Remove genrandom command and all usage of specific random files throughout the system test suite

bin/confgen/ddns-confgen.docbook

@@ -46,7 +46,6 @@
       <command>tsig-keygen</command>
       <arg choice="opt" rep="norepeat"><option>-a <replaceable class="parameter">algorithm</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-h</option></arg>
-      <arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">randomfile</replaceable></option></arg>
       <arg choice="opt" rep="norepeat">name</arg>
     </cmdsynopsis>
     <cmdsynopsis sepchar=" ">
@@ -157,23 +156,6 @@
 	</listitem>
       </varlistentry>
 
-      <varlistentry>
-	<term>-r <replaceable class="parameter">randomfile</replaceable></term>
-	<listitem>
-	  <para>
-            Specifies a source of random data for generating the
-            authorization.  If the operating system does not provide a
-            <filename>/dev/random</filename> or equivalent device, the
-            default source of randomness is keyboard input.
-            <filename>randomdev</filename> specifies the name of a
-            character device or file containing random data to be used
-            instead of the default.  The special value
-            <filename>keyboard</filename> indicates that keyboard input
-            should be used.
-	  </para>
-	</listitem>
-      </varlistentry>
-
       <varlistentry>
 	<term>-s <replaceable class="parameter">name</replaceable></term>
 	<listitem>

bin/confgen/rndc-confgen.docbook

@@ -58,7 +58,6 @@
       <arg choice="opt" rep="norepeat"><option>-h</option></arg>
       <arg choice="opt" rep="norepeat"><option>-k <replaceable class="parameter">keyname</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-p <replaceable class="parameter">port</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">randomfile</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-s <replaceable class="parameter">address</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">chrootdir</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-u <replaceable class="parameter">user</replaceable></option></arg>
@@ -191,24 +190,6 @@
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term>-r <replaceable class="parameter">randomfile</replaceable></term>
-        <listitem>
-          <para>
-            Specifies a source of random data for generating the
-            authorization.  If the operating
-            system does not provide a <filename>/dev/random</filename>
-            or equivalent device, the default source of randomness
-            is keyboard input.  <filename>randomdev</filename>
-            specifies
-            the name of a character device or file containing random
-            data to be used instead of the default.  The special value
-            <filename>keyboard</filename> indicates that keyboard
-            input should be used.
-          </para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term>-s <replaceable class="parameter">address</replaceable></term>
         <listitem>

bin/dnssec/dnssec-keygen.c

@@ -120,7 +120,6 @@ usage(void) {
 			"(DH only)\n");
 	fprintf(stderr, "    -L <ttl>: default key TTL\n");
 	fprintf(stderr, "    -p <protocol>: (default: 3 [dnssec])\n");
-	fprintf(stderr, "    -r <randomdev>: DEPRECATED and ignored\n");
 	fprintf(stderr, "    -s <strength>: strength value this key signs DNS "
 			"records with (default: 0)\n");
 	fprintf(stderr, "    -T <rrtype>: DNSKEY | KEY (default: DNSKEY; "

bin/dnssec/dnssec-keygen.docbook

@@ -81,7 +81,6 @@
       <arg choice="opt" rep="norepeat"><option>-p <replaceable class="parameter">protocol</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-q</option></arg>
       <arg choice="opt" rep="norepeat"><option>-R <replaceable class="parameter">date/offset</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">randomdev</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-S <replaceable class="parameter">key</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-s <replaceable class="parameter">strength</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">type</replaceable></option></arg>
@@ -349,31 +348,6 @@
 	</listitem>
       </varlistentry>
 
-      <varlistentry>
-	<term>-r <replaceable class="parameter">randomdev</replaceable></term>
-	<listitem>
-	  <para>
-	    Specifies a source of randomness.  Normally, when generating
-	    DNSSEC keys, this option has no effect; the random number
-	    generation function provided by the cryptographic library will
-	    be used.
-	  </para>
-	  <para>
-	    If that behavior is disabled at compile time, however,
-	    the specified file will be used as entropy source
-	    for key generation.  <filename>randomdev</filename> is
-	    the name of a character device or file containing random
-	    data to be used.  The special value <filename>keyboard</filename>
-	    indicates that keyboard input should be used.
-	  </para>
-	  <para>
-	    The default is <filename>/dev/random</filename> if the
-	    operating system provides it or an equivalent device;
-	    if not, the default source of randomness is keyboard input.
-	  </para>
-	</listitem>
-      </varlistentry>
-
       <varlistentry>
 	<term>-S <replaceable class="parameter">key</replaceable></term>
 	<listitem>

bin/dnssec/dnssec-signzone.c

@@ -3053,8 +3053,6 @@ usage(void) {
 	fprintf(stderr, "\t\tsoa serial format of signed zone file (keep)\n");
 	fprintf(stderr, "\t-D:\n");
 	fprintf(stderr, "\t\toutput only DNSSEC-related records\n");
-	fprintf(stderr, "\t-r randomdev:\n");
-	fprintf(stderr,	"\t\ta file containing random data\n");
 	fprintf(stderr, "\t-a:\t");
 	fprintf(stderr, "verify generated signatures\n");
 	fprintf(stderr, "\t-c class (IN)\n");

bin/dnssec/dnssec-signzone.docbook

@@ -78,10 +78,8 @@
       <arg choice="opt" rep="norepeat"><option>-o <replaceable class="parameter">origin</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-O <replaceable class="parameter">output-format</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-P</option></arg>
-      <arg choice="opt" rep="norepeat"><option>-p</option></arg>
       <arg choice="opt" rep="norepeat"><option>-Q</option></arg>
       <arg choice="opt" rep="norepeat"><option>-R</option></arg>
-      <arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">randomdev</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-S</option></arg>
       <arg choice="opt" rep="norepeat"><option>-s <replaceable class="parameter">start-time</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-T <replaceable class="parameter">ttl</replaceable></option></arg>
@@ -508,18 +506,6 @@
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term>-p</term>
-        <listitem>
-          <para>
-            Use pseudo-random data when signing the zone.  This is faster,
-            but less secure, than using real random data.  This option
-            may be useful when signing large zones or when the entropy
-            source is limited.
-          </para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term>-P</term>
         <listitem>
@@ -571,23 +557,6 @@
           </para>
         </listitem>
       </varlistentry>
-      <varlistentry>
-        <term>-r <replaceable class="parameter">randomdev</replaceable></term>
-        <listitem>
-          <para>
-            Specifies the source of randomness.  If the operating
-            system does not provide a <filename>/dev/random</filename>
-            or equivalent device, the default source of randomness
-            is keyboard input.  <filename>randomdev</filename>
-            specifies
-            the name of a character device or file containing random
-            data to be used instead of the default.  The special value
-            <filename>keyboard</filename> indicates that keyboard
-            input should be used.
-          </para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term>-S</term>
         <listitem>

bin/nsupdate/nsupdate.docbook

@@ -70,7 +70,6 @@
       <arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">timeout</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-u <replaceable class="parameter">udptimeout</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">udpretries</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-R <replaceable class="parameter">randomdev</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-v</option></arg>
       <arg choice="opt" rep="norepeat"><option>-T</option></arg>
       <arg choice="opt" rep="norepeat"><option>-P</option></arg>
@@ -269,22 +268,6 @@
 	</listitem>
       </varlistentry>
 
-      <varlistentry>
-	<term>-R <replaceable class="parameter">randomdev</replaceable></term>
-	<listitem>
-	<para>
-	  Where to obtain randomness. If the operating system
-	  does not provide a <filename>/dev/random</filename> or
-	  equivalent device, the default source of randomness is keyboard
-	  input.  <filename>randomdev</filename> specifies the name of
-	  a character device or file containing random data to be used
-	  instead of the default.  The special value
-	  <filename>keyboard</filename> indicates that keyboard input
-	  should be used.  This option may be specified multiple times.
-	</para>
-	</listitem>
-      </varlistentry>
-
       <varlistentry>
 	<term>-t <replaceable class="parameter">timeout</replaceable></term>
 	<listitem>

bin/python/dnssec-keymgr.docbook

@@ -49,7 +49,6 @@
       <arg choice="opt" rep="norepeat"><option>-v</option></arg>
       <arg choice="opt" rep="norepeat"><option>-z</option></arg>
       <arg choice="opt" rep="norepeat"><option>-g <replaceable class="parameter">path</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">path</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-s <replaceable class="parameter">path</replaceable></option></arg>
       <arg choice="opt" rep="repeat">zone</arg>
     </cmdsynopsis>
@@ -187,18 +186,6 @@
 	</listitem>
       </varlistentry>
 
-      <varlistentry>
-	<term>-r <replaceable class="parameter">randomdev</replaceable></term>
-	<listitem>
-	  <para>
-	    Specifies a path to a file containing random data.
-	    This is passed to the <command>dnssec-keygen</command> binary
-	    using its <option>-r</option> option.
-<!-- TODO: what to do about "-r keyboard"? -->
-	  </para>
-	</listitem>
-      </varlistentry>
-
       <varlistentry>
 	<term>-s <replaceable class="parameter">settime-path</replaceable></term>
 	<listitem>

bin/python/isc/keymgr.py.in

@@ -76,7 +76,7 @@ def parse_args():
                         help='Path to \'dnssec-keygen\'',
                         metavar='path')
     parser.add_argument('-r', dest='randomdev', type=str, default=None,
-                        help='Path to a file containing random data to pass to \'dnssec-keygen\'',
+                        help='DEPRECATED',
                         metavar='path')
     parser.add_argument('-s', dest='settime', default=settime, type=str,
                         help='Path to \'dnssec-settime\'',
@@ -97,6 +97,9 @@ def parse_args():
 
     args = parser.parse_args()
 
+    if args.randomdev:
+        fatal("ERROR: -r option has been deprecated.")
+    
     if args.no_zsk and args.no_ksk:
         fatal("ERROR: -z and -k cannot be used together.")
 

bin/tests/.gitignore

@@ -1,5 +1,4 @@
 .libs
-genrandom
 headerdep_test.sh
 nxtify
 sdig

bin/tests/system/autosign/ns1/keygen.sh

@@ -20,18 +20,18 @@ infile=root.db.in
 
 cat $infile ../ns2/dsset-example$TP > $zonefile
 
-zskact=`$KEYGEN -3 -a RSASHA1 -q -r $RANDFILE $zone`
+zskact=`$KEYGEN -3 -a RSASHA1 -q $zone`
-zskvanish=`$KEYGEN -3 -a RSASHA1 -q -r $RANDFILE $zone`
+zskvanish=`$KEYGEN -3 -a RSASHA1 -q $zone`
-zskdel=`$KEYGEN -3 -a RSASHA1 -q -r $RANDFILE -D now $zone`
+zskdel=`$KEYGEN -3 -a RSASHA1 -q -D now $zone`
-zskinact=`$KEYGEN -3 -a RSASHA1 -q -r $RANDFILE -I now $zone`
+zskinact=`$KEYGEN -3 -a RSASHA1 -q -I now $zone`
-zskunpub=`$KEYGEN -3 -a RSASHA1 -q -r $RANDFILE -G $zone`
+zskunpub=`$KEYGEN -3 -a RSASHA1 -q -G $zone`
-zsksby=`$KEYGEN -3 -a RSASHA1 -q -r $RANDFILE -A none $zone`
+zsksby=`$KEYGEN -3 -a RSASHA1 -q -A none $zone`
-zskactnowpub1d=`$KEYGEN -3 -a RSASHA1 -q -r $RANDFILE -A now -P +1d $zone`
+zskactnowpub1d=`$KEYGEN -3 -a RSASHA1 -q -A now -P +1d $zone`
-zsknopriv=`$KEYGEN -3 -a RSASHA1 -q -r $RANDFILE $zone`
+zsknopriv=`$KEYGEN -3 -a RSASHA1 -q $zone`
 rm $zsknopriv.private
 
-ksksby=`$KEYGEN -3 -a RSASHA1 -q -r $RANDFILE -P now -A now+15s -fk $zone`
+ksksby=`$KEYGEN -3 -a RSASHA1 -q -P now -A now+15s -fk $zone`
-kskrev=`$KEYGEN -3 -a RSASHA1 -q -r $RANDFILE -R now+15s -fk $zone`
+kskrev=`$KEYGEN -3 -a RSASHA1 -q -R now+15s -fk $zone`
 
 cat $ksksby.key | grep -v '^; ' | $PERL -n -e '
 local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;

bin/tests/system/autosign/ns2/keygen.sh

@@ -26,16 +26,16 @@ zonefile="${zone}.db"
 infile="${zonefile}.in"
 cat $infile dsset-*.example$TP > $zonefile
 
-kskname=`$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE -fk $zone`
+kskname=`$KEYGEN -a RSASHA1 -3 -q -fk $zone`
-$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE $zone > /dev/null
+$KEYGEN -a RSASHA1 -3 -q $zone > /dev/null
 $DSFROMKEY $kskname.key > dsset-${zone}$TP
 
 # Create keys for a private secure zone.
 zone=private.secure.example
 zonefile="${zone}.db"
 infile="${zonefile}.in"
-ksk=`$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE -fk $zone`
+ksk=`$KEYGEN -a RSASHA1 -3 -q -fk $zone`
-$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE $zone > /dev/null
+$KEYGEN -a RSASHA1 -3 -q $zone > /dev/null
 cat $ksk.key | grep -v '^; ' | $PERL -n -e '
 local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
 local $key = join("", @rest);
@@ -58,5 +58,5 @@ for i in Xbar.+005+30676.key Xbar.+005+30804.key Xbar.+005+30676.private \
 do
 	cp $i `echo $i | sed s/X/K/`
 done
-$KEYGEN -a RSASHA1 -q -r $RANDFILE $zone > /dev/null
+$KEYGEN -a RSASHA1 -q $zone > /dev/null
 $DSFROMKEY Kbar.+005+30804.key > dsset-bar$TP

bin/tests/system/autosign/ns3/keygen.sh

@@ -30,8 +30,8 @@ setup () {
 
 setup secure.example
 cp $infile $zonefile
-ksk=`$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
+ksk=`$KEYGEN -a RSASHA1 -3 -q -fk $zone 2> kg.out` || dumpit kg.out
-$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -a RSASHA1 -3 -q $zone > kg.out 2>&1 || dumpit kg.out
 $DSFROMKEY $ksk.key > dsset-${zone}$TP
 
 #
@@ -39,8 +39,8 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
 #
 setup secure.nsec3.example
 cp $infile $zonefile
-ksk=`$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
+ksk=`$KEYGEN -q -a RSASHA1 -3 -fk $zone 2> kg.out` || dumpit kg.out
-$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -q -a RSASHA1 -3 $zone > kg.out 2>&1 || dumpit kg.out
 $DSFROMKEY $ksk.key > dsset-${zone}$TP
 
 #
@@ -48,8 +48,8 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
 #
 setup nsec3.nsec3.example
 cp $infile $zonefile
-ksk=`$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
+ksk=`$KEYGEN -q -a RSASHA1 -3 -fk $zone 2> kg.out` || dumpit kg.out
-$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -q -a RSASHA1 -3 $zone > kg.out 2>&1 || dumpit kg.out
 $DSFROMKEY $ksk.key > dsset-${zone}$TP
 
 #
@@ -57,8 +57,8 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
 #
 setup optout.nsec3.example
 cp $infile $zonefile
-ksk=`$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
+ksk=`$KEYGEN -q -a RSASHA1 -3 -fk $zone 2> kg.out` || dumpit kg.out
-$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -q -a RSASHA1 -3 $zone > kg.out 2>&1 || dumpit kg.out
 $DSFROMKEY $ksk.key > dsset-${zone}$TP
 
 #
@@ -66,8 +66,8 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
 #
 setup nsec3.example
 cat $infile dsset-*.${zone}$TP > $zonefile
-ksk=`$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
+ksk=`$KEYGEN -q -a RSASHA1 -3 -fk $zone 2> kg.out` || dumpit kg.out
-$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -q -a RSASHA1 -3 $zone > kg.out 2>&1 || dumpit kg.out
 $DSFROMKEY $ksk.key > dsset-${zone}$TP
 
 #
@@ -75,9 +75,9 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
 #
 setup autonsec3.example
 cat $infile > $zonefile
-ksk=`$KEYGEN -G -q -a RSASHA1 -3 -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
+ksk=`$KEYGEN -G -q -a RSASHA1 -3 -fk $zone 2> kg.out` || dumpit kg.out
 echo $ksk > ../autoksk.key
-zsk=`$KEYGEN -G -q -a RSASHA1 -3 -r $RANDFILE $zone 2> kg.out` || dumpit kg.out
+zsk=`$KEYGEN -G -q -a RSASHA1 -3 $zone 2> kg.out` || dumpit kg.out
 echo $zsk > ../autozsk.key
 $DSFROMKEY $ksk.key > dsset-${zone}$TP
 
@@ -86,8 +86,8 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
 #
 setup secure.optout.example
 cp $infile $zonefile
-ksk=`$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
+ksk=`$KEYGEN -q -a RSASHA1 -3 -fk $zone 2> kg.out` || dumpit kg.out
-$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -q -a RSASHA1 -3 $zone > kg.out 2>&1 || dumpit kg.out
 $DSFROMKEY $ksk.key > dsset-${zone}$TP
 
 #
@@ -95,8 +95,8 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
 #
 setup nsec3.optout.example
 cp $infile $zonefile
-ksk=`$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
+ksk=`$KEYGEN -q -a RSASHA1 -3 -fk $zone 2> kg.out` || dumpit kg.out
-$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -q -a RSASHA1 -3 $zone > kg.out 2>&1 || dumpit kg.out
 $DSFROMKEY $ksk.key > dsset-${zone}$TP
 
 #
@@ -104,8 +104,8 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
 #
 setup optout.optout.example
 cp $infile $zonefile
-ksk=`$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
+ksk=`$KEYGEN -q -a RSASHA1 -3 -fk $zone 2> kg.out` || dumpit kg.out
-$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -q -a RSASHA1 -3 $zone > kg.out 2>&1 || dumpit kg.out
 $DSFROMKEY $ksk.key > dsset-${zone}$TP
 
 #
@@ -113,8 +113,8 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
 #
 setup optout.example
 cat $infile dsset-*.${zone}$TP > $zonefile
-ksk=`$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
+ksk=`$KEYGEN -q -a RSASHA1 -3 -fk $zone 2> kg.out` || dumpit kg.out
-$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -q -a RSASHA1 -3 $zone > kg.out 2>&1 || dumpit kg.out
 $DSFROMKEY $ksk.key > dsset-${zone}$TP
 
 #
@@ -122,8 +122,8 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
 #
 setup rsasha256.example
 cp $infile $zonefile
-ksk=`$KEYGEN -q -a RSASHA256 -b 2048 -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
+ksk=`$KEYGEN -q -a RSASHA256 -b 2048 -fk $zone 2> kg.out` || dumpit kg.out
-$KEYGEN -q -a RSASHA256 -b 1024 -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -q -a RSASHA256 -b 1024 $zone > kg.out 2>&1 || dumpit kg.out
 $DSFROMKEY $ksk.key > dsset-${zone}$TP
 
 #
@@ -131,8 +131,8 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
 #
 setup rsasha512.example
 cp $infile $zonefile
-ksk=`$KEYGEN -q -a RSASHA512 -b 2048 -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
+ksk=`$KEYGEN -q -a RSASHA512 -b 2048 -fk $zone 2> kg.out` || dumpit kg.out
-$KEYGEN -q -a RSASHA512 -b 1024 -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -q -a RSASHA512 -b 1024 $zone > kg.out 2>&1 || dumpit kg.out
 $DSFROMKEY $ksk.key > dsset-${zone}$TP
 
 #
@@ -140,8 +140,8 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
 #
 setup nsec.example
 cp $infile $zonefile
-ksk=`$KEYGEN -q -a RSASHA1 -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
+ksk=`$KEYGEN -q -a RSASHA1 -fk $zone 2> kg.out` || dumpit kg.out
-$KEYGEN -q -a RSASHA1 -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -q -a RSASHA1 $zone > kg.out 2>&1 || dumpit kg.out
 $DSFROMKEY $ksk.key > dsset-${zone}$TP
 
 #
@@ -150,16 +150,16 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
 #
 setup oldsigs.example
 cp $infile $zonefile
-$KEYGEN -q -a RSASHA1 -r $RANDFILE -fk $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -q -a RSASHA1 -fk $zone > kg.out 2>&1 || dumpit kg.out
-$KEYGEN -q -a RSASHA1 -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -q -a RSASHA1 $zone > kg.out 2>&1 || dumpit kg.out
 $SIGNER -PS -s now-1y -e now-6mo -o $zone -f $zonefile $infile > s.out 2>&1 || dumpit s.out
 
 #
 # NSEC3->NSEC transition test zone.
 #
 setup nsec3-to-nsec.example
-$KEYGEN -q -a RSASHA512 -b 2048 -r $RANDFILE -fk $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -q -a RSASHA512 -b 2048 -fk $zone > kg.out 2>&1 || dumpit kg.out
-$KEYGEN -q -a RSASHA512 -b 1024 -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -q -a RSASHA512 -b 1024 $zone > kg.out 2>&1 || dumpit kg.out
 $SIGNER -S -3 beef -A -o $zone -f $zonefile $infile > s.out 2>&1 || dumpit s.out
 
 #
@@ -167,8 +167,8 @@ $SIGNER -S -3 beef -A -o $zone -f $zonefile $infile > s.out 2>&1 || dumpit s.out
 # keys via nsupdate
 #
 setup secure-to-insecure.example
-$KEYGEN -a RSASHA1 -q -r $RANDFILE -fk $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -a RSASHA1 -q -fk $zone > kg.out 2>&1 || dumpit kg.out
-$KEYGEN -a RSASHA1 -q -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -a RSASHA1 -q $zone > kg.out 2>&1 || dumpit kg.out
 $SIGNER -S -o $zone -f $zonefile $infile > s.out 2>&1 || dumpit s.out
 
 #
@@ -176,9 +176,9 @@ $SIGNER -S -o $zone -f $zonefile $infile > s.out 2>&1 || dumpit s.out
 # removal of keys on schedule.
 #
 setup secure-to-insecure2.example
-ksk=`$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
+ksk=`$KEYGEN -q -a RSASHA1 -3 -fk $zone 2> kg.out` || dumpit kg.out
 echo $ksk > ../del1.key
-zsk=`$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE $zone 2> kg.out` || dumpit kg.out
+zsk=`$KEYGEN -q -a RSASHA1 -3 $zone 2> kg.out` || dumpit kg.out
 echo $zsk > ../del2.key
 $SIGNER -S -3 beef -o $zone -f $zonefile $infile > s.out 2>&1 || dumpit s.out
 
@@ -187,8 +187,8 @@ $SIGNER -S -3 beef -o $zone -f $zonefile $infile > s.out 2>&1 || dumpit s.out
 #
 setup prepub.example
 infile="secure-to-insecure2.example.db.in"
-$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE -fk $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -a RSASHA1 -3 -q -fk $zone > kg.out 2>&1 || dumpit kg.out
-$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -a RSASHA1 -3 -q $zone > kg.out 2>&1 || dumpit kg.out
 $SIGNER -S -3 beef -o $zone -f $zonefile $infile > s.out 2>&1 || dumpit s.out
 
 #
@@ -197,35 +197,35 @@ $SIGNER -S -3 beef -o $zone -f $zonefile $infile > s.out 2>&1 || dumpit s.out
 
 # no default key TTL; DNSKEY should get SOA TTL
 setup ttl1.example
-$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE -fk $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -a RSASHA1 -3 -q -fk $zone > kg.out 2>&1 || dumpit kg.out
-$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -a RSASHA1 -3 -q $zone > kg.out 2>&1 || dumpit kg.out
 cp $infile $zonefile
 
 # default key TTL should be used
 setup ttl2.example 
-$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE -fk -L 60 $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -a RSASHA1 -3 -q -fk -L 60 $zone > kg.out 2>&1 || dumpit kg.out
-$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE -L 60 $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -a RSASHA1 -3 -q -L 60 $zone > kg.out 2>&1 || dumpit kg.out
 cp $infile $zonefile
 
 # mismatched key TTLs, should use shortest
 setup ttl3.example
-$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE -fk -L 30 $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -a RSASHA1 -3 -q -fk -L 30 $zone > kg.out 2>&1 || dumpit kg.out
-$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE -L 60 $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -a RSASHA1 -3 -q -L 60 $zone > kg.out 2>&1 || dumpit kg.out
 cp $infile $zonefile
 
 # existing DNSKEY RRset, should retain TTL
 setup ttl4.example
-$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE -L 30 -fk $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -a RSASHA1 -3 -q -L 30 -fk $zone > kg.out 2>&1 || dumpit kg.out
 cat ${infile} K${zone}.+*.key > $zonefile
-$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE -L 180 $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -a RSASHA1 -3 -q -L 180 $zone > kg.out 2>&1 || dumpit kg.out
 
 #
 # A zone with a DNSKEY RRset that is published before it's activated
 #
 setup delay.example
-ksk=`$KEYGEN -G -q -a RSASHA1 -3 -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
+ksk=`$KEYGEN -G -q -a RSASHA1 -3 -fk $zone 2> kg.out` || dumpit kg.out
 echo $ksk > ../delayksk.key
-zsk=`$KEYGEN -G -q -a RSASHA1 -3 -r $RANDFILE $zone 2> kg.out` || dumpit kg.out
+zsk=`$KEYGEN -G -q -a RSASHA1 -3 $zone 2> kg.out` || dumpit kg.out
 echo $zsk > ../delayzsk.key
 
 #
@@ -233,8 +233,8 @@ echo $zsk > ../delayzsk.key
 # is missing.
 #
 setup nozsk.example
-$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE -fk $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -q -a RSASHA1 -3 -fk $zone > kg.out 2>&1 || dumpit kg.out
-zsk=`$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE $zone`
+zsk=`$KEYGEN -q -a RSASHA1 -3 $zone`
 $SIGNER -S -P -s now-1mo -e now-1mi -o $zone -f $zonefile ${zonefile}.in > s.out 2>&1 || dumpit s.out
 echo $zsk > ../missingzsk.key
 rm -f ${zsk}.private
@@ -244,8 +244,8 @@ rm -f ${zsk}.private
 # is inactive.
 #
 setup inaczsk.example
-$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE -fk $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -q -a RSASHA1 -3 -fk $zone > kg.out 2>&1 || dumpit kg.out
-zsk=`$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE $zone`
+zsk=`$KEYGEN -q -a RSASHA1 -3 $zone`
 $SIGNER -S -P -s now-1mo -e now-1mi -o $zone -f $zonefile ${zonefile}.in > s.out 2>&1 || dumpit s.out
 echo $zsk > ../inactivezsk.key
 $SETTIME -I now $zsk > st.out 2>&1 || dumpit st.out
@@ -255,16 +255,16 @@ $SETTIME -I now $zsk > st.out 2>&1 || dumpit st.out
 #
 setup reconf.example
 cp secure.example.db.in $zonefile
-$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE -fk $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -q -a RSASHA1 -3 -fk $zone > kg.out 2>&1 || dumpit kg.out
-$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -q -a RSASHA1 -3 $zone > kg.out 2>&1 || dumpit kg.out
 
 #
 # A zone which generates CDS and CDNSEY RRsets automatically
 #
 setup sync.example
 cp $infile $zonefile
-ksk=`$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE -fk -P sync now $zone 2> kg.out` || dumpit kg.out
+ksk=`$KEYGEN -a RSASHA1 -3 -q -fk -P sync now $zone 2> kg.out` || dumpit kg.out
-$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -a RSASHA1 -3 -q $zone > kg.out 2>&1 || dumpit kg.out
 $DSFROMKEY $ksk.key > dsset-${zone}$TP
 echo ns3/$ksk > ../sync.key
 
@@ -273,8 +273,8 @@ echo ns3/$ksk > ../sync.key
 #
 setup kskonly.example
 cp $infile $zonefile
-ksk=`$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE -fk -P sync now $zone 2> kg.out` || dumpit kg.out
+ksk=`$KEYGEN -a RSASHA1 -3 -q -fk -P sync now $zone 2> kg.out` || dumpit kg.out
-$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -a RSASHA1 -3 -q $zone > kg.out 2>&1 || dumpit kg.out
 $DSFROMKEY $ksk.key > dsset-${zone}$TP
 
 #
@@ -282,8 +282,8 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
 #
 setup inacksk2.example
 cp $infile $zonefile
-ksk=`$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE -Pnow -A now+3600 -fk $zone 2> kg.out` || dumpit kg.out
+ksk=`$KEYGEN -a RSASHA1 -3 -q -Pnow -A now+3600 -fk $zone 2> kg.out` || dumpit kg.out
-$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -a RSASHA1 -3 -q $zone > kg.out 2>&1 || dumpit kg.out
 $DSFROMKEY $ksk.key > dsset-${zone}$TP
 
 #
@@ -291,8 +291,8 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
 #
 setup inaczsk2.example
 cp $infile $zonefile
-ksk=`$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
+ksk=`$KEYGEN -a RSASHA1 -3 -q -fk $zone 2> kg.out` || dumpit kg.out
-$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE -P now -A now+3600 $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -a RSASHA1 -3 -q -P now -A now+3600 $zone > kg.out 2>&1 || dumpit kg.out
 $DSFROMKEY $ksk.key > dsset-${zone}$TP
 
 #
@@ -300,9 +300,9 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
 #
 setup inacksk3.example
 cp $infile $zonefile
-$KEYGEN -a NSEC3RSASHA1 -3 -q -r $RANDFILE -P now -A now+3600 -fk $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -a NSEC3RSASHA1 -3 -q -P now -A now+3600 -fk $zone > kg.out 2>&1 || dumpit kg.out
-ksk=`$KEYGEN -a NSEC3RSASHA1 -3 -q -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
+ksk=`$KEYGEN -a NSEC3RSASHA1 -3 -q -fk $zone 2> kg.out` || dumpit kg.out
-$KEYGEN -a NSEC3RSASHA1 -3 -q -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -a NSEC3RSASHA1 -3 -q $zone > kg.out 2>&1 || dumpit kg.out
 $DSFROMKEY $ksk.key > dsset-${zone}$TP
 
 #
@@ -310,7 +310,7 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
 #
 setup inaczsk3.example
 cp $infile $zonefile
-ksk=`$KEYGEN -a NSEC3RSASHA1 -3 -q -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
+ksk=`$KEYGEN -a NSEC3RSASHA1 -3 -q -fk $zone 2> kg.out` || dumpit kg.out
-$KEYGEN -a NSEC3RSASHA1 -3 -q -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -a NSEC3RSASHA1 -3 -q $zone > kg.out 2>&1 || dumpit kg.out
-$KEYGEN -a NSEC3RSASHA1 -3 -q -r $RANDFILE -P now -A now+3600 $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -a NSEC3RSASHA1 -3 -q -P now -A now+3600 $zone > kg.out 2>&1 || dumpit kg.out
 $DSFROMKEY $ksk.key > dsset-${zone}$TP

bin/tests/system/autosign/setup.sh

@@ -14,8 +14,6 @@ SYSTEMTESTTOP=..
 
 . ./clean.sh
 
-test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
-
 copy_setports ns1/named.conf.in ns1/named.conf
 copy_setports ns2/named.conf.in ns2/named.conf
 copy_setports ns3/named.conf.in ns3/named.conf

bin/tests/system/autosign/tests.sh

@@ -926,7 +926,7 @@ ret=0
 oldserial=`$DIG $DIGOPTS +short soa prepub.example @10.53.0.3 | awk '$0 !~ /SOA/ {print $3}'`
 oldinception=`$DIG $DIGOPTS +short soa prepub.example @10.53.0.3 | awk '/SOA/ {print $6}' | sort -u`
 
-$KEYGEN -a rsasha1 -3 -q -r $RANDFILE -K ns3 -P 0 -A +6d -I +38d -D +45d prepub.example > /dev/null
+$KEYGEN -a rsasha1 -3 -q -K ns3 -P 0 -A +6d -I +38d -D +45d prepub.example > /dev/null
 
 $RNDCCMD 10.53.0.3 sign prepub.example 2>&1 | sed 's/^/ns1 /' | cat_i
 newserial=$oldserial

bin/tests/system/cds/setup.sh

@@ -16,15 +16,13 @@ SYSTEMTESTTOP=..
 
 $SHELL clean.sh
 
-test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
-
 touch empty
 
 Z=cds.test
 
-keyz=$($KEYGEN -q -r $RANDFILE -a RSASHA256 $Z)
+keyz=$($KEYGEN -q -a RSASHA256 $Z)
-key1=$($KEYGEN -q -r $RANDFILE -a RSASHA256 -f KSK $Z)
+key1=$($KEYGEN -q -a RSASHA256 -f KSK $Z)
-key2=$($KEYGEN -q -r $RANDFILE -a RSASHA256 -f KSK $Z)
+key2=$($KEYGEN -q -a RSASHA256 -f KSK $Z)
 
 idz=$(echo $keyz | sed 's/.*+0*//')
 id1=$(echo $key1 | sed 's/.*+0*//')
@@ -85,7 +83,7 @@ sed 's/ add \(.*\) IN DS / add \1 3600 IN DS /' <UP.swap >UP.swapttl
 
 sign() {
 	cat >db.$1
-	$SIGNER >/dev/null 2>&1 -r $RANDFILE \
+	$SIGNER >/dev/null 2>&1 \
 		 -S -O full -o $Z -f sig.$1 db.$1
 }
 

bin/tests/system/chain/ns2/sign.sh

@@ -15,6 +15,6 @@ SYSTEMTESTTOP=../..
 zone=example.
 zonefile=example.db
 
-ksk=`$KEYGEN -q -a RSASHA256 -b 2048 -fk -r $RANDFILE $zone`
+ksk=`$KEYGEN -q -a RSASHA256 -b 2048 -fk $zone`
-zsk=`$KEYGEN -q -a RSASHA256 -b 1024 -r $RANDFILE $zone`
+zsk=`$KEYGEN -q -a RSASHA256 -b 1024 $zone`
-$SIGNER -S -r $RANDFILE -o $zone example.db > /dev/null 2>&1
+$SIGNER -S -o $zone example.db > /dev/null 2>&1

bin/tests/system/chain/setup.sh

@@ -14,8 +14,6 @@ SYSTEMTESTTOP=..
 
 $SHELL clean.sh
 
-test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
-
 copy_setports ns1/named.conf.in ns1/named.conf
 copy_setports ns2/named.conf.in ns2/named.conf
 copy_setports ns5/named.conf.in ns5/named.conf

bin/tests/system/checkconf/bad-many.conf

@@ -38,7 +38,6 @@ options {
 	port 5300;
 	querylog yes;
 	recursing-file "named.recursing";
-	random-device "/dev/random";
 	recursive-clients 3000;
 	serial-queries 10;
 	serial-query-rate 100;

bin/tests/system/checkconf/good.conf

@@ -57,7 +57,6 @@ options {
 	pid-file none;
 	port 5300;
 	querylog yes;
-	random-device "/dev/random";
 	recursing-file "named.recursing";
 	recursive-clients 3000;
 	serial-queries 10;

bin/tests/system/conf.sh.in

@@ -33,7 +33,6 @@ DNSTAPREAD=$TOP/bin/tools/dnstap-read
 DSFROMKEY=$TOP/bin/dnssec/dnssec-dsfromkey
 FEATURETEST=$TOP/bin/tests/system/feature-test
 FSTRM_CAPTURE=@FSTRM_CAPTURE@
-GENRANDOM=$TOP/bin/tools/genrandom
 IMPORTKEY=$TOP/bin/dnssec/dnssec-importkey
 JOURNALPRINT=$TOP/bin/tools/named-journalprint
 KEYFRLAB=$TOP/bin/dnssec/dnssec-keyfromlabel
@@ -59,8 +58,6 @@ TSIGKEYGEN=$TOP/bin/confgen/tsig-keygen
 VERIFY=$TOP/bin/dnssec/dnssec-verify
 WIRETEST=$TOP/bin/tests/wire_test
 
-RANDFILE=$TOP/bin/tests/system/random.data
-
 BIGKEY=$TOP/bin/tests/system/rsabigexponent/bigkey
 GENCHECK=$TOP/bin/tests/system/rndc/gencheck
 KEYCREATE=$TOP/bin/tests/system/tkey/keycreate
@@ -323,7 +320,6 @@ export PK11GEN
 export PK11LIST
 export PSSUSPEND
 export PYTHON
-export RANDFILE
 export RESOLVE
 export RNDC
 export RRCHECKER

bin/tests/system/conf.sh.win32

@@ -38,7 +38,6 @@ DNSTAPREAD=$TOP/Build/$VSCONF/dnstap-read@EXEEXT@
 DSFROMKEY=$TOP/Build/$VSCONF/dnssec-dsfromkey@EXEEXT@
 FEATURETEST=$TOP/Build/$VSCONF/feature-test@EXEEXT@
 FSTRM_CAPTURE=@FSTRM_CAPTURE@
-GENRANDOM=$TOP/Build/$VSCONF/genrandom@EXEEXT@
 IMPORTKEY=$TOP/Build/$VSCONF/dnssec-importkey@EXEEXT@
 JOURNALPRINT=$TOP/Build/$VSCONF/named-journalprint@EXEEXT@
 KEYFRLAB=$TOP/Build/$VSCONF/dnssec-keyfromlabel@EXEEXT@
@@ -65,9 +64,6 @@ VERIFY=$TOP/Build/$VSCONF/dnssec-verify@EXEEXT@
 
 # to port WIRETEST=$TOP/Build/$VSCONF/wire_test@EXEEXT@
 
-# this is given as argument to native WIN32 executables
-RANDFILE=`cygpath -w $TOP/bin/tests/system/random.data`
-
 BIGKEY=$TOP/Build/$VSCONF/bigkey@EXEEXT@
 GENCHECK=$TOP/Build/$VSCONF/gencheck@EXEEXT@
 KEYCREATE=$TOP/Build/$VSCONF/keycreate@EXEEXT@
@@ -298,7 +294,6 @@ export PK11GEN
 export PK11LIST
 export PSSUSPEND
 export PYTHON
-export RANDFILE
 export RESOLVE
 export RNDC
 export RRCHECKER

bin/tests/system/coverage/setup.sh

@@ -12,8 +12,6 @@
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
 
-KEYGEN="$KEYGEN -qr $RANDFILE"
-
 $SHELL clean.sh
 
 ln -s $CHECKZONE named-compilezone

bin/tests/system/dlv/ns1/sign.sh

@@ -23,12 +23,12 @@ infile=root.db.in
 zonefile=root.db
 outfile=root.signed
 
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` 
+keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null` 
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
 
 cat $infile $keyname1.key $keyname2.key >$zonefile
 
-$SIGNER -r $RANDFILE -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 
 echo_i "signed $zone"
 

bin/tests/system/dlv/ns2/sign.sh

@@ -24,12 +24,12 @@ zonefile=druz.db
 outfile=druz.pre
 dlvzone=utld.
 
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` 
+keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null` 
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
 
 cat $infile $keyname1.key $keyname2.key >$zonefile
 
-$SIGNER -r $RANDFILE -l $dlvzone -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -l $dlvzone -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 
 $CHECKZONE -q -D -i none druz druz.pre |
 sed '/IN DNSKEY/s/\([a-z0-9A-Z/]\{10\}\)[a-z0-9A-Z/]\{16\}/\1XXXXXXXXXXXXXXXX/'> druz.signed

bin/tests/system/dlv/ns3/sign.sh

@@ -26,13 +26,13 @@ zonefile=child1.utld.db
 outfile=child1.signed
 dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
 
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` 
+keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null` 
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
 
 dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
 cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
 
-$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 
 
@@ -42,13 +42,13 @@ zonefile=child3.utld.db
 outfile=child3.signed
 dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
 
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
 
 dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
 cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
 
-$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 
 
@@ -58,12 +58,12 @@ zonefile=child4.utld.db
 outfile=child4.signed
 dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
 
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
 
 cat $infile $keyname1.key $keyname2.key >$zonefile
 
-$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 
 
@@ -73,13 +73,13 @@ zonefile=child5.utld.db
 outfile=child5.signed
 dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
 
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
 
 dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
 cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
 
-$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 
 
@@ -88,13 +88,13 @@ infile=child.db.in
 zonefile=child7.utld.db
 outfile=child7.signed
 
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
 
 dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
 cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
 
-$SIGNER -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 
 
@@ -103,12 +103,12 @@ infile=child.db.in
 zonefile=child8.utld.db
 outfile=child8.signed
 
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
 
 cat $infile $keyname1.key $keyname2.key >$zonefile
 
-$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 
 
@@ -118,12 +118,12 @@ zonefile=child9.utld.db
 outfile=child9.signed
 dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
 
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
 
 cat $infile $keyname1.key $keyname2.key >$zonefile
 
-$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 
 zone=child10.utld.
@@ -132,12 +132,12 @@ zonefile=child10.utld.db
 outfile=child10.signed
 dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
 
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
 
 cat $infile $keyname1.key $keyname2.key >$zonefile
 
-$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 
 zone=child1.druz.
@@ -147,13 +147,13 @@ outfile=child1.druz.signed
 dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
 dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
 
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` 
+keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null` 
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
 
 dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
 cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
 
-$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 
 
@@ -164,13 +164,13 @@ outfile=child3.druz.signed
 dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
 dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
 
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
 
 dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
 cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
 
-$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 
 
@@ -181,12 +181,12 @@ outfile=child4.druz.signed
 dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
 dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
 
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
 
 cat $infile $keyname1.key $keyname2.key >$zonefile
 
-$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 
 
@@ -197,13 +197,13 @@ outfile=child5.druz.signed
 dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
 dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
 
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
 
 dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
 cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
 
-$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 
 
@@ -213,13 +213,13 @@ zonefile=child7.druz.db
 outfile=child7.druz.signed
 dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
 
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
 
 dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
 cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
 
-$SIGNER -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 
 
@@ -228,12 +228,12 @@ infile=child.db.in
 zonefile=child8.druz.db
 outfile=child8.druz.signed
 
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
 
 cat $infile $keyname1.key $keyname2.key >$zonefile
 
-$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 
 
@@ -243,12 +243,12 @@ zonefile=child9.druz.db
 outfile=child9.druz.signed
 dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
 
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
 
 cat $infile $keyname1.key $keyname2.key >$zonefile
 
-$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 
 zone=child10.druz.
@@ -258,12 +258,12 @@ outfile=child10.druz.signed
 dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
 dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
 
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
 
 cat $infile $keyname1.key $keyname2.key >$zonefile
 
-$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 
 
@@ -272,12 +272,12 @@ infile=dlv.db.in
 zonefile=dlv.utld.db
 outfile=dlv.signed
 
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
 
 cat $infile $dlvsets $keyname1.key $keyname2.key >$zonefile
 
-$SIGNER -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 
 

bin/tests/system/dlv/ns6/sign.sh

@@ -21,12 +21,12 @@ infile=child.db.in
 zonefile=grand.child1.utld.db
 outfile=grand.child1.signed
 
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
 
 cat $infile $keyname1.key $keyname2.key >$zonefile
 
-$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 
 
@@ -36,12 +36,12 @@ zonefile=grand.child3.utld.db
 outfile=grand.child3.signed
 dlvzone=dlv.utld.
 
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
 
 cat $infile $keyname1.key $keyname2.key >$zonefile
 
-$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 
 
@@ -51,12 +51,12 @@ zonefile=grand.child4.utld.db
 outfile=grand.child4.signed
 dlvzone=dlv.utld.
 
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
 
 cat $infile $keyname1.key $keyname2.key >$zonefile
 
-$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 
 
@@ -66,12 +66,12 @@ zonefile=grand.child5.utld.db
 outfile=grand.child5.signed
 dlvzone=dlv.utld.
 
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
 
 cat $infile $keyname1.key $keyname2.key >$zonefile
 
-$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 
 
@@ -81,12 +81,12 @@ zonefile=grand.child7.utld.db
 outfile=grand.child7.signed
 dlvzone=dlv.utld.
 
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
 
 cat $infile $keyname1.key $keyname2.key >$zonefile
 
-$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 
 
@@ -96,12 +96,12 @@ zonefile=grand.child8.utld.db
 outfile=grand.child8.signed
 dlvzone=dlv.utld.
 
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
 
 cat $infile $keyname1.key $keyname2.key >$zonefile
 
-$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 
 
@@ -111,12 +111,12 @@ zonefile=grand.child9.utld.db
 outfile=grand.child9.signed
 dlvzone=dlv.utld.
 
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
 
 cat $infile $keyname1.key $keyname2.key >$zonefile
 
-$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 
 zone=grand.child10.utld.
@@ -125,12 +125,12 @@ zonefile=grand.child10.utld.db
 outfile=grand.child10.signed
 dlvzone=dlv.utld.
 
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
 
 cat $infile $keyname1.key $keyname2.key >$zonefile
 
-$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 
 zone=grand.child1.druz.
@@ -138,12 +138,12 @@ infile=child.db.in
 zonefile=grand.child1.druz.db
 outfile=grand.child1.druz.signed
 
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
 
 cat $infile $keyname1.key $keyname2.key >$zonefile
 
-$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 
 
@@ -153,12 +153,12 @@ zonefile=grand.child3.druz.db
 outfile=grand.child3.druz.signed
 dlvzone=dlv.druz.
 
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
 
 cat $infile $keyname1.key $keyname2.key >$zonefile
 
-$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 
 
@@ -168,12 +168,12 @@ zonefile=grand.child4.druz.db
 outfile=grand.child4.druz.signed
 dlvzone=dlv.druz.
 
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
 
 cat $infile $keyname1.key $keyname2.key >$zonefile
 
-$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 
 
@@ -183,12 +183,12 @@ zonefile=grand.child5.druz.db
 outfile=grand.child5.druz.signed
 dlvzone=dlv.druz.
 
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
 
 cat $infile $keyname1.key $keyname2.key >$zonefile
 
-$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 
 
@@ -198,12 +198,12 @@ zonefile=grand.child7.druz.db
 outfile=grand.child7.druz.signed
 dlvzone=dlv.druz.
 
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
 
 cat $infile $keyname1.key $keyname2.key >$zonefile
 
-$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 
 
@@ -213,12 +213,12 @@ zonefile=grand.child8.druz.db
 outfile=grand.child8.druz.signed
 dlvzone=dlv.druz.
 
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
 
 cat $infile $keyname1.key $keyname2.key >$zonefile
 
-$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 
 
@@ -228,12 +228,12 @@ zonefile=grand.child9.druz.db
 outfile=grand.child9.druz.signed
 dlvzone=dlv.druz.
 
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
 
 cat $infile $keyname1.key $keyname2.key >$zonefile
 
-$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"
 
 zone=grand.child10.druz.
@@ -242,10 +242,10 @@ zonefile=grand.child10.druz.db
 outfile=grand.child10.druz.signed
 dlvzone=dlv.druz.
 
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
 
 cat $infile $keyname1.key $keyname2.key >$zonefile
 
-$SIGNER -g -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"

bin/tests/system/dlv/setup.sh

@@ -12,8 +12,6 @@
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
 
-test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
-
 copy_setports ns1/named.conf.in ns1/named.conf
 copy_setports ns2/named.conf.in ns2/named.conf
 copy_setports ns3/named.conf.in ns3/named.conf

bin/tests/system/dlzexternal/setup.sh

@@ -12,8 +12,6 @@
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
 
-test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
+$DDNSCONFGEN -q -z example.nil > ns1/ddns.key
-
-$DDNSCONFGEN -q -r $RANDFILE -z example.nil > ns1/ddns.key
 
 copy_setports ns1/named.conf.in ns1/named.conf

bin/tests/system/dns64/ns1/sign.sh

@@ -16,9 +16,9 @@ zone=signed
 infile=example.db
 zonefile=signed.db
 
-key1=`$KEYGEN -q -a rsasha256 -r $RANDFILE $zone`
+key1=`$KEYGEN -q -a rsasha256 $zone`
-key2=`$KEYGEN -q -a rsasha256 -r $RANDFILE -fk $zone`
+key2=`$KEYGEN -q -a rsasha256 -fk $zone`
 
 cat $infile $key1.key $key2.key > $zonefile
 
-$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null
+$SIGNER -P -g -o $zone $zonefile > /dev/null

bin/tests/system/dns64/setup.sh

@@ -14,8 +14,6 @@ SYSTEMTESTTOP=..
 
 $SHELL clean.sh
 
-test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
-
 copy_setports ns1/named.conf.in ns1/named.conf
 copy_setports ns2/named.conf.in ns2/named.conf
 

bin/tests/system/dnssec/ns1/sign.sh

@@ -27,11 +27,11 @@ cp ../ns2/dsset-in-addr.arpa$TP .
 grep "8 [12] " ../ns2/dsset-algroll$TP > dsset-algroll$TP
 cp ../ns6/dsset-optout-tld$TP .
 
-keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone`
+keyname=`$KEYGEN -q -a RSAMD5 -b 1024 -n zone $zone`
 
 cat $infile $keyname.key > $zonefile
 
-$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null
+$SIGNER -P -g -o $zone $zonefile > /dev/null
 
 # Configure the resolving server with a trusted key.
 cat $keyname.key | grep -v '^; ' | $PERL -n -e '

bin/tests/system/dnssec/ns2/sign.sh

@@ -29,12 +29,12 @@ do
 	cp ../ns3/dsset-$subdomain.example$TP .
 done
 
-keyname1=`$KEYGEN -q -r $RANDFILE -a DSA -b 768 -n zone $zone`
+keyname1=`$KEYGEN -q -a DSA -b 768 -n zone $zone`
-keyname2=`$KEYGEN -q -r $RANDFILE -a DSA -b 768 -n zone $zone`
+keyname2=`$KEYGEN -q -a DSA -b 768 -n zone $zone`
 
 cat $infile $keyname1.key $keyname2.key >$zonefile
 
-$SIGNER -P -g -r $RANDFILE -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
+$SIGNER -P -g -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
 
 #
 # lower/uppercase the signature bits with the exception of the last characters
@@ -89,11 +89,11 @@ zone=in-addr.arpa.
 infile=in-addr.arpa.db.in
 zonefile=in-addr.arpa.db
 
-keyname1=`$KEYGEN -q -r $RANDFILE -a DSA -b 768 -n zone $zone`
+keyname1=`$KEYGEN -q -a DSA -b 768 -n zone $zone`
-keyname2=`$KEYGEN -q -r $RANDFILE -a DSA -b 768 -n zone $zone`
+keyname2=`$KEYGEN -q -a DSA -b 768 -n zone $zone`
 
 cat $infile $keyname1.key $keyname2.key >$zonefile
-$SIGNER -P -g -r $RANDFILE -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
+$SIGNER -P -g -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
 
 # Sign the privately secure file
 
@@ -101,11 +101,11 @@ privzone=private.secure.example.
 privinfile=private.secure.example.db.in
 privzonefile=private.secure.example.db
 
-privkeyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $privzone`
+privkeyname=`$KEYGEN -q -a RSAMD5 -b 1024 -n zone $privzone`
 
 cat $privinfile $privkeyname.key >$privzonefile
 
-$SIGNER -P -g -r $RANDFILE -o $privzone -l dlv $privzonefile > /dev/null
+$SIGNER -P -g -o $privzone -l dlv $privzonefile > /dev/null
 
 # Sign the DLV secure zone.
 
@@ -115,11 +115,11 @@ dlvinfile=dlv.db.in
 dlvzonefile=dlv.db
 dlvsetfile=dlvset-`echo $privzone |sed -e "s/\.$//g"`$TP
 
-dlvkeyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $dlvzone`
+dlvkeyname=`$KEYGEN -q -a RSAMD5 -b 1024 -n zone $dlvzone`
 
 cat $dlvinfile $dlvkeyname.key $dlvsetfile > $dlvzonefile
 
-$SIGNER -P -g -r $RANDFILE -o $dlvzone $dlvzonefile > /dev/null
+$SIGNER -P -g -o $dlvzone $dlvzonefile > /dev/null
 
 # Sign the badparam secure file
 
@@ -127,12 +127,12 @@ zone=badparam.
 infile=badparam.db.in
 zonefile=badparam.db
 
-keyname1=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone -f KSK $zone`
+keyname1=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone -f KSK $zone`
-keyname2=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
+keyname2=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone $zone`
 
 cat $infile $keyname1.key $keyname2.key >$zonefile
 
-$SIGNER -P -3 - -H 1 -g -r $RANDFILE -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
+$SIGNER -P -3 - -H 1 -g -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
 
 sed 's/IN NSEC3 1 0 1 /IN NSEC3 1 0 10 /' $zonefile.signed > $zonefile.bad
 
@@ -142,12 +142,12 @@ zone=single-nsec3.
 infile=single-nsec3.db.in
 zonefile=single-nsec3.db
 
-keyname1=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone -f KSK $zone`
+keyname1=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone -f KSK $zone`
-keyname2=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
+keyname2=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone $zone`
 
 cat $infile $keyname1.key $keyname2.key >$zonefile
 
-$SIGNER -P -3 - -A -H 1 -g -r $RANDFILE -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
+$SIGNER -P -3 - -A -H 1 -g -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
 
 #
 # algroll has just has the old DNSKEY records removed and is waiting
@@ -158,14 +158,14 @@ zone=algroll.
 infile=algroll.db.in
 zonefile=algroll.db
 
-keyold1=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -fk $zone`
+keyold1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
-keyold2=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
+keyold2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
-keynew1=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone -fk $zone`
+keynew1=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone -fk $zone`
-keynew2=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
+keynew2=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone $zone`
 
 cat $infile $keynew1.key $keynew2.key >$zonefile
 
-$SIGNER -P -r $RANDFILE -o $zone -k $keyold1 -k $keynew1 $zonefile $keyold1 $keyold2 $keynew1 $keynew2 > /dev/null
+$SIGNER -P -o $zone -k $keyold1 -k $keynew1 $zonefile $keyold1 $keyold2 $keynew1 $keynew2 > /dev/null
 
 #
 # Make a zone big enough that it takes several seconds to generate a new
@@ -183,93 +183,93 @@ ns3	10	A	10.53.0.3
 EOF
 awk 'END { for (i = 0; i < 300; i++)
 	print "host" i, 10, "NS", "ns.elsewhere"; }' < /dev/null >> $zonefile
-key1=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone -fk $zone`
+key1=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone -fk $zone`
-key2=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
+key2=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone $zone`
 cat $key1.key $key2.key >> $zonefile
-$SIGNER -P -3 - -A -H 1 -g -r $RANDFILE -o $zone -k $key1 $zonefile $key2 > /dev/null
+$SIGNER -P -3 - -A -H 1 -g -o $zone -k $key1 $zonefile $key2 > /dev/null
 
 zone=cds.secure
 infile=cds.secure.db.in
 zonefile=cds.secure.db
-key1=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -fk $zone`
+key1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
-key2=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
+key2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
 $DSFROMKEY -C $key1.key > $key1.cds
 cat $infile $key1.key $key2.key $key1.cds >$zonefile
-$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null
+$SIGNER -P -g -o $zone $zonefile > /dev/null
 
 zone=cds-x.secure
 infile=cds.secure.db.in
 zonefile=cds-x.secure.db
-key1=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -fk $zone`
+key1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
-key2=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -fk $zone`
+key2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
-key3=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
+key3=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
 $DSFROMKEY -C $key2.key > $key2.cds
 cat $infile $key1.key $key3.key $key2.cds >$zonefile
-$SIGNER -P -g -x -r $RANDFILE -o $zone $zonefile > /dev/null
+$SIGNER -P -g -x -o $zone $zonefile > /dev/null
 
 zone=cds-update.secure
 infile=cds-update.secure.db.in
 zonefile=cds-update.secure.db
-key1=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -fk $zone`
+key1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
-key2=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
+key2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
 cat $infile $key1.key $key2.key > $zonefile
-$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null
+$SIGNER -P -g -o $zone $zonefile > /dev/null
 
 zone=cds-kskonly.secure
 infile=cds-kskonly.secure.db.in
 zonefile=cds-kskonly.secure.db
-key1=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -fk $zone`
+key1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
-key2=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
+key2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
 cat $infile $key1.key $key2.key > $zonefile
-$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null
+$SIGNER -P -g -o $zone $zonefile > /dev/null
 
 zone=cds-auto.secure
 infile=cds-auto.secure.db.in
 zonefile=cds-auto.secure.db
-key1=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -fk $zone`
+key1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
-key2=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
+key2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
 $DSFROMKEY -C $key1.key > $key1.cds
 cat $infile $key1.cds > $zonefile.signed
 
 zone=cdnskey.secure
 infile=cdnskey.secure.db.in
 zonefile=cdnskey.secure.db
-key1=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -fk $zone`
+key1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
-key2=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
+key2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
 sed 's/DNSKEY/CDNSKEY/' $key1.key > $key1.cds
 cat $infile $key1.key $key2.key $key1.cds >$zonefile
-$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null
+$SIGNER -P -g -o $zone $zonefile > /dev/null
 
 zone=cdnskey-x.secure
 infile=cdnskey.secure.db.in
 zonefile=cdnskey-x.secure.db
-key1=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -fk $zone`
+key1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
-key2=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -fk $zone`
+key2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
-key3=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
+key3=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
 sed 's/DNSKEY/CDNSKEY/' $key1.key > $key1.cds
 cat $infile $key2.key $key3.key $key1.cds >$zonefile
-$SIGNER -P -g -x -r $RANDFILE -o $zone $zonefile > /dev/null
+$SIGNER -P -g -x -o $zone $zonefile > /dev/null
 
 zone=cdnskey-update.secure
 infile=cdnskey-update.secure.db.in
 zonefile=cdnskey-update.secure.db
-key1=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -fk $zone`
+key1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
-key2=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
+key2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
 cat $infile $key1.key $key2.key > $zonefile
-$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null
+$SIGNER -P -g -o $zone $zonefile > /dev/null
 
 zone=cdnskey-kskonly.secure
 infile=cdnskey-kskonly.secure.db.in
 zonefile=cdnskey-kskonly.secure.db
-key1=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -fk $zone`
+key1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
-key2=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
+key2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
 cat $infile $key1.key $key2.key > $zonefile
-$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null
+$SIGNER -P -g -o $zone $zonefile > /dev/null
 
 zone=cdnskey-auto.secure
 infile=cdnskey-auto.secure.db.in
 zonefile=cdnskey-auto.secure.db
-key1=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -fk $zone`
+key1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
-key2=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
+key2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
 sed 's/DNSKEY/CDNSKEY/' $key1.key > $key1.cds
 cat $infile $key1.cds > $zonefile.signed

bin/tests/system/dnssec/ns3/sign.sh

@@ -16,44 +16,44 @@ zone=secure.example.
 infile=secure.example.db.in
 zonefile=secure.example.db
 
-cnameandkey=`$KEYGEN -T KEY -q -r $RANDFILE -a RSASHA1 -b 1024 -n host cnameandkey.$zone`
+cnameandkey=`$KEYGEN -T KEY -q -a RSASHA1 -b 1024 -n host cnameandkey.$zone`
-dnameandkey=`$KEYGEN -T KEY -q -r $RANDFILE -a RSASHA1 -b 1024 -n host dnameandkey.$zone`
+dnameandkey=`$KEYGEN -T KEY -q -a RSASHA1 -b 1024 -n host dnameandkey.$zone`
-keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
+keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
 
 cat $infile $cnameandkey.key $dnameandkey.key $keyname.key >$zonefile
 
-$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
 
 zone=bogus.example.
 infile=bogus.example.db.in
 zonefile=bogus.example.db
 
-keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone`
+keyname=`$KEYGEN -q -a RSAMD5 -b 1024 -n zone $zone`
 
 cat $infile $keyname.key >$zonefile
 
-$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
 
 zone=dynamic.example.
 infile=dynamic.example.db.in
 zonefile=dynamic.example.db
 
-keyname1=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone`
+keyname1=`$KEYGEN -q -a RSAMD5 -b 1024 -n zone $zone`
-keyname2=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone -f KSK $zone`
+keyname2=`$KEYGEN -q -a RSAMD5 -b 1024 -n zone -f KSK $zone`
 
 cat $infile $keyname1.key $keyname2.key >$zonefile
 
-$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
 
 zone=keyless.example.
 infile=generic.example.db.in
 zonefile=keyless.example.db
 
-keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone`
+keyname=`$KEYGEN -q -a RSAMD5 -b 1024 -n zone $zone`
 
 cat $infile $keyname.key >$zonefile
 
-$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
 
 # Change the signer field of the a.b.keyless.example SIG A
 # to point to a provably nonexistent KEY record.
@@ -69,11 +69,11 @@ zone=secure.nsec3.example.
 infile=secure.nsec3.example.db.in
 zonefile=secure.nsec3.example.db
 
-keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone`
+keyname=`$KEYGEN -q -a RSAMD5 -b 1024 -n zone $zone`
 
 cat $infile $keyname.key >$zonefile
 
-$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
 
 #
 #  NSEC3/NSEC3 test zone
@@ -82,11 +82,11 @@ zone=nsec3.nsec3.example.
 infile=nsec3.nsec3.example.db.in
 zonefile=nsec3.nsec3.example.db
 
-keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
+keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
 
 cat $infile $keyname.key >$zonefile
 
-$SIGNER -P -3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -3 - -o $zone $zonefile > /dev/null 2>&1
 
 #
 #  OPTOUT/NSEC3 test zone
@@ -95,11 +95,11 @@ zone=optout.nsec3.example.
 infile=optout.nsec3.example.db.in
 zonefile=optout.nsec3.example.db
 
-keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
+keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
 
 cat $infile $keyname.key >$zonefile
 
-$SIGNER -P -3 - -A -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -3 - -A -o $zone $zonefile > /dev/null 2>&1
 
 #
 # A nsec3 zone (non-optout).
@@ -108,11 +108,11 @@ zone=nsec3.example.
 infile=nsec3.example.db.in
 zonefile=nsec3.example.db
 
-keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
+keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
 
 cat $infile $keyname.key >$zonefile
 
-$SIGNER -P -g -3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -g -3 - -o $zone $zonefile > /dev/null 2>&1
 
 #
 #  OPTOUT/NSEC test zone
@@ -121,11 +121,11 @@ zone=secure.optout.example.
 infile=secure.optout.example.db.in
 zonefile=secure.optout.example.db
 
-keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone`
+keyname=`$KEYGEN -q -a RSAMD5 -b 1024 -n zone $zone`
 
 cat $infile $keyname.key >$zonefile
 
-$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
 
 #
 #  OPTOUT/NSEC3 test zone
@@ -134,11 +134,11 @@ zone=nsec3.optout.example.
 infile=nsec3.optout.example.db.in
 zonefile=nsec3.optout.example.db
 
-keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
+keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
 
 cat $infile $keyname.key >$zonefile
 
-$SIGNER -P -3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -3 - -o $zone $zonefile > /dev/null 2>&1
 
 #
 #  OPTOUT/OPTOUT test zone
@@ -147,11 +147,11 @@ zone=optout.optout.example.
 infile=optout.optout.example.db.in
 zonefile=optout.optout.example.db
 
-keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
+keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
 
 cat $infile $keyname.key >$zonefile
 
-$SIGNER -P -3 - -A -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -3 - -A -o $zone $zonefile > /dev/null 2>&1
 
 #
 # A optout nsec3 zone.
@@ -160,11 +160,11 @@ zone=optout.example.
 infile=optout.example.db.in
 zonefile=optout.example.db
 
-keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
+keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
 
 cat $infile $keyname.key >$zonefile
 
-$SIGNER -P -g -3 - -A -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -g -3 - -A -o $zone $zonefile > /dev/null 2>&1
 
 #
 # A nsec3 zone (non-optout) with unknown nsec3 hash algorithm (-U).
@@ -173,11 +173,11 @@ zone=nsec3-unknown.example.
 infile=nsec3-unknown.example.db.in
 zonefile=nsec3-unknown.example.db
 
-keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
+keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
 
 cat $infile $keyname.key >$zonefile
 
-$SIGNER -P -3 - -U -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -3 - -U -o $zone $zonefile > /dev/null 2>&1
 
 #
 # A optout nsec3 zone with a unknown nsec3 hash algorithm (-U).
@@ -186,11 +186,11 @@ zone=optout-unknown.example.
 infile=optout-unknown.example.db.in
 zonefile=optout-unknown.example.db
 
-keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
+keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
 
 cat $infile $keyname.key >$zonefile
 
-$SIGNER -P -3 - -U -A -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -3 - -U -A -o $zone $zonefile > /dev/null 2>&1
 
 #
 # A zone with a unknown DNSKEY algorithm.
@@ -200,11 +200,11 @@ zone=dnskey-unknown.example.
 infile=dnskey-unknown.example.db.in
 zonefile=dnskey-unknown.example.db
 
-keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
+keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
 
 cat $infile $keyname.key >$zonefile
 
-$SIGNER -P -3 - -r $RANDFILE -o $zone -O full -f ${zonefile}.tmp $zonefile > /dev/null 2>&1
+$SIGNER -P -3 - -o $zone -O full -f ${zonefile}.tmp $zonefile > /dev/null 2>&1
 
 awk '$4 == "DNSKEY" { $7 = 100; print } $4 == "RRSIG" { $6 = 100; print } { print }' ${zonefile}.tmp > ${zonefile}.signed
 
@@ -219,11 +219,11 @@ zone=dnskey-nsec3-unknown.example.
 infile=dnskey-nsec3-unknown.example.db.in
 zonefile=dnskey-nsec3-unknown.example.db
 
-keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
+keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
 
 cat $infile $keyname.key >$zonefile
 
-$SIGNER -P -3 - -r $RANDFILE -o $zone -U -O full -f ${zonefile}.tmp $zonefile > /dev/null 2>&1
+$SIGNER -P -3 - -o $zone -U -O full -f ${zonefile}.tmp $zonefile > /dev/null 2>&1
 
 awk '$4 == "DNSKEY" { $7 = 100; print } $4 == "RRSIG" { $6 = 100; print } { print }' ${zonefile}.tmp > ${zonefile}.signed
 
@@ -237,21 +237,21 @@ zone=multiple.example.
 infile=multiple.example.db.in
 zonefile=multiple.example.db
 
-keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
+keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
 
 cat $infile $keyname.key >$zonefile
 
-$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
 mv $zonefile.signed $zonefile
-$SIGNER -P -u3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -u3 - -o $zone $zonefile > /dev/null 2>&1
 mv $zonefile.signed $zonefile
-$SIGNER -P -u3 AAAA -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -u3 AAAA -o $zone $zonefile > /dev/null 2>&1
 mv $zonefile.signed $zonefile
-$SIGNER -P -u3 BBBB -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -u3 BBBB -o $zone $zonefile > /dev/null 2>&1
 mv $zonefile.signed $zonefile
-$SIGNER -P -u3 CCCC -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -u3 CCCC -o $zone $zonefile > /dev/null 2>&1
 mv $zonefile.signed $zonefile
-$SIGNER -P -u3 DDDD -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -u3 DDDD -o $zone $zonefile > /dev/null 2>&1
 
 #
 # A RSASHA256 zone.
@@ -260,11 +260,11 @@ zone=rsasha256.example.
 infile=rsasha256.example.db.in
 zonefile=rsasha256.example.db
 
-keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
+keyname=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone $zone`
 
 cat $infile $keyname.key >$zonefile
 
-$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
 
 #
 # A RSASHA512 zone.
@@ -273,11 +273,11 @@ zone=rsasha512.example.
 infile=rsasha512.example.db.in
 zonefile=rsasha512.example.db
 
-keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA512 -b 1024 -n zone $zone`
+keyname=`$KEYGEN -q -a RSASHA512 -b 1024 -n zone $zone`
 
 cat $infile $keyname.key >$zonefile
 
-$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
 
 #
 # A zone with the DNSKEY set only signed by the KSK
@@ -286,10 +286,10 @@ zone=kskonly.example.
 infile=kskonly.example.db.in
 zonefile=kskonly.example.db
 
-kskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -fk $zone`
+kskname=`$KEYGEN -q -a RSASHA1 -fk $zone`
-zskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 $zone`
+zskname=`$KEYGEN -q -a RSASHA1 $zone`
 cat $infile $kskname.key $zskname.key >$zonefile
-$SIGNER -x -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -x -o $zone $zonefile > /dev/null 2>&1
 
 #
 # A zone with the expired signatures
@@ -298,10 +298,10 @@ zone=expired.example.
 infile=expired.example.db.in
 zonefile=expired.example.db
 
-kskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -fk $zone`
+kskname=`$KEYGEN -q -a RSASHA1 -fk $zone`
-zskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 $zone`
+zskname=`$KEYGEN -q -a RSASHA1 $zone`
 cat $infile $kskname.key $zskname.key >$zonefile
-$SIGNER -P -r $RANDFILE -o $zone -s -1d -e +1h $zonefile > /dev/null 2>&1
+$SIGNER -P -o $zone -s -1d -e +1h $zonefile > /dev/null 2>&1
 rm -f $kskname.* $zskname.*
 
 #
@@ -311,10 +311,10 @@ zone=update-nsec3.example.
 infile=update-nsec3.example.db.in
 zonefile=update-nsec3.example.db
 
-kskname=`$KEYGEN -q -3 -r $RANDFILE -a RSASHA1 -fk $zone`
+kskname=`$KEYGEN -q -3 -a RSASHA1 -fk $zone`
-zskname=`$KEYGEN -q -3 -r $RANDFILE -a RSASHA1 $zone`
+zskname=`$KEYGEN -q -3 -a RSASHA1 $zone`
 cat $infile $kskname.key $zskname.key >$zonefile
-$SIGNER -P -3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -3 - -o $zone $zonefile > /dev/null 2>&1
 
 #
 # A NSEC signed zone that will have auto-dnssec enabled and
@@ -324,12 +324,12 @@ zone=auto-nsec.example.
 infile=auto-nsec.example.db.in
 zonefile=auto-nsec.example.db
 
-kskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -fk $zone`
+kskname=`$KEYGEN -q -a RSASHA1 -fk $zone`
-zskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 $zone`
+zskname=`$KEYGEN -q -a RSASHA1 $zone`
-kskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -fk $zone`
+kskname=`$KEYGEN -q -a RSASHA1 -fk $zone`
-zskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 $zone`
+zskname=`$KEYGEN -q -a RSASHA1 $zone`
 cat $infile $kskname.key $zskname.key >$zonefile
-$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
 
 #
 # A NSEC3 signed zone that will have auto-dnssec enabled and
@@ -339,12 +339,12 @@ zone=auto-nsec3.example.
 infile=auto-nsec3.example.db.in
 zonefile=auto-nsec3.example.db
 
-kskname=`$KEYGEN -q -3 -r $RANDFILE -a RSASHA1 -fk $zone`
+kskname=`$KEYGEN -q -3 -a RSASHA1 -fk $zone`
-zskname=`$KEYGEN -q -3 -r $RANDFILE -a RSASHA1 $zone`
+zskname=`$KEYGEN -q -3 -a RSASHA1 $zone`
-kskname=`$KEYGEN -q -3 -r $RANDFILE -a RSASHA1 -fk $zone`
+kskname=`$KEYGEN -q -3 -a RSASHA1 -fk $zone`
-zskname=`$KEYGEN -q -3 -r $RANDFILE -a RSASHA1 $zone`
+zskname=`$KEYGEN -q -3 -a RSASHA1 $zone`
 cat $infile $kskname.key $zskname.key >$zonefile
-$SIGNER -P -3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -3 - -o $zone $zonefile > /dev/null 2>&1
 
 #
 # Secure below cname test zone.
@@ -352,9 +352,9 @@ $SIGNER -P -3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
 zone=secure.below-cname.example.
 infile=secure.below-cname.example.db.in
 zonefile=secure.below-cname.example.db
-keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
+keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
 cat $infile $keyname.key >$zonefile
-$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
 
 #
 # Patched TTL test zone.
@@ -365,10 +365,10 @@ zonefile=ttlpatch.example.db
 signedfile=ttlpatch.example.db.signed
 patchedfile=ttlpatch.example.db.patched
 
-keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
+keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
 cat $infile $keyname.key >$zonefile
 
-$SIGNER -P -r $RANDFILE -f $signedfile -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -f $signedfile -o $zone $zonefile > /dev/null 2>&1
 $CHECKZONE -D -s full $zone $signedfile 2> /dev/null | \
     awk '{$2 = "3600"; print}' > $patchedfile
 
@@ -380,11 +380,11 @@ infile=split-dnssec.example.db.in
 zonefile=split-dnssec.example.db
 signedfile=split-dnssec.example.db.signed
 
-keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
+keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
 cat $infile $keyname.key >$zonefile
 echo '$INCLUDE "'"$signedfile"'"' >> $zonefile
 : > $signedfile
-$SIGNER -P -r $RANDFILE -D -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -D -o $zone $zonefile > /dev/null 2>&1
 
 #
 # Seperate DNSSEC records smart signing.
@@ -394,11 +394,11 @@ infile=split-smart.example.db.in
 zonefile=split-smart.example.db
 signedfile=split-smart.example.db.signed
 
-keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
+keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
 cp $infile $zonefile
 echo '$INCLUDE "'"$signedfile"'"' >> $zonefile
 : > $signedfile
-$SIGNER -P -S -r $RANDFILE -D -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -S -D -o $zone $zonefile > /dev/null 2>&1
 
 # 
 # Zone with signatures about to expire, but no private key to replace them
@@ -407,10 +407,10 @@ zone="expiring.example."
 infile="expiring.example.db.in"
 zonefile="expiring.example.db"
 signedfile="expiring.example.db.signed"
-kskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 $zone`
+kskname=`$KEYGEN -q -a RSASHA1 $zone`
-zskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -f KSK $zone`
+zskname=`$KEYGEN -q -a RSASHA1 -f KSK $zone`
 cp $infile $zonefile
-$SIGNER -S -r $RANDFILE -e now+1mi -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -S -e now+1mi -o $zone $zonefile > /dev/null 2>&1
 mv -f ${zskname}.private ${zskname}.private.moved
 mv -f ${kskname}.private ${kskname}.private.moved
 
@@ -422,10 +422,10 @@ infile="upper.example.db.in"
 zonefile="upper.example.db"
 lower="upper.example.db.lower"
 signedfile="upper.example.db.signed"
-kskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 $zone`
+kskname=`$KEYGEN -q -a RSASHA1 $zone`
-zskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -f KSK $zone`
+zskname=`$KEYGEN -q -a RSASHA1 -f KSK $zone`
 cp $infile $zonefile
-$SIGNER -P -S -r $RANDFILE -o $zone -f $lower $zonefile > /dev/null 2>/dev/null
+$SIGNER -P -S -o $zone -f $lower $zonefile > /dev/null 2>/dev/null
 $CHECKZONE -D upper.example $lower 2>/dev/null | \
 	sed '/RRSIG/s/ upper.example. / UPPER.EXAMPLE. /' > $signedfile
 
@@ -437,10 +437,10 @@ zone="LOWER.EXAMPLE."
 infile="lower.example.db.in"
 zonefile="lower.example.db"
 signedfile="lower.example.db.signed"
-kskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 $zone`
+kskname=`$KEYGEN -q -a RSASHA1 $zone`
-zskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -f KSK $zone`
+zskname=`$KEYGEN -q -a RSASHA1 -f KSK $zone`
 cp $infile $zonefile
-$SIGNER -P -S -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -S -o $zone $zonefile > /dev/null 2>&1
 
 #
 # Zone with signatures about to expire, and dynamic, but configured
@@ -450,10 +450,10 @@ zone="nosign.example."
 infile="nosign.example.db.in"
 zonefile="nosign.example.db"
 signedfile="nosign.example.db.signed"
-kskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 $zone`
+kskname=`$KEYGEN -q -a RSASHA1 $zone`
-zskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -f KSK $zone`
+zskname=`$KEYGEN -q -a RSASHA1 -f KSK $zone`
 cp $infile $zonefile
-$SIGNER -S -r $RANDFILE -e now+1mi -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -S -e now+1mi -o $zone $zonefile > /dev/null 2>&1
 # preserve a normalized copy of the NS RRSIG for comparison later
 $CHECKZONE -D nosign.example nosign.example.db.signed 2>/dev/null | \
         awk '$4 == "RRSIG" && $5 == "NS" {$2 = ""; print}' | \
@@ -463,8 +463,8 @@ $CHECKZONE -D nosign.example nosign.example.db.signed 2>/dev/null | \
 # An inline signing zone
 #
 zone=inline.example.
-kskname=`$KEYGEN -q -3 -r $RANDFILE -a RSASHA1 -fk $zone`
+kskname=`$KEYGEN -q -3 -a RSASHA1 -fk $zone`
-zskname=`$KEYGEN -q -3 -r $RANDFILE -a RSASHA1 $zone`
+zskname=`$KEYGEN -q -3 -a RSASHA1 $zone`
 
 #
 # publish a new key while deactivating another key at the same time.
@@ -473,12 +473,12 @@ zone=publish-inactive.example
 infile=publish-inactive.example.db.in
 zonefile=publish-inactive.example.db
 now=`date -u +%Y%m%d%H%M%S`
-kskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -f KSK $zone`
+kskname=`$KEYGEN -q -a RSASHA1 -f KSK $zone`
-kskname=`$KEYGEN -P $now+90s -A $now+3600s -q -r $RANDFILE -a RSASHA1 -f KSK $zone`
+kskname=`$KEYGEN -P $now+90s -A $now+3600s -q -a RSASHA1 -f KSK $zone`
-kskname=`$KEYGEN -I $now+90s -q -r $RANDFILE -a RSASHA1 -f KSK $zone`
+kskname=`$KEYGEN -I $now+90s -q -a RSASHA1 -f KSK $zone`
-zskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 $zone`
+zskname=`$KEYGEN -q -a RSASHA1 $zone`
 cp $infile $zonefile
-$SIGNER -S -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -S -o $zone $zonefile > /dev/null 2>&1
 
 #
 # A zone which will change its sig-validity-interval
@@ -486,8 +486,8 @@ $SIGNER -S -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
 zone=siginterval.example
 infile=siginterval.example.db.in
 zonefile=siginterval.example.db
-kskname=`$KEYGEN -q -3 -r $RANDFILE -a RSASHA1 -fk $zone`
+kskname=`$KEYGEN -q -3 -a RSASHA1 -fk $zone`
-zskname=`$KEYGEN -q -3 -r $RANDFILE -a RSASHA1 $zone`
+zskname=`$KEYGEN -q -3 -a RSASHA1 $zone`
 cp $infile $zonefile
 
 #
@@ -498,11 +498,11 @@ zone=badds.example.
 infile=bogus.example.db.in
 zonefile=badds.example.db
 
-keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone`
+keyname=`$KEYGEN -q -a RSAMD5 -b 1024 -n zone $zone`
 
 cat $infile $keyname.key >$zonefile
 
-$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
 sed -e 's/bogus/badds/g' < dsset-bogus.example$TP > dsset-badds.example$TP
 
 #
@@ -511,10 +511,10 @@ sed -e 's/bogus/badds/g' < dsset-bogus.example$TP > dsset-badds.example$TP
 zone=future.example
 infile=future.example.db.in
 zonefile=future.example.db
-kskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -f KSK $zone`
+kskname=`$KEYGEN -q -a RSASHA1 -f KSK $zone`
-zskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 $zone`
+zskname=`$KEYGEN -q -a RSASHA1 $zone`
 cat $infile $kskname.key $zskname.key >$zonefile
-$SIGNER -P -s +3600 -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -s +3600 -o $zone $zonefile > /dev/null 2>&1
 cp -f $kskname.key trusted-future.key
 
 #
@@ -523,10 +523,10 @@ cp -f $kskname.key trusted-future.key
 zone=managed-future.example
 infile=managed-future.example.db.in
 zonefile=managed-future.example.db
-kskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -f KSK $zone`
+kskname=`$KEYGEN -q -a RSASHA1 -f KSK $zone`
-zskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 $zone`
+zskname=`$KEYGEN -q -a RSASHA1 $zone`
 cat $infile $kskname.key $zskname.key >$zonefile
-$SIGNER -P -s +3600 -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -s +3600 -o $zone $zonefile > /dev/null 2>&1
 
 #
 # A zone with a revoked key
@@ -535,11 +535,11 @@ zone=revkey.example.
 infile=generic.example.db.in
 zonefile=revkey.example.db
 
-ksk1=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -3fk $zone`
+ksk1=`$KEYGEN -q -a RSASHA1 -3fk $zone`
 ksk1=`$REVOKE $ksk1`
-ksk2=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -3fk $zone`
+ksk2=`$KEYGEN -q -a RSASHA1 -3fk $zone`
-zsk1=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -3 $zone`
+zsk1=`$KEYGEN -q -a RSASHA1 -3 $zone`
 
 cat $infile ${ksk1}.key ${ksk2}.key ${zsk1}.key >$zonefile
 
-$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -o $zone $zonefile > /dev/null 2>&1

bin/tests/system/dnssec/ns5/sign.sh

@@ -16,7 +16,7 @@ zone=.
 infile=../ns1/root.db.in
 zonefile=root.db.signed
 
-keyname=`$KEYGEN -r $RANDFILE -a RSASHA1 -qfk $zone`
+keyname=`$KEYGEN -a RSASHA1 -qfk $zone`
 
 # copy the KSK out first, then revoke it
 cat $keyname.key | grep -v '^; ' | $PERL -n -e '
@@ -32,6 +32,6 @@ EOF
 $SETTIME -R now ${keyname}.key > /dev/null
 
 # create a current set of keys, and sign the root zone
-$KEYGEN -r $RANDFILE -a RSASHA1 -q $zone > /dev/null
+$KEYGEN -a RSASHA1 -q $zone > /dev/null
-$KEYGEN -r $RANDFILE -a RSASHA1 -qfk $zone > /dev/null
+$KEYGEN -a RSASHA1 -qfk $zone > /dev/null
-$SIGNER -S -r $RANDFILE -o $zone -f $zonefile $infile > /dev/null 2>&1
+$SIGNER -S -o $zone -f $zonefile $infile > /dev/null 2>&1

bin/tests/system/dnssec/ns6/sign.sh

@@ -16,8 +16,8 @@ zone=optout-tld
 infile=optout-tld.db.in
 zonefile=optout-tld.db
 
-keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
+keyname=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone $zone`
 
 cat $infile $keyname.key >$zonefile
 
-$SIGNER -P -3 - -A -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -3 - -A -o $zone $zonefile > /dev/null 2>&1

bin/tests/system/dnssec/ns7/sign.sh

@@ -16,12 +16,12 @@ zone=split-rrsig
 infile=split-rrsig.db.in
 zonefile=split-rrsig.db
 
-k1=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
+k1=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone $zone`
-k2=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
+k2=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone $zone`
 
 cat $infile $k1.key $k2.key >$zonefile
 
-$SIGNER -P -3 - -A -r $RANDFILE -o $zone -O full -f $zonefile.unsplit -e now-3600 -s now-7200 $zonefile > /dev/null 2>&1
+$SIGNER -P -3 - -A -o $zone -O full -f $zonefile.unsplit -e now-3600 -s now-7200 $zonefile > /dev/null 2>&1
 awk 'BEGIN { r = ""; }
      $4 == "RRSIG" && $5 == "SOA" && r == "" { r = $0; next; }
      { print }

bin/tests/system/dnssec/setup.sh

@@ -14,8 +14,6 @@ SYSTEMTESTTOP=..
 
 $SHELL clean.sh 
 
-test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
-
 copy_setports ns1/named.conf.in ns1/named.conf
 copy_setports ns2/named.conf.in ns2/named.conf
 copy_setports ns3/named.conf.in ns3/named.conf

bin/tests/system/dnssec/tests.sh

@@ -1381,8 +1381,8 @@ status=`expr $status + $ret`
 echo_i "checking that we can sign a zone with out-of-zone records ($n)"
 ret=0
 zone=example
-key1=`$KEYGEN -K signer -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
+key1=`$KEYGEN -K signer -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
-key2=`$KEYGEN -K signer -q -r $RANDFILE -f KSK -a NSEC3RSASHA1 -b 1024 -n zone $zone`
+key2=`$KEYGEN -K signer -q -f KSK -a NSEC3RSASHA1 -b 1024 -n zone $zone`
 (
 cd signer
 cat example.db.in $key1.key $key2.key > example.db
@@ -1395,8 +1395,8 @@ status=`expr $status + $ret`
 echo_i "checking that we can sign a zone (NSEC3) with out-of-zone records ($n)"
 ret=0
 zone=example
-key1=`$KEYGEN -K signer -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
+key1=`$KEYGEN -K signer -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
-key2=`$KEYGEN -K signer -q -r $RANDFILE -f KSK -a NSEC3RSASHA1 -b 1024 -n zone $zone`
+key2=`$KEYGEN -K signer -q -f KSK -a NSEC3RSASHA1 -b 1024 -n zone $zone`
 (
 cd signer
 cat example.db.in $key1.key $key2.key > example.db
@@ -1420,8 +1420,8 @@ status=`expr $status + $ret`
 echo_i "checking NSEC3 signing with empty nonterminals above a delegation ($n)"
 ret=0
 zone=example
-key1=`$KEYGEN -K signer -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
+key1=`$KEYGEN -K signer -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
-key2=`$KEYGEN -K signer -q -r $RANDFILE -f KSK -a NSEC3RSASHA1 -b 1024 -n zone $zone`
+key2=`$KEYGEN -K signer -q -f KSK -a NSEC3RSASHA1 -b 1024 -n zone $zone`
 (
 cd signer
 cat example.db.in $key1.key $key2.key > example3.db
@@ -1446,8 +1446,8 @@ status=`expr $status + $ret`
 echo_i "checking that dnsssec-signzone updates originalttl on ttl changes ($n)"
 ret=0
 zone=example
-key1=`$KEYGEN -K signer -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
+key1=`$KEYGEN -K signer -q -a RSASHA1 -b 1024 -n zone $zone`
-key2=`$KEYGEN -K signer -q -r $RANDFILE -f KSK -a RSASHA1 -b 1024 -n zone $zone`
+key2=`$KEYGEN -K signer -q -f KSK -a RSASHA1 -b 1024 -n zone $zone`
 (
 cd signer
 cat example.db.in $key1.key $key2.key > example.db
@@ -1463,10 +1463,10 @@ status=`expr $status + $ret`
 echo_i "checking dnssec-signzone keeps valid signatures from removed keys ($n)"
 ret=0
 zone=example
-key1=`$KEYGEN -K signer -q -r $RANDFILE -f KSK -a RSASHA1 -b 1024 -n zone $zone`
+key1=`$KEYGEN -K signer -q -f KSK -a RSASHA1 -b 1024 -n zone $zone`
-key2=`$KEYGEN -K signer -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
+key2=`$KEYGEN -K signer -q -a RSASHA1 -b 1024 -n zone $zone`
 keyid2=`echo $key2 | sed 's/^Kexample.+005+0*\([0-9]\)/\1/'`
-key3=`$KEYGEN -K signer -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
+key3=`$KEYGEN -K signer -q -a RSASHA1 -b 1024 -n zone $zone`
 keyid3=`echo $key3 | sed 's/^Kexample.+005+0*\([0-9]\)/\1/'`
 (
 cd signer
@@ -2320,7 +2320,7 @@ echo_i "checking that the NSEC3 record for the apex is properly signed when a DN
 ret=0
 (
 cd ns3
-kskname=`$KEYGEN -q -3 -a RSASHA1 -r $RANDFILE -fk update-nsec3.example`
+kskname=`$KEYGEN -q -3 -a RSASHA1 -fk update-nsec3.example`
 (
 echo zone update-nsec3.example
 echo server 10.53.0.3 ${PORT}
@@ -2661,7 +2661,7 @@ status=`expr $status + $ret`
 # includes it anyway to avoid confusion (RT #21731)
 echo_i "check dnssec-dsfromkey error message when keyfile is not found ($n)"
 ret=0
-key=`$KEYGEN -a RSASHA1 -q -r $RANDFILE example.` || ret=1
+key=`$KEYGEN -a RSASHA1 -q example.` || ret=1
 mv $key.key $key
 $DSFROMKEY $key > dsfromkey.out.$n 2>&1 && ret=1
 grep "$key.key: file not found" dsfromkey.out.$n > /dev/null || ret=1
@@ -2748,7 +2748,7 @@ cd ns3
 for file in K*.moved; do
   mv $file `basename $file .moved`
 done
-$SIGNER -S -r $RANDFILE -N increment -e now+1mi -o expiring.example expiring.example.db > /dev/null 2>&1
+$SIGNER -S -N increment -e now+1mi -o expiring.example expiring.example.db > /dev/null 2>&1
 ) || ret=1
 $RNDCCMD 10.53.0.3 reload expiring.example 2>&1 | sed 's/^/ns3 /' | cat_i
 
@@ -3115,7 +3115,7 @@ do
 	   alg=`expr $alg + 1`
 	   continue;;
 	esac
-	key1=`$KEYGEN -a $alg $size -n zone -r $RANDFILE example 2> keygen.err`
+	key1=`$KEYGEN -a $alg $size -n zone example 2> keygen.err`
 	if grep "unsupported algorithm" keygen.err > /dev/null
 	then
 		alg=`expr $alg + 1`
@@ -3130,7 +3130,7 @@ do
 		continue
 	fi
 	$SETTIME -I now+4d $key1.private > /dev/null
-	key2=`$KEYGEN -v 10 -r $RANDFILE -i 3d -S $key1.private 2> /dev/null`
+	key2=`$KEYGEN -v 10 -i 3d -S $key1.private 2> /dev/null`
 	test -f $key2.key -a -f $key2.private || {
 		ret=1
 		echo_i "'dnssec-keygen -S' failed for algorithm: $alg"
@@ -3447,8 +3447,8 @@ ret=0
 # generate signed zone with MX and AAAA records at apex.
 (
 cd signer
-$KEYGEN -q -r $RANDFILE -a RSASHA1 -3 -fK remove > /dev/null
+$KEYGEN -q -a RSASHA1 -3 -fK remove > /dev/null
-$KEYGEN -q -r $RANDFILE -a RSASHA1 -33 remove > /dev/null
+$KEYGEN -q -a RSASHA1 -33 remove > /dev/null
 echo > remove.db.signed
 $SIGNER -S -o remove -D -f remove.db.signed remove.db.in > signer.out.1.$n 2>&1
 )

bin/tests/system/dsdigest/ns1/sign.sh

@@ -21,12 +21,12 @@ zonefile=root.db
 cp ../ns2/dsset-good$TP .
 cp ../ns2/dsset-bad$TP .
 
-key1=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
+key1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
-key2=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 2048 -n zone -f KSK $zone`
+key2=`$KEYGEN -q -a RSASHA1 -b 2048 -n zone -f KSK $zone`
 
 cat $infile $key1.key $key2.key > $zonefile
 
-$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null
+$SIGNER -P -g -o $zone $zonefile > /dev/null
 
 # Configure the resolving server with a trusted key.
 

bin/tests/system/dsdigest/ns2/sign.sh

@@ -19,16 +19,16 @@ zone2=bad.
 infile2=bad.db.in
 zonefile2=bad.db
 
-keyname11=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone1`
+keyname11=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone $zone1`
-keyname12=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 2048 -n zone -f KSK $zone1`
+keyname12=`$KEYGEN -q -a RSASHA256 -b 2048 -n zone -f KSK $zone1`
-keyname21=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone2`
+keyname21=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone $zone2`
-keyname22=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 2048 -n zone -f KSK $zone2`
+keyname22=`$KEYGEN -q -a RSASHA256 -b 2048 -n zone -f KSK $zone2`
 
 cat $infile1 $keyname11.key $keyname12.key >$zonefile1
 cat $infile2 $keyname21.key $keyname22.key >$zonefile2
 
-$SIGNER -P -g -r $RANDFILE -o $zone1 $zonefile1 > /dev/null
+$SIGNER -P -g -o $zone1 $zonefile1 > /dev/null
-$SIGNER -P -g -r $RANDFILE -o $zone2 $zonefile2 > /dev/null
+$SIGNER -P -g -o $zone2 $zonefile2 > /dev/null
 
 DSFILENAME1=dsset-`echo $zone1 |sed -e "s/\.$//g"`$TP
 DSFILENAME2=dsset-`echo $zone2 |sed -e "s/\.$//g"`$TP

bin/tests/system/dsdigest/setup.sh

@@ -12,8 +12,6 @@
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
 
-test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
-
 copy_setports ns1/named.conf.in ns1/named.conf
 copy_setports ns2/named.conf.in ns2/named.conf
 copy_setports ns3/named.conf.in ns3/named.conf

bin/tests/system/ecdsa/ns1/sign.sh

@@ -16,13 +16,13 @@ zone=.
 infile=root.db.in
 zonefile=root.db
 
-key1=`$KEYGEN -q -r $RANDFILE -a ECDSAP256SHA256 -n zone $zone`
+key1=`$KEYGEN -q -a ECDSAP256SHA256 -n zone $zone`
-key2=`$KEYGEN -q -r $RANDFILE -a ECDSAP384SHA384 -n zone -f KSK $zone`
+key2=`$KEYGEN -q -a ECDSAP384SHA384 -n zone -f KSK $zone`
 $DSFROMKEY -a sha-384 $key2.key > dsset-384
 
 cat $infile $key1.key $key2.key > $zonefile
 
-$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -P -g -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err
 
 # Configure the resolving server with a trusted key.
 

bin/tests/system/ecdsa/setup.sh

@@ -12,6 +12,4 @@
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
 
-test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
-
 cd ns1 && $SHELL sign.sh

bin/tests/system/eddsa/ns1/sign.sh

@@ -16,14 +16,14 @@ zone=.
 infile=root.db.in
 zonefile=root.db
 
-key1=`$KEYGEN -q -r $RANDFILE -a ED25519 -n zone $zone`
+key1=`$KEYGEN -q -a ED25519 -n zone $zone`
-key2=`$KEYGEN -q -r $RANDFILE -a ED25519 -n zone -f KSK $zone`
+key2=`$KEYGEN -q -a ED25519 -n zone -f KSK $zone`
-#key2=`$KEYGEN -q -r $RANDFILE -a ED448 -n zone -f KSK $zone`
+#key2=`$KEYGEN -q -a ED448 -n zone -f KSK $zone`
 $DSFROMKEY -a sha-256 $key2.key > dsset-256
 
 cat $infile $key1.key $key2.key > $zonefile
 
-$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -P -g -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err
 
 # Configure the resolving server with a trusted key.
 

bin/tests/system/eddsa/ns2/sign.sh

@@ -23,4 +23,4 @@ do
 	cp $i `echo $i | sed s/X/K/`
 done
 
-$SIGNER -P -z -s $starttime -e $endtime -r $RANDFILE -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -P -z -s $starttime -e $endtime -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err

bin/tests/system/eddsa/setup.sh

@@ -12,6 +12,4 @@
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
 
-test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
-
 cd ns1 && $SHELL sign.sh

bin/tests/system/filter-aaaa/ns1/sign.sh

@@ -21,10 +21,10 @@ infile=signed.db.in
 zonefile=signed.db.signed
 outfile=signed.db.signed
 
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
 
 cat $infile $keyname1.key $keyname2.key >$zonefile
 
-$SIGNER -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"

bin/tests/system/filter-aaaa/ns4/sign.sh

@@ -21,10 +21,10 @@ infile=signed.db.in
 zonefile=signed.db.signed
 outfile=signed.db.signed
 
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
 
 cat $infile $keyname1.key $keyname2.key >$zonefile
 
-$SIGNER -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
 echo_i "signed $zone"

bin/tests/system/filter-aaaa/setup.sh

@@ -14,8 +14,6 @@ SYSTEMTESTTOP=..
 
 $SHELL clean.sh
 
-test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
-
 copy_setports ns1/named1.conf.in ns1/named.conf
 copy_setports ns2/named1.conf.in ns2/named.conf
 copy_setports ns3/named1.conf.in ns3/named.conf

bin/tests/system/gost/ns1/sign.sh

@@ -16,13 +16,13 @@ zone=.
 infile=root.db.in
 zonefile=root.db
 
-key1=`$KEYGEN -q -r $RANDFILE -a ECCGOST -n zone $zone`
+key1=`$KEYGEN -q -a ECCGOST -n zone $zone`
-key2=`$KEYGEN -q -r $RANDFILE -a ECCGOST -n zone -f KSK $zone`
+key2=`$KEYGEN -q -a ECCGOST -n zone -f KSK $zone`
 $DSFROMKEY -a gost $key2.key > dsset-gost
 
 cat $infile $key1.key $key2.key > $zonefile
 
-$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -P -g -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err
 
 # Configure the resolving server with a trusted key.
 

bin/tests/system/gost/setup.sh

@@ -12,6 +12,4 @@
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
 
-test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
-
 cd ns1 && $SHELL sign.sh

bin/tests/system/inline/ns1/sign.sh

@@ -15,8 +15,8 @@ SYSTEMTESTTOP=../..
 zone=.
 rm -f K.+*+*.key
 rm -f K.+*+*.private
-keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
+keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
-keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
+keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone`
 $SIGNER -S -x -T 1200 -o ${zone} root.db > signer.out 2>&1
 [ $? = 0 ] || cat signer.out
 

bin/tests/system/inline/ns3/sign.sh

@@ -15,36 +15,36 @@ SYSTEMTESTTOP=../..
 zone=bits
 rm -f K${zone}.+*+*.key
 rm -f K${zone}.+*+*.private
-keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
+keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
-keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
+keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone`
 $DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
 
 zone=noixfr
 rm -f K${zone}.+*+*.key
 rm -f K${zone}.+*+*.private
-keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
+keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
-keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
+keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone`
 $DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
 
 zone=master
 rm -f K${zone}.+*+*.key
 rm -f K${zone}.+*+*.private
-keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
+keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
-keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
+keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone`
 $DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
 
 zone=dynamic
 rm -f K${zone}.+*+*.key
 rm -f K${zone}.+*+*.private
-keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
+keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
-keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
+keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone`
 $DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
 
 zone=updated
 rm -f K${zone}.+*+*.key
 rm -f K${zone}.+*+*.private
-keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
+keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
-keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
+keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone`
 $DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
 $SIGNER -S -O raw -L 2000042407 -o ${zone} ${zone}.db > /dev/null 2>&1
 cp master2.db.in updated.db
@@ -53,72 +53,72 @@ cp master2.db.in updated.db
 zone=expired
 rm -f K${zone}.+*+*.key
 rm -f K${zone}.+*+*.private
-keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
+keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
-keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
+keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone`
 $DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
 $SIGNER -PS -s 20100101000000 -e 20110101000000 -O raw -L 2000042407 -o ${zone} ${zone}.db > /dev/null 2>&1
 
 zone=retransfer
 rm -f K${zone}.+*+*.key
 rm -f K${zone}.+*+*.private
-keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
+keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
-keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
+keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone`
 $DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
 
 zone=nsec3
 rm -f K${zone}.+*+*.key
 rm -f K${zone}.+*+*.private
-keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone -f KSK $zone`
+keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone -f KSK $zone`
 $DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
 
 zone=retransfer3
 rm -f K${zone}.+*+*.key
 rm -f K${zone}.+*+*.private
-keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
+keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
-keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone -f KSK $zone`
+keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone -f KSK $zone`
 $DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
 
 zone=inactiveksk
 rm -f K${zone}.+*+*.key
 rm -f K${zone}.+*+*.private
-keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
+keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
-keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone -P now -A now+3600 -f KSK $zone`
+keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone -P now -A now+3600 -f KSK $zone`
-keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
+keyname=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone $zone`
-keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone -f KSK $zone`
+keyname=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone -f KSK $zone`
 $DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
 
 zone=inactivezsk
 rm -f K${zone}.+*+*.key
 rm -f K${zone}.+*+*.private
-keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone -P now -A now+3600 $zone`
+keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone -P now -A now+3600 $zone`
-keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone -f KSK $zone`
+keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone -f KSK $zone`
-keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
+keyname=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone $zone`
-keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone -f KSK $zone`
+keyname=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone -f KSK $zone`
 $DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
 
 zone=removedkeys-primary
 rm -f K${zone}.+*+*.key
 rm -f K${zone}.+*+*.private
-keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
+keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
-keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
+keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone`
 
 zone=removedkeys-secondary
 rm -f K${zone}.+*+*.key
 rm -f K${zone}.+*+*.private
-keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
+keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
-keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
+keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone`
 
 for s in a c d h k l m q z
 do
 	zone=test-$s
-	keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
+	keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
 done
 
 for s in b f i o p t v
 do
 	zone=test-$s
-	keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
+	keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
-	keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
+	keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone`
 done
 
 zone=externalkey
@@ -134,14 +134,14 @@ do
             touch $checkfile ;;
         ECCGOST) 
             fail=0
-            $KEYGEN -q -r $RANDFILE -a eccgost test > /dev/null 2>&1 || fail=1
+            $KEYGEN -q -a eccgost test > /dev/null 2>&1 || fail=1
             rm -f Ktest*
             [ $fail != 0 ] && continue
             checkfile=../checkgost
             touch $checkfile ;;
         ECDSAP256SHA256)
             fail=0
-            $KEYGEN -q -r $RANDFILE -a ecdsap256sha256 test > /dev/null 2>&1 || fail=1
+            $KEYGEN -q -a ecdsap256sha256 test > /dev/null 2>&1 || fail=1
             rm -f Ktest*
             [ $fail != 0 ] && continue
             $SHELL ../checkdsa.sh 2> /dev/null || continue
@@ -150,10 +150,10 @@ do
         *) ;;
     esac
 
-    k1=`$KEYGEN -q -r $RANDFILE -a $alg -b 1024 -n zone -f KSK $zone`
+    k1=`$KEYGEN -q -a $alg -b 1024 -n zone -f KSK $zone`
-    k2=`$KEYGEN -q -r $RANDFILE -a $alg -b 1024 -n zone $zone`
+    k2=`$KEYGEN -q -a $alg -b 1024 -n zone $zone`
-    k3=`$KEYGEN -q -r $RANDFILE -a $alg -b 1024 -n zone $zone`
+    k3=`$KEYGEN -q -a $alg -b 1024 -n zone $zone`
-    k4=`$KEYGEN -q -r $RANDFILE -a $alg -b 1024 -n zone -f KSK $zone`
+    k4=`$KEYGEN -q -a $alg -b 1024 -n zone -f KSK $zone`
     $DSFROMKEY -T 1200 $k4 >> ../ns1/root.db
 
     # Convert k1 and k2 in to External Keys.

bin/tests/system/inline/ns7/sign.sh

@@ -18,6 +18,6 @@ SYSTEMTESTTOP=../..
 zone=nsec3-loop
 rm -f K${zone}.+*+*.key
 rm -f K${zone}.+*+*.private
-keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
+keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
-keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
+keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
-keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone -f KSK $zone`
+keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone -f KSK $zone`

bin/tests/system/inline/setup.sh

@@ -12,8 +12,6 @@ SYSTEMTESTTOP=..
 
 $SHELL clean.sh
 
-test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
-
 cp ns1/root.db.in ns1/root.db
 rm -f ns1/root.db.signed
 

bin/tests/system/inline/tests.sh

@@ -619,8 +619,8 @@ grep "ANSWER: 1," dig.out.ns5.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "setup broken"; fi
 status=`expr $status + $ret`
 copy_setports ns5/named.conf.post ns5/named.conf
-(cd ns5; $KEYGEN -q -a rsasha256 -r $RANDFILE bits) > /dev/null 2>&1
+(cd ns5; $KEYGEN -q -a rsasha256 bits) > /dev/null 2>&1
-(cd ns5; $KEYGEN -q -a rsasha256 -r $RANDFILE -f KSK bits) > /dev/null 2>&1
+(cd ns5; $KEYGEN -q -a rsasha256 -f KSK bits) > /dev/null 2>&1
 $RNDCCMD 10.53.0.5 reload 2>&1 | sed 's/^/ns5 /' | cat_i
 for i in 1 2 3 4 5 6 7 8 9 10
 do
@@ -922,7 +922,7 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "testing imported key won't overwrite a private key ($n)"
 ret=0
-key=`$KEYGEN -r $RANDFILE -q -a rsasha256 import.example`
+key=`$KEYGEN -q -a rsasha256 import.example`
 cp ${key}.key import.key
 # import should fail
 $IMPORTKEY -f import.key import.example > /dev/null 2>&1 && ret=1

bin/tests/system/keepalive/setup.sh

@@ -17,5 +17,3 @@ $SHELL clean.sh
 copy_setports ns1/named.conf.in ns1/named.conf
 copy_setports ns2/named.conf.in ns2/named.conf
 copy_setports ns3/named.conf.in ns3/named.conf
-
-test -r $RANDFILE || $GENRANDOM 800 $RANDFILE

bin/tests/system/keymgr/setup.sh

@@ -12,7 +12,7 @@
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
 
-KEYGEN="$KEYGEN -qr $RANDFILE"
+KEYGEN="$KEYGEN -q"
 
 $SHELL clean.sh
 

bin/tests/system/keymgr/tests.sh

@@ -38,10 +38,10 @@ for dir in [0-9][0-9]-*; do
         [ -e "$dir/policy.conf" ] && policy="-c $dir/policy.conf"
         # run keymgr to update keys
 	if [ "$CYGWIN" ]; then
-            $KEYMGR $policy -K $dir -g `cygpath -w $KEYGEN` -r $RANDFILE \
+            $KEYMGR $policy -K $dir -g `cygpath -w $KEYGEN` \
 		-s `cygpath -w $SETTIME` $kargs > keymgr.$n 2>&1
 	else
-	    $KEYMGR $policy -K $dir -g $KEYGEN -r $RANDFILE \
+	    $KEYMGR $policy -K $dir -g $KEYGEN \
 		-s $SETTIME $kargs > keymgr.$n 2>&1
 	fi
         # check that return code matches expectations

bin/tests/system/legacy/build.sh

@@ -12,8 +12,6 @@
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
 
-test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
-
 $SHELL clean.sh
 
 (cd ns6 && $SHELL -e sign.sh)

bin/tests/system/legacy/ns6/sign.sh

@@ -21,9 +21,9 @@ infile=edns512.db.in
 zonefile=edns512.db
 outfile=edns512.db.signed
 
-keyname1=`$KEYGEN -r $RANDFILE -a RSASHA512 -b 4096 -n zone $zone 2> /dev/null` 
+keyname1=`$KEYGEN -a RSASHA512 -b 4096 -n zone $zone 2> /dev/null` 
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a RSASHA512 -b 4096 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a RSASHA512 -b 4096 -n zone $zone 2> /dev/null`
 
 cat $infile $keyname1.key $keyname2.key >$zonefile
 
-$SIGNER -r $RANDFILE -g -o $zone -f $outfile -e +30y $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -g -o $zone -f $outfile -e +30y $zonefile > /dev/null 2> signer.err || cat signer.err

bin/tests/system/legacy/ns7/sign.sh

@@ -21,12 +21,12 @@ infile=edns512-notcp.db.in
 zonefile=edns512-notcp.db
 outfile=edns512-notcp.db.signed
 
-keyname1=`$KEYGEN -r $RANDFILE -a RSASHA512 -b 4096 -n zone $zone 2> /dev/null` 
+keyname1=`$KEYGEN -a RSASHA512 -b 4096 -n zone $zone 2> /dev/null` 
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a RSASHA512 -b 4096 -n zone $zone 2> /dev/null`
+keyname2=`$KEYGEN -f KSK -a RSASHA512 -b 4096 -n zone $zone 2> /dev/null`
 
 cat $infile $keyname1.key $keyname2.key >$zonefile
 
-$SIGNER -r $RANDFILE -g -o $zone -f $outfile -e +30y $zonefile > /dev/null 2> signer.err || cat signer.err
+$SIGNER -g -o $zone -f $outfile -e +30y $zonefile > /dev/null 2> signer.err || cat signer.err
 
 grep -v '^;' $keyname2.key | $PERL -n -e '
 local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;

bin/tests/system/masterformat/ns1/compile.sh

@@ -26,7 +26,7 @@ SYSTEMTESTTOP=../..
 ../named-compilezone -D -F map -o example.db.map example-map \
         example.db > /dev/null 2>&1
 
-$KEYGEN -q -a rsasha256 -r $RANDFILE signed > /dev/null 2>&1
+$KEYGEN -q -a rsasha256 signed > /dev/null 2>&1
-$KEYGEN -q -a rsasha256 -r $RANDFILE -fk signed > /dev/null 2>&1
+$KEYGEN -q -a rsasha256 -fk signed > /dev/null 2>&1
 $SIGNER -S -f signed.db.signed -o signed signed.db > /dev/null 2>&1
 ../named-compilezone -D -F map -o signed.db.map signed signed.db.signed > /dev/null 2>&1

bin/tests/system/masterformat/setup.sh

@@ -10,8 +10,6 @@
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
 
-test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
-
 copy_setports ns1/named.conf.in ns1/named.conf
 copy_setports ns2/named.conf.in ns2/named.conf
 copy_setports ns3/named.conf.in ns3/named.conf

bin/tests/system/metadata/setup.sh

@@ -14,50 +14,48 @@ SYSTEMTESTTOP=..
 
 $SHELL ./clean.sh
 
-test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
-
 pzone=parent.nil
 czone=child.parent.nil
 
 echo_i "generating keys"
 
 # active zsk
-zsk=`$KEYGEN -q -a rsasha1 -r $RANDFILE $czone`
+zsk=`$KEYGEN -q -a rsasha1 $czone`
 echo $zsk > zsk.key
 
 # not yet published or active
-pending=`$KEYGEN -q -a rsasha1 -r $RANDFILE -P none -A none $czone`
+pending=`$KEYGEN -q -a rsasha1 -P none -A none $czone`
 echo $pending > pending.key
 
 # published but not active
-standby=`$KEYGEN -q -a rsasha1 -r $RANDFILE -A none $czone`
+standby=`$KEYGEN -q -a rsasha1 -A none $czone`
 echo $standby > standby.key
 
 # inactive
-inact=`$KEYGEN -q -a rsasha1 -r $RANDFILE -P now-24h -A now-24h -I now $czone`
+inact=`$KEYGEN -q -a rsasha1 -P now-24h -A now-24h -I now $czone`
 echo $inact > inact.key
 
 # active ksk
-ksk=`$KEYGEN -q -a rsasha1 -r $RANDFILE -fk $czone`
+ksk=`$KEYGEN -q -a rsasha1 -fk $czone`
 echo $ksk > ksk.key
 
 # published but not YET active; will be active in 15 seconds
-rolling=`$KEYGEN -q -a rsasha1 -r $RANDFILE -fk $czone`
+rolling=`$KEYGEN -q -a rsasha1 -fk $czone`
 $SETTIME -A now+15s $rolling > /dev/null
 echo $rolling > rolling.key
 
 # revoked
-revoke1=`$KEYGEN -q -a rsasha1 -r $RANDFILE -fk $czone`
+revoke1=`$KEYGEN -q -a rsasha1 -fk $czone`
 echo $revoke1 > prerev.key
 revoke2=`$REVOKE $revoke1`
 echo $revoke2 | sed -e 's#\./##' -e "s/\.key.*$//" > postrev.key
 
-pzsk=`$KEYGEN -q -a rsasha1 -r $RANDFILE $pzone`
+pzsk=`$KEYGEN -q -a rsasha1 $pzone`
 echo $pzsk > parent.zsk.key
 
-pksk=`$KEYGEN -q -a rsasha1 -r $RANDFILE -fk $pzone`
+pksk=`$KEYGEN -q -a rsasha1 -fk $pzone`
 echo $pksk > parent.ksk.key
 
-oldstyle=`$KEYGEN -Cq -a rsasha1 -r $RANDFILE $pzone`
+oldstyle=`$KEYGEN -Cq -a rsasha1 $pzone`
 echo $oldstyle > oldstyle.key
 

bin/tests/system/metadata/tests.sh

@@ -29,8 +29,6 @@ rolling=`sed 's/^K'${czone}'.+005+0*\([0-9]\)/\1/' < rolling.key`
 standby=`sed 's/^K'${czone}'.+005+0*\([0-9]\)/\1/' < standby.key`
 zsk=`sed 's/^K'${czone}'.+005+0*\([0-9]\)/\1/' < zsk.key`
 
-$GENRANDOM 800 $RANDFILE
-
 echo_i "signing zones"
 $SIGNER -Sg -o $czone $cfile > /dev/null 2>&1
 $SIGNER -Sg -o $pzone $pfile > /dev/null 2>&1
@@ -175,7 +173,7 @@ status=`expr $status + $ret`
 echo_i "checking warning about delete date < inactive date with dnssec-keygen ($n)"
 ret=0
 # keygen should print a warning about delete < inactive
-$KEYGEN -q -a rsasha1 -r $RANDFILE -I now+15s -D now $czone > tmp.out 2>&1 || ret=1
+$KEYGEN -q -a rsasha1 -I now+15s -D now $czone > tmp.out 2>&1 || ret=1
 grep "warning" tmp.out > /dev/null 2>&1 || ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -183,15 +181,15 @@ status=`expr $status + $ret`
 
 echo_i "checking correct behavior setting activation without publication date ($n)"
 ret=0
-key=`$KEYGEN -q -a rsasha1 -r $RANDFILE -A +1w $czone`
+key=`$KEYGEN -q -a rsasha1 -A +1w $czone`
 pub=`$SETTIME -upP $key | awk '{print $2}'`
 act=`$SETTIME -upA $key | awk '{print $2}'`
 [ $pub -eq $act ] || ret=1
-key=`$KEYGEN -q -a rsasha1 -r $RANDFILE -A +1w -i 1d $czone`
+key=`$KEYGEN -q -a rsasha1 -A +1w -i 1d $czone`
 pub=`$SETTIME -upP $key | awk '{print $2}'`
 act=`$SETTIME -upA $key | awk '{print $2}'`
 [ $pub -lt $act ] || ret=1
-key=`$KEYGEN -q -a rsasha1 -r $RANDFILE -A +1w -P never $czone`
+key=`$KEYGEN -q -a rsasha1 -A +1w -P never $czone`
 pub=`$SETTIME -upP $key | awk '{print $2}'`
 [ $pub = "UNSET" ] || ret=1
 n=`expr $n + 1`
@@ -200,8 +198,8 @@ status=`expr $status + $ret`
 
 echo_i "checking calculation of dates for a successor key ($n)"
 ret=0
-oldkey=`$KEYGEN -a RSASHA1 -q -r $RANDFILE $czone`
+oldkey=`$KEYGEN -a RSASHA1 -q $czone`
-newkey=`$KEYGEN -a RSASHA1 -q -r $RANDFILE $czone`
+newkey=`$KEYGEN -a RSASHA1 -q $czone`
 $SETTIME -A -2d -I +2d $oldkey > settime1.test$n 2>&1 || ret=1
 $SETTIME -i 1d -S $oldkey $newkey > settime2.test$n 2>&1 || ret=1
 $SETTIME -pA $newkey | grep "1970" > /dev/null && ret=1

bin/tests/system/mkeys/ns1/sign.sh

@@ -15,10 +15,10 @@ SYSTEMTESTTOP=../..
 zone=.
 zonefile=root.db
 
-keyname=`$KEYGEN -a rsasha256 -qfk -r $RANDFILE $zone`
+keyname=`$KEYGEN -a rsasha256 -qfk $zone`
-zskkeyname=`$KEYGEN -a rsasha256 -q -r $RANDFILE $zone`
+zskkeyname=`$KEYGEN -a rsasha256 -q $zone`
 
-$SIGNER -Sg -r $RANDFILE -o $zone $zonefile > /dev/null 2>/dev/null
+$SIGNER -Sg -o $zone $zonefile > /dev/null 2>/dev/null
 
 # Configure the resolving server with a managed trusted key.
 cat $keyname.key | grep -v '^; ' | $PERL -n -e '

bin/tests/system/mkeys/setup.sh

@@ -14,9 +14,6 @@ SYSTEMTESTTOP=..
 
 $SHELL clean.sh
 
-test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
-
-
 copy_setports ns1/named1.conf.in ns1/named.conf
 copy_setports ns2/named.conf.in ns2/named.conf
 copy_setports ns3/named.conf.in ns3/named.conf

bin/tests/system/mkeys/tests.sh

@@ -129,7 +129,7 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "check new trust anchor can be added ($n)"
 ret=0
-standby1=`$KEYGEN -a rsasha256 -qfk -r $RANDFILE -K ns1 .`
+standby1=`$KEYGEN -a rsasha256 -qfk -K ns1 .`
 mkeys_loadkeys_on 1
 mkeys_refresh_on 2
 mkeys_status_on 2 > rndc.out.$n 2>&1
@@ -348,7 +348,7 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "revoke original key, add new standby ($n)"
 ret=0
-standby2=`$KEYGEN -a rsasha256 -qfk -r $RANDFILE -K ns1 .`
+standby2=`$KEYGEN -a rsasha256 -qfk -K ns1 .`
 $SETTIME -R now -K ns1 `cat ns1/managed.key` > /dev/null
 mkeys_loadkeys_on 1
 mkeys_refresh_on 2
@@ -380,7 +380,7 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "revoke standby before it is trusted ($n)"
 ret=0
-standby3=`$KEYGEN -a rsasha256 -qfk -r $RANDFILE -K ns1 .`
+standby3=`$KEYGEN -a rsasha256 -qfk -K ns1 .`
 mkeys_loadkeys_on 1
 mkeys_refresh_on 2
 mkeys_status_on 2 > rndc.out.a.$n 2>&1
@@ -474,7 +474,7 @@ echo_i "reset the root server"
 $SETTIME -D none -R none -K ns1 `cat ns1/managed.key` > /dev/null
 $SETTIME -D now -K ns1 $standby1 > /dev/null
 $SETTIME -D now -K ns1 $standby2 > /dev/null
-$SIGNER -Sg -K ns1 -N unixtime -r $RANDFILE -o . ns1/root.db > /dev/null 2>/dev/null
+$SIGNER -Sg -K ns1 -N unixtime -o . ns1/root.db > /dev/null 2>/dev/null
 copy_setports ns1/named2.conf.in ns1/named.conf
 rm -f ns1/root.db.signed.jnl
 mkeys_reconfig_on 1
@@ -508,7 +508,7 @@ rm -f ns1/root.db.signed.jnl
 # but we actually do want post-sign verification to happen to ensure the zone
 # is correct before we break it on purpose.
 $SETTIME -R none -D none -K ns1 $standby1 > /dev/null
-$SIGNER -Sg -K ns1 -N unixtime -r $RANDFILE -O full -o . -f signer.out.$n ns1/root.db > /dev/null 2>/dev/null
+$SIGNER -Sg -K ns1 -N unixtime -O full -o . -f signer.out.$n ns1/root.db > /dev/null 2>/dev/null
 cp -f ns1/root.db.signed ns1/root.db.tmp
 BADSIG="SVn2tLDzpNX2rxR4xRceiCsiTqcWNKh7NQ0EQfCrVzp9WEmLw60sQ5kP xGk4FS/xSKfh89hO2O/H20Bzp0lMdtr2tKy8IMdU/mBZxQf2PXhUWRkg V2buVBKugTiOPTJSnaqYCN3rSfV1o7NtC1VNHKKK/D5g6bpDehdn5Gaq kpBhN+MSCCh9OZP2IT20luS1ARXxLlvuSVXJ3JYuuhTsQXUbX/SQpNoB Lo6ahCE55szJnmAxZEbb2KOVnSlZRA6ZBHDhdtO0S4OkvcmTutvcVV+7 w53CbKdaXhirvHIh0mZXmYk2PbPLDY7PU9wSH40UiWPOB9f00wwn6hUe uEQ1Qg=="
 # Less than a second may have passed since ns1 was started.  If we call
@@ -560,7 +560,7 @@ $SETTIME -D now -K ns1 $standby1 > /dev/null
 # "nanoseconds" field of isc_time_t, due to zone load time being seemingly
 # equal to master file modification time.
 sleep 1
-$SIGNER -Sg -K ns1 -N unixtime -r $RANDFILE -o . ns1/root.db > /dev/null 2>/dev/null
+$SIGNER -Sg -K ns1 -N unixtime -o . ns1/root.db > /dev/null 2>/dev/null
 mkeys_reload_on 1
 mkeys_flush_on 2
 $DIG $DIGOPTS +noauth example. @10.53.0.2 txt > dig.out.ns2.test$n || ret=1
@@ -650,7 +650,7 @@ n=`expr $n + 1`
 echo_i "restore root server, check validation succeeds again ($n)"
 ret=0
 rm -f ns1/root.db.signed.jnl
-$SIGNER -Sg -K ns1 -N unixtime -r $RANDFILE -o . ns1/root.db > /dev/null 2>/dev/null
+$SIGNER -Sg -K ns1 -N unixtime -o . ns1/root.db > /dev/null 2>/dev/null
 mkeys_reload_on 1
 mkeys_refresh_on 2
 mkeys_status_on 2 > rndc.out.$n 2>&1

bin/tests/system/nsupdate/ns3/sign.sh

@@ -16,31 +16,31 @@ zone=nsec3param.test.
 infile=nsec3param.test.db.in
 zonefile=nsec3param.test.db
 
-keyname1=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone -f KSK $zone`
+keyname1=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone -f KSK $zone`
-keyname2=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
+keyname2=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
 
 cat $infile $keyname1.key $keyname2.key >$zonefile
 
-$SIGNER -P -3 - -H 1 -r $RANDFILE -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
+$SIGNER -P -3 - -H 1 -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
 
 zone=dnskey.test.
 infile=dnskey.test.db.in
 zonefile=dnskey.test.db
 
-keyname1=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
+keyname1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone`
-keyname2=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
+keyname2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
 
 cat $infile $keyname1.key $keyname2.key >$zonefile
 
-$SIGNER -P -r $RANDFILE -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
+$SIGNER -P -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
 
 zone=delegation.test.
 infile=delegation.test.db.in
 zonefile=delegation.test.db
 
-keyname1=`$KEYGEN -q -a RSASHA256 -r $RANDFILE -3 -f KSK $zone`
+keyname1=`$KEYGEN -q -a RSASHA256 -3 -f KSK $zone`
-keyname2=`$KEYGEN -q -a RSASHA256 -r $RANDFILE -3 $zone`
+keyname2=`$KEYGEN -q -a RSASHA256 -3 $zone`
 
 cat $infile $keyname1.key $keyname2.key >$zonefile
 
-$SIGNER -A -3 - -P -r $RANDFILE -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
+$SIGNER -A -3 - -P -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null

bin/tests/system/nsupdate/setup.sh

@@ -12,8 +12,6 @@
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
 
-test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
-
 $SHELL clean.sh
 copy_setports ns1/named.conf.in ns1/named.conf
 copy_setports ns2/named.conf.in ns2/named.conf
@@ -56,14 +54,14 @@ ns1.update.nil.         A       10.53.0.2
 ns2.update.nil.		AAAA	::1
 EOF
 
-$DDNSCONFGEN -q -r $RANDFILE -z example.nil > ns1/ddns.key
+$DDNSCONFGEN -q -z example.nil > ns1/ddns.key
 
-$DDNSCONFGEN -q -r $RANDFILE -a hmac-md5 -k md5-key -z keytests.nil > ns1/md5.key
+$DDNSCONFGEN -q -a hmac-md5 -k md5-key -z keytests.nil > ns1/md5.key
-$DDNSCONFGEN -q -r $RANDFILE -a hmac-sha1 -k sha1-key -z keytests.nil > ns1/sha1.key
+$DDNSCONFGEN -q -a hmac-sha1 -k sha1-key -z keytests.nil > ns1/sha1.key
-$DDNSCONFGEN -q -r $RANDFILE -a hmac-sha224 -k sha224-key -z keytests.nil > ns1/sha224.key
+$DDNSCONFGEN -q -a hmac-sha224 -k sha224-key -z keytests.nil > ns1/sha224.key
-$DDNSCONFGEN -q -r $RANDFILE -a hmac-sha256 -k sha256-key -z keytests.nil > ns1/sha256.key
+$DDNSCONFGEN -q -a hmac-sha256 -k sha256-key -z keytests.nil > ns1/sha256.key
-$DDNSCONFGEN -q -r $RANDFILE -a hmac-sha384 -k sha384-key -z keytests.nil > ns1/sha384.key
+$DDNSCONFGEN -q -a hmac-sha384 -k sha384-key -z keytests.nil > ns1/sha384.key
-$DDNSCONFGEN -q -r $RANDFILE -a hmac-sha512 -k sha512-key -z keytests.nil > ns1/sha512.key
+$DDNSCONFGEN -q -a hmac-sha512 -k sha512-key -z keytests.nil > ns1/sha512.key
 
 (cd ns3; $SHELL -e sign.sh)
 

bin/tests/system/nsupdate/tests.sh

@@ -196,7 +196,7 @@ grep "mx03.update.nil/MX:.*MX is an address" ns1/named.run > /dev/null 2>&1 || r
 
 ret=0
 echo_i "check SIG(0) key is accepted"
-key=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -T KEY -n ENTITY xxx`
+key=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -T KEY -n ENTITY xxx`
 echo "" | $NSUPDATE -k ${key}.private > /dev/null 2>&1 || ret=1
 [ $ret = 0 ] || { echo_i "failed"; status=1; }
 

bin/tests/system/padding/setup.sh

@@ -14,8 +14,6 @@ SYSTEMTESTTOP=..
 
 $SHELL clean.sh
 
-test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
-
 copy_setports ns1/named.conf.in ns1/named.conf
 copy_setports ns2/named.conf.in ns2/named.conf
 copy_setports ns3/named.conf.in ns3/named.conf

bin/tests/system/pending/ns1/sign.sh

@@ -21,11 +21,11 @@ zonefile=root.db
 cp ../ns2/dsset-example$TP .
 cp ../ns2/dsset-example.com$TP .
 
-keyname1=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
+keyname1=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone $zone`
-keyname2=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 2048 -f KSK -n zone $zone`
+keyname2=`$KEYGEN -q -a RSASHA256 -b 2048 -f KSK -n zone $zone`
 cat $infile $keyname1.key $keyname2.key > $zonefile
 
-$SIGNER -g -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -g -o $zone $zonefile > /dev/null 2>&1
 
 # Configure the resolving server with a trusted key.
 

bin/tests/system/pending/ns2/sign.sh

@@ -17,12 +17,12 @@ for domain in example example.com; do
 	infile=${domain}.db.in
 	zonefile=${domain}.db
 
-	keyname1=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
+	keyname1=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
-	keyname2=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -f KSK -n zone $zone`
+	keyname2=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -f KSK -n zone $zone`
 
 	cat $infile $keyname1.key $keyname2.key > $zonefile
 
-	$SIGNER -3 bebe -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+	$SIGNER -3 bebe -o $zone $zonefile > /dev/null 2>&1
 done
 
 # remove "removed" record from example.com, causing the server to

bin/tests/system/pending/setup.sh

@@ -12,8 +12,6 @@
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
 
-test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
-
 copy_setports ns1/named.conf.in ns1/named.conf
 copy_setports ns2/named.conf.in ns2/named.conf
 copy_setports ns3/named.conf.in ns3/named.conf

bin/tests/system/pipelined/setup.sh

@@ -14,8 +14,6 @@ SYSTEMTESTTOP=..
 
 $SHELL clean.sh
 
-test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
-
 copy_setports ns1/named.conf.in ns1/named.conf
 copy_setports ns2/named.conf.in ns2/named.conf
 copy_setports ns3/named.conf.in ns3/named.conf

bin/tests/system/pipelined/tests.sh

@@ -19,7 +19,7 @@ status=0
 
 echo_i "check pipelined TCP queries"
 ret=0
-$PIPEQUERIES -r $RANDFILE -p ${PORT} < input > raw || ret=1
+$PIPEQUERIES -p ${PORT} < input > raw || ret=1
 awk '{ print $1 " " $5 }' < raw > output
 sort < output > output-sorted
 diff ref output-sorted || { ret=1 ; echo_i "diff sorted failed"; }
@@ -43,7 +43,7 @@ status=`expr $status + $ret`
 
 echo_i "check keep-response-order"
 ret=0
-$PIPEQUERIES -r $RANDFILE -p ${PORT} ++ < inputb > rawb || ret=1
+$PIPEQUERIES -p ${PORT} ++ < inputb > rawb || ret=1
 awk '{ print $1 " " $5 }' < rawb > outputb
 diff refb outputb || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi

bin/tests/system/pkcs11/setup.sh

@@ -33,7 +33,7 @@ if [ "x$have_rsa" != "x" ]; then
             -l "object=robie-rsa-ksk;pin-source=$PWD/pin" rsa.example`
 
     cat $infile $rsazsk1.key $rsaksk.key > $zonefile
-    $SIGNER -a -P -g -r $RANDFILE -o $zone $zonefile \
+    $SIGNER -a -P -g -o $zone $zonefile \
             > /dev/null 2> signer.err || cat signer.err
     cp $rsazsk2.key ns1/rsa.key
     mv Krsa* ns1
@@ -58,7 +58,7 @@ if [ "x$have_ecc" != "x" ]; then
             -l "object=robie-ecc-ksk;pin-source=$PWD/pin" ecc.example`
 
     cat $infile $ecczsk1.key $eccksk.key > $zonefile
-    $SIGNER -a -P -g -r $RANDFILE -o $zone $zonefile \
+    $SIGNER -a -P -g -o $zone $zonefile \
         > /dev/null 2> signer.err || cat signer.err
     cp $ecczsk2.key ns1/ecc.key
     mv Kecc* ns1
@@ -86,7 +86,7 @@ if [ "x$have_ecx" != "x" ]; then
 #           -l "object=robie-ecx-ksk;pin-source=$PWD/pin" ecx.example`
 
     cat $infile $ecxzsk1.key $ecxksk.key > $zonefile
-    $SIGNER -a -P -g -r $RANDFILE -o $zone $zonefile \
+    $SIGNER -a -P -g -o $zone $zonefile \
         > /dev/null 2> signer.err || cat signer.err
     cp $ecxzsk2.key ns1/ecx.key
     mv Kecx* ns1

bin/tests/system/pkcs11ssl/setup.sh

@@ -32,7 +32,7 @@ rsaksk=`$KEYFRLAB -a RSASHA1 -f ksk \
         -l "robie-rsa-ksk" rsa.example`
 
 cat $infile $rsazsk1.key $rsaksk.key > $zonefile
-$SIGNER -a -P -g -r $RANDFILE -o $zone $zonefile \
+$SIGNