From 0ee5bf050a9a673d61485426ce62c8efcbb7bcc6 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Sun, 22 May 2016 17:34:56 +0200
Subject: genkeypair, gendhparam: use -rand /dev/urandom when generating keys
 or DH parameters.

---
 roles/common/files/usr/local/bin/gendhparam.sh | 2 +-
 roles/common/files/usr/local/bin/genkeypair.sh | 3 +--
 2 files changed, 2 insertions(+), 3 deletions(-)

(limited to 'roles')

diff --git a/roles/common/files/usr/local/bin/gendhparam.sh b/roles/common/files/usr/local/bin/gendhparam.sh
index a82a8a5..a94175a 100755
--- a/roles/common/files/usr/local/bin/gendhparam.sh
+++ b/roles/common/files/usr/local/bin/gendhparam.sh
@@ -7,4 +7,4 @@ out="$1"
 bits="${2:-2048}"
 
 install --mode=0644 /dev/null "$out"
-openssl dhparam "$bits" >"$out"
+openssl dhparam -rand /dev/urandom "$bits" >"$out"
diff --git a/roles/common/files/usr/local/bin/genkeypair.sh b/roles/common/files/usr/local/bin/genkeypair.sh
index 53cc050..45e2181 100755
--- a/roles/common/files/usr/local/bin/genkeypair.sh
+++ b/roles/common/files/usr/local/bin/genkeypair.sh
@@ -38,7 +38,6 @@ usage=
 mode=
 owner=
 group=
-rand=
 
 usage() {
     cat >&2 <<- EOF
@@ -185,7 +184,7 @@ if [ -s "$privkey" -a $force -eq 0 ]; then
     exit 1
 elif [ ! -s "$privkey" -o $force -ge 2 ]; then
     install --mode="${mode:-0600}" ${owner:+--owner="$owner"} ${group:+--group="$group"} /dev/null "$privkey" || exit 2
-    openssl $genkey -rand "${rand:-/dev/urandom}" $genkeyargs >"$privkey" || exit 2
+    openssl $genkey -rand /dev/urandom $genkeyargs >"$privkey" || exit 2
     [ "$cmd" = dkim ] && { dkiminfo; exit; }
 fi
 
-- 
cgit v1.2.3