Various randomness handling bugfixes and improvements --

some utilities that should have used RANDFILE did not,
and -rand handling was broken except in genrsa.

CHANGES

@@ -4,6 +4,33 @@
 
  Changes between 0.9.4 and 0.9.5  [xx XXX 1999]
 
+  *) New file apps/app_rand.c with commonly needed functionality
+     for handling the random seed file.
+
+     Use the random seed file in some applications that previously did not:
+          ca,
+          dsaparam -genkey (which also ignored its `-rand' option), 
+          s_client,
+          s_server,
+          x509 (when signing).
+     Except on systems with /dev/urandom, it is crucial to have a random
+     seed file at least for key creation, DSA signing, and for DH exchanges;
+     for RSA signatures it might not hurt _that_ much not to have one.
+
+     gendh and gendsa (unlike genrsa) used to read only the first byte
+     of each file listed in the `-rand' option.  The function as previously
+     found in genrsa is now in app_rand.c and is used by all programs
+     that support `-rand'.
+     [Bodo Moeller]
+
+  *) In RAND_write_file, use mode 0600 for creating files;
+     don't just chmod when it may be too late.
+     [Bodo Moeller]
+
+  *) Report an error from X509_STORE_load_locations
+     when X509_LOOKUP_load_file or X509_LOOKUP_add_dir failed.
+     [Bill Perry]
+
   *) New function ASN1_mbstring_copy() this copies a string in either
      ASCII, Unicode, Universal (4 bytes per character) or UTF8 format
      into an ASN1_STRING type. A mask of permissible types is passed

apps/Makefile.ssl

@@ -13,6 +13,7 @@ OPENSSLDIR=	/usr/local/ssl
 MAKE=		make -f Makefile.ssl
 MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=	Makefile.ssl
+PERL=/usr/local/bin/perl
 RM=		rm -f
 
 PEX_LIBS=
@@ -45,12 +46,14 @@ A_OBJ=apps.o
 A_SRC=apps.c
 S_OBJ=	s_cb.o s_socket.o
 S_SRC=	s_cb.c s_socket.c
+RAND_OBJ=app_rand.o
+RAND_SRC=app_rand.c
 
 E_OBJ=	verify.o asn1pars.o req.o dgst.o dh.o enc.o gendh.o errstr.o ca.o \
 	pkcs7.o crl2p7.o crl.o \
 	rsa.o dsa.o dsaparam.o \
 	x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \
-	s_time.o $(A_OBJ) $(S_OBJ) version.o sess_id.o \
+	s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \
 	ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o
 
 #	pem_mail.o
@@ -59,7 +62,7 @@ E_SRC=	verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c \
 	pkcs7.c crl2p7.c crl.c \
 	rsa.c dsa.c dsaparam.c \
 	x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \
-	s_time.c $(A_SRC) $(S_SRC) version.c sess_id.c \
+	s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \
 	ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c
 
 #	pem_mail.c
@@ -81,7 +84,7 @@ all:	exe
 exe:	$(EXE)
 
 req: sreq.o $(A_OBJ) $(DLIBCRYPTO)
-	$(CC) -o req $(CFLAG) sreq.o $(A_OBJ) $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	$(CC) -o req $(CFLAG) sreq.o $(A_OBJ) $(RAND_OBJ) $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
 sreq.o: req.c 
 	$(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c
@@ -138,8 +141,8 @@ $(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
 	$(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
 	@(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; sh tools/c_rehash certs)
 
-progs.h:
-	$(PERL) ./progs.pl $(E_EXE) >progs.h
+progs.h: progs.pl
+	$(PERL) progs.pl $(E_EXE) >progs.h
 	$(RM) $(PROGRAM).o
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.

apps/apps.h

@@ -66,6 +66,16 @@
 #include <openssl/crypto.h>
 #include "progs.h"
 
+int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
+int app_RAND_write_file(const char *file, BIO *bio_e);
+/* When `file' is NULL, use defaults.
+ * `bio_e' is for error messages. */
+void app_RAND_allow_write_file(void);
+long app_RAND_load_files(char *file); /* `file' is a list of files to read,
+                                       * separated by LIST_SEPARATOR_CHAR
+                                       * (see e_os.h).  The string is
+                                       * destroyed! */
+
 #ifdef NO_STDIO
 BIO_METHOD *BIO_s_file();
 #endif

apps/ca.c

@@ -266,6 +266,7 @@ int MAIN(int argc, char **argv)
 #undef BSIZE
 #define BSIZE 256
 	MS_STATIC char buf[3][BSIZE];
+	char *randfile;
 
 #ifdef EFENCE
 EF_PROTECT_FREE=1;
@@ -495,12 +496,16 @@ EF_ALIGNMENT=0;
 				BIO_free(oid_bio);
 				}
 			}
-		}
-		if(!add_oid_section(conf)) {
+		if(!add_oid_section(conf)) 
+			{
 			ERR_print_errors(bio_err);
 			goto err;
+			}
 		}
 
+	randfile = CONF_get_string(conf, BASE_SECTION, "RANDFILE");
+	app_RAND_load_file(randfile, bio_err, 0);
+
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
 	Sout=BIO_new(BIO_s_file());
@@ -1236,6 +1241,7 @@ EF_ALIGNMENT=0;
 	sk_pop_free(cert_sk,X509_free);
 
 	if (ret) ERR_print_errors(bio_err);
+	app_RAND_write_file(randfile, bio_err);
 	BN_free(serial);
 	TXT_DB_free(db);
 	EVP_PKEY_free(pkey);

apps/dsaparam.c

@@ -57,6 +57,7 @@
  */
 
 #ifndef NO_DSA
+#include <assert.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <time.h>
@@ -65,7 +66,6 @@
 #include <openssl/bio.h>
 #include <openssl/err.h>
 #include <openssl/bn.h>
-#include <openssl/rand.h>
 #include <openssl/dsa.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
@@ -93,7 +93,7 @@ int MAIN(int argc, char **argv)
 	int informat,outformat,noout=0,C=0,ret=1;
 	char *infile,*outfile,*prog,*inrand=NULL;
 	int numbits= -1,num,genkey=0;
-	char buffer[200],*randfile=NULL;
+	int need_rand=0;
 
 	apps_startup();
 
@@ -136,18 +136,23 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"-C") == 0)
 			C=1;
 		else if (strcmp(*argv,"-genkey") == 0)
+			{
 			genkey=1;
+			need_rand=1;
+			}
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
 			inrand= *(++argv);
+			need_rand=1;
 			}
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
 		else if (sscanf(*argv,"%d",&num) == 1)
 			{
 			/* generate a key */
 			numbits=num;
+			need_rand=1;
 			}
 		else
 			{
@@ -207,11 +212,17 @@ int MAIN(int argc, char **argv)
 			}
 		}
 
-	if (numbits > 0)
+	if (need_rand)
 		{
-		randfile=RAND_file_name(buffer,200);
-		RAND_load_file(randfile,1024L*1024L);
+		app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+		if (inrand != NULL)
+			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+				app_RAND_load_files(inrand));
+		}
 
+	if (numbits > 0)
+		{
+		assert(need_rand);
 		BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
 	        BIO_printf(bio_err,"This could take some time\n");
 	        dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL,
@@ -316,6 +327,7 @@ int MAIN(int argc, char **argv)
 		{
 		DSA *dsakey;
 
+		assert(need_rand);
 		if ((dsakey=DSAparams_dup(dsa)) == NULL) goto end;
 		if (!DSA_generate_key(dsakey)) goto end;
 		if 	(outformat == FORMAT_ASN1)
@@ -328,6 +340,8 @@ int MAIN(int argc, char **argv)
 			}
 		DSA_free(dsakey);
 		}
+	if (need_rand)
+		app_RAND_write_file(NULL, bio_err);
 	ret=0;
 end:
 	if (in != NULL) BIO_free(in);

apps/gendh.c

@@ -75,15 +75,14 @@
 #define PROG gendh_main
 
 static void MS_CALLBACK dh_cb(int p, int n, void *arg);
-static long dh_load_rand(char *names);
 int MAIN(int argc, char **argv)
 	{
 	char buffer[200];
 	DH *dh=NULL;
 	int ret=1,num=DEFBITS;
 	int g=2;
 	char *outfile=NULL;
-	char *inrand=NULL,*randfile;
+	char *inrand=NULL;
 	BIO *out=NULL;
 
 	apps_startup();
@@ -150,28 +149,21 @@ int MAIN(int argc, char **argv)
 			}
 		}
 
-	randfile=RAND_file_name(buffer,200);
-	if ((randfile == NULL)|| !RAND_load_file(randfile,1024L*1024L))
-		BIO_printf(bio_err,"unable to load 'random state'\n");
-
-	if (inrand == NULL)
-		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
-	else
+	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
 		{
-		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
-			dh_load_rand(inrand));
+		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
 		}
+	if (inrand != NULL)
+		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+			app_RAND_load_files(inrand));
 
