@@ -56,13 +55,6 @@
else
badopt = 1;
}
- else if (strcmp(argv[i], "-egd") == 0)
- {
- if ((argv[i+1] != NULL) && (inegd == NULL))
- inegd = argv[++i];
- else
- badopt = 1;
- }
else if (strcmp(argv[i], "-base64") == 0)
{
if (!base64)
@@ -94,18 +86,14 @@
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, "-out file - write to file\n");
BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
- BIO_printf(bio_err, "-egd file - seed PRNG from EGD named socket\n");
BIO_printf(bio_err, "-base64 - encode output\n");
goto err;
}
- app_RAND_load_file(NULL, bio_err, (inrand != NULL || inegd != NULL));
+ app_RAND_load_file(NULL, bio_err, (inrand != NULL));
if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
- if (inegd != NULL)
- BIO_printf(bio_err,"%ld egd bytes loaded\n",
- RAND_egd(inegd));
out = BIO_new(BIO_s_file());
if (out == NULL)
diff --git a/apps/req.c b/apps/req.c
index 55e5334..fd26ed8 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -103,7 +103,6 @@
* -key file - make a request using key in file (or use it for verification).
* -keyform - key file format.
* -rand file(s) - load the file(s) into the PRNG.
- * -egd file - load PRNG seed from EGD named socket.
* -newkey - make a key and a request.
* -modulus - print RSA modulus.
* -x509 - output a self signed X509 structure instead.
@@ -157,7 +156,7 @@
char *req_exts = NULL;
EVP_CIPHER *cipher=NULL;
int modulus=0;
- char *inrand=NULL,*inegd=NULL;
+ char *inrand=NULL;
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
char *p;
@@ -246,11 +245,6 @@
if (--argc < 1) goto bad;
inrand= *(++argv);
}
- else if (strcmp(*argv,"-egd") == 0)
- {
- if (--argc < 1) goto bad;
- inegd= *(++argv);
- }
else if (strcmp(*argv,"-newkey") == 0)
{
int is_numeric;
@@ -387,7 +381,6 @@
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
- BIO_printf(bio_err," -egd file load random seed from EGD socket\n");
BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
@@ -562,9 +555,7 @@
app_RAND_load_file(randfile, bio_err, 0);
if (inrand)
app_RAND_load_files(inrand);
- if (inegd)
- RAND_egd(inegd);
-
+
if (newkey <= 0)
{
newkey=(int)CONF_get_number(req_conf,SECTION,BITS);
diff --git a/apps/smime.c b/apps/smime.c
index f3a1ad5..bb8ecd7 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -63,7 +63,6 @@
#include "apps.h"
#include <openssl/crypto.h>
#include <openssl/pem.h>
-#include <openssl/rand.h>
#include <openssl/err.h>
#undef PROG
@@ -101,7 +100,7 @@
char *to = NULL, *from = NULL, *subject = NULL;
char *CAfile = NULL, *CApath = NULL;
char *passargin = NULL, *passin = NULL;
- char *inrand = NULL,*inegd=NULL;
+ char *inrand = NULL;
int need_rand = 0;
args = argv + 1;
@@ -151,12 +150,6 @@
inrand = *args;
} else badarg = 1;
need_rand = 1;
- } else if (!strcmp(*args,"-egd")) {
- if (args[1]) {
- args++;
- inegd = *args;
- } else badarg = 1;
- need_rand = 1;
} else if (!strcmp(*args,"-passin")) {
if (args[1]) {
args++;
@@ -279,7 +272,6 @@
BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
BIO_printf(bio_err, " the random number generator\n");
- BIO_printf(bio_err, "-egd file load random seed from EGD socket\n");
BIO_printf (bio_err, "cert.pem recipient certificate(s) for encryption\n");
goto end;
}
@@ -290,13 +282,10 @@
}
if (need_rand) {
- app_RAND_load_file(NULL, bio_err, (inrand != NULL || inegd != NULL));
+ app_RAND_load_file(NULL, bio_err, (inrand != NULL));
if (inrand != NULL)
BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
- if (inegd != NULL)
- BIO_printf(bio_err,"%ld egd bytes loaded\n",
- RAND_egd(inegd));
}
ret = 2;
diff --git a/crypto/rand/rand_egd.c b/crypto/rand/rand_egd.c
index ad5385a..02a0d86 100644
--- a/crypto/rand/rand_egd.c
+++ b/crypto/rand/rand_egd.c
@@ -54,7 +54,6 @@
*
*/
-#include <stdlib.h>
#include <openssl/rand.h>
/* Query the EGD <URL: http://www.lothar.com/tech/crypto/>.
@@ -84,17 +83,12 @@
int RAND_egd(const char *path)
{
- const char *s;
int ret = -1;
struct sockaddr_un addr;
int len, num;
int fd = -1;
unsigned char buf[256];
- s=getenv("RANDEGD");
- if (s != NULL)
- path = s;
-
memset(&addr, 0, sizeof(addr));
addr.sun_family = AF_UNIX;
if (strlen(path) > sizeof(addr.sun_path))
@@ -121,17 +115,12 @@
int RAND_egd_bytes(const char *path,int bytes)
{
- const char *s;
int ret = 0;
struct sockaddr_un addr;
int len, num;
int fd = -1;
unsigned char buf[255];
- s=getenv("RANDEGD");
- if (s != NULL)
- path = s;
-
memset(&addr, 0, sizeof(addr));
addr.sun_family = AF_UNIX;
if (strlen(path) > sizeof(addr.sun_path))
