Various randomness handling bugfixes and improvements --

 Changes between 0.9.4 and 0.9.5  [xx XXX 1999]

  *) New file apps/app_rand.c with commonly needed functionality

     for handling the random seed file.

     Use the random seed file in some applications that previously did not:

          ca,

          dsaparam -genkey (which also ignored its `-rand' option), 

          s_client,

          s_server,

          x509 (when signing).

     Except on systems with /dev/urandom, it is crucial to have a random

     seed file at least for key creation, DSA signing, and for DH exchanges;

     for RSA signatures it might not hurt _that_ much not to have one.

     gendh and gendsa (unlike genrsa) used to read only the first byte

     of each file listed in the `-rand' option.  The function as previously

     found in genrsa is now in app_rand.c and is used by all programs

     that support `-rand'.

     [Bodo Moeller]

  *) In RAND_write_file, use mode 0600 for creating files;

     don't just chmod when it may be too late.

     [Bodo Moeller]

  *) Report an error from X509_STORE_load_locations

     when X509_LOOKUP_load_file or X509_LOOKUP_add_dir failed.

     [Bill Perry]

  *) New function ASN1_mbstring_copy() this copies a string in either

     ASCII, Unicode, Universal (4 bytes per character) or UTF8 format

     into an ASN1_STRING type. A mask of permissible types is passed

MAKE=		make -f Makefile.ssl

MAKEDEPEND=	$(TOP)/util/domd $(TOP)

MAKEFILE=	Makefile.ssl

PERL=/usr/local/bin/perl

RM=		rm -f

PEX_LIBS=

A_SRC=apps.c

S_OBJ=	s_cb.o s_socket.o

S_SRC=	s_cb.c s_socket.c

RAND_OBJ=app_rand.o

RAND_SRC=app_rand.c

E_OBJ=	verify.o asn1pars.o req.o dgst.o dh.o enc.o gendh.o errstr.o ca.o \

	pkcs7.o crl2p7.o crl.o \

	rsa.o dsa.o dsaparam.o \

	x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \

	s_time.o $(A_OBJ) $(S_OBJ) version.o sess_id.o \

	s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \

	ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o

#	pem_mail.o

	pkcs7.c crl2p7.c crl.c \

	rsa.c dsa.c dsaparam.c \

	x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \

	s_time.c $(A_SRC) $(S_SRC) version.c sess_id.c \

	s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \

	ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c

#	pem_mail.c

exe:	$(EXE)

req: sreq.o $(A_OBJ) $(DLIBCRYPTO)

	$(CC) -o req $(CFLAG) sreq.o $(A_OBJ) $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)

	$(CC) -o req $(CFLAG) sreq.o $(A_OBJ) $(RAND_OBJ) $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)

sreq.o: req.c 

	$(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c

	$(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)

	@(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; sh tools/c_rehash certs)

progs.h:

	$(PERL) ./progs.pl $(E_EXE) >progs.h

progs.h: progs.pl

	$(PERL) progs.pl $(E_EXE) >progs.h

	$(RM) $(PROGRAM).o

# DO NOT DELETE THIS LINE -- make depend depends on it.

#include <openssl/crypto.h>

#include "progs.h"

int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);

int app_RAND_write_file(const char *file, BIO *bio_e);

/* When `file' is NULL, use defaults.

 * `bio_e' is for error messages. */

void app_RAND_allow_write_file(void);

long app_RAND_load_files(char *file); /* `file' is a list of files to read,

                                       * separated by LIST_SEPARATOR_CHAR

                                       * (see e_os.h).  The string is

                                       * destroyed! */

#ifdef NO_STDIO

BIO_METHOD *BIO_s_file();

#endif

#undef BSIZE

#define BSIZE 256

	MS_STATIC char buf[3][BSIZE];

	char *randfile;

#ifdef EFENCE

EF_PROTECT_FREE=1;

				BIO_free(oid_bio);

				}

			}

		}

		if(!add_oid_section(conf)) {

		if(!add_oid_section(conf)) 

			{

			ERR_print_errors(bio_err);

			goto err;

			}

		}

	randfile = CONF_get_string(conf, BASE_SECTION, "RANDFILE");

	app_RAND_load_file(randfile, bio_err, 0);

	in=BIO_new(BIO_s_file());

	out=BIO_new(BIO_s_file());

	sk_pop_free(cert_sk,X509_free);

	if (ret) ERR_print_errors(bio_err);

	app_RAND_write_file(randfile, bio_err);

	BN_free(serial);

	TXT_DB_free(db);

	EVP_PKEY_free(pkey);

 */

#ifndef NO_DSA

#include <assert.h>

#include <stdio.h>

#include <stdlib.h>

#include <time.h>

#include <openssl/bio.h>

#include <openssl/err.h>

#include <openssl/bn.h>

#include <openssl/rand.h>

#include <openssl/dsa.h>

#include <openssl/x509.h>

#include <openssl/pem.h>

	int informat,outformat,noout=0,C=0,ret=1;

	char *infile,*outfile,*prog,*inrand=NULL;

	int numbits= -1,num,genkey=0;

	char buffer[200],*randfile=NULL;

	int need_rand=0;

	apps_startup();

		else if (strcmp(*argv,"-C") == 0)

			C=1;

		else if (strcmp(*argv,"-genkey") == 0)

			{

			genkey=1;

			need_rand=1;

			}

		else if (strcmp(*argv,"-rand") == 0)

			{

			if (--argc < 1) goto bad;

			inrand= *(++argv);

			need_rand=1;

			}

		else if (strcmp(*argv,"-noout") == 0)

			noout=1;

			{

			/* generate a key */

			numbits=num;

			need_rand=1;

			}

		else

			{

			}

		}

	if (numbits > 0)

	if (need_rand)

		{

		randfile=RAND_file_name(buffer,200);

		RAND_load_file(randfile,1024L*1024L);

		app_RAND_load_file(NULL, bio_err, (inrand != NULL));

		if (inrand != NULL)

			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",

				app_RAND_load_files(inrand));

		}

	if (numbits > 0)

		{

		assert(need_rand);

		BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);

	        BIO_printf(bio_err,"This could take some time\n");

	        dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL,

		{

		DSA *dsakey;

		assert(need_rand);

		if ((dsakey=DSAparams_dup(dsa)) == NULL) goto end;

		if (!DSA_generate_key(dsakey)) goto end;

		if 	(outformat == FORMAT_ASN1)

			}

		DSA_free(dsakey);

		}

	if (need_rand)

		app_RAND_write_file(NULL, bio_err);

	ret=0;

end:

	if (in != NULL) BIO_free(in);