 	BIO_printf(bio_err,"Generating DH parameters, %d bit long strong prime, generator of %d\n",num,g);
 	BIO_printf(bio_err,"This is going to take a long time\n");
 	dh=DH_generate_parameters(num,g,dh_cb,bio_err);
 
 	if (dh == NULL) goto end;
 
-	if (randfile == NULL)
-		BIO_printf(bio_err,"unable to write 'random state'\n");
-	else
-		RAND_write_file(randfile);
+	app_RAND_write_file(NULL, bio_err);
 
 	if (!PEM_write_bio_DHparams(out,dh))
 		goto end;
@@ -198,26 +190,4 @@ static void MS_CALLBACK dh_cb(int p, int n, void *arg)
 	p=n;
 #endif
 	}
-
-static long dh_load_rand(char *name)
-	{
-	char *p,*n;
-	int last;
-	long tot=0;
-
-	for (;;)
-		{
-		last=0;
-		for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++);
-		if (*p == '\0') last=1;
-		*p='\0';
-		n=name;
-		name=p+1;
-		if (*n == '\0') break;
-
-		tot+=RAND_load_file(n,1);
-		if (last) break;
-		}
-	return(tot);
-	}
 #endif

apps/gendsa.c

@@ -63,7 +63,6 @@
 #include <sys/stat.h>
 #include "apps.h"
 #include <openssl/bio.h>
-#include <openssl/rand.h>
 #include <openssl/err.h>
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
@@ -74,14 +73,12 @@
 #undef PROG
 #define PROG gendsa_main
 
-static long dsa_load_rand(char *names);
 int MAIN(int argc, char **argv)
 	{
-	char buffer[200];
 	DSA *dsa=NULL;
 	int ret=1;
 	char *outfile=NULL;
-	char *inrand=NULL,*randfile,*dsaparams=NULL;
+	char *inrand=NULL,*dsaparams=NULL;
 	BIO *out=NULL,*in=NULL;
 	EVP_CIPHER *enc=NULL;
 
@@ -176,26 +173,19 @@ int MAIN(int argc, char **argv)
 			}
 		}
 
-	randfile=RAND_file_name(buffer,200);
-	if ((randfile == NULL)|| !RAND_load_file(randfile,1024L*1024L))
-		BIO_printf(bio_err,"unable to load 'random state'\n");
-
-	if (inrand == NULL)
-		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
-	else
+	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
 		{
-		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
-			dsa_load_rand(inrand));
+		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
 		}
+	if (inrand != NULL)
+		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+			app_RAND_load_files(inrand));
 
 	BIO_printf(bio_err,"Generating DSA key, %d bits\n",
 							BN_num_bits(dsa->p));
 	if (!DSA_generate_key(dsa)) goto end;
 
-	if (randfile == NULL)
-		BIO_printf(bio_err,"unable to write 'random state'\n");
-	else
-		RAND_write_file(randfile);
+	app_RAND_write_file(NULL, bio_err);
 
 	if (!PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL,NULL))
 		goto end;
@@ -207,26 +197,4 @@ int MAIN(int argc, char **argv)
 	if (dsa != NULL) DSA_free(dsa);
 	EXIT(ret);
 	}
-
-static long dsa_load_rand(char *name)
-	{
-	char *p,*n;
-	int last;
-	long tot=0;
-
-	for (;;)
-		{
-		last=0;
-		for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++);
-		if (*p == '\0') last=1;
-		*p='\0';
-		n=name;
-		name=p+1;
-		if (*n == '\0') break;
-
-		tot+=RAND_load_file(n,1);
-		if (last) break;
-		}
-	return(tot);
-	}
 #endif