From 0ee5bf050a9a673d61485426ce62c8efcbb7bcc6 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Sun, 22 May 2016 17:34:56 +0200 Subject: genkeypair, gendhparam: use -rand /dev/urandom when generating keys or DH parameters. --- roles/common/files/usr/local/bin/gendhparam.sh | 2 +- roles/common/files/usr/local/bin/genkeypair.sh | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) (limited to 'roles') diff --git a/roles/common/files/usr/local/bin/gendhparam.sh b/roles/common/files/usr/local/bin/gendhparam.sh index a82a8a5..a94175a 100755 --- a/roles/common/files/usr/local/bin/gendhparam.sh +++ b/roles/common/files/usr/local/bin/gendhparam.sh @@ -7,4 +7,4 @@ out="$1" bits="${2:-2048}" install --mode=0644 /dev/null "$out" -openssl dhparam "$bits" >"$out" +openssl dhparam -rand /dev/urandom "$bits" >"$out" diff --git a/roles/common/files/usr/local/bin/genkeypair.sh b/roles/common/files/usr/local/bin/genkeypair.sh index 53cc050..45e2181 100755 --- a/roles/common/files/usr/local/bin/genkeypair.sh +++ b/roles/common/files/usr/local/bin/genkeypair.sh @@ -38,7 +38,6 @@ usage= mode= owner= group= -rand= usage() { cat >&2 <<- EOF @@ -185,7 +184,7 @@ if [ -s "$privkey" -a $force -eq 0 ]; then exit 1 elif [ ! -s "$privkey" -o $force -ge 2 ]; then install --mode="${mode:-0600}" ${owner:+--owner="$owner"} ${group:+--group="$group"} /dev/null "$privkey" || exit 2 - openssl $genkey -rand "${rand:-/dev/urandom}" $genkeyargs >"$privkey" || exit 2 + openssl $genkey -rand /dev/urandom $genkeyargs >"$privkey" || exit 2 [ "$cmd" = dkim ] && { dkiminfo; exit; } fi -- cgit v1.2.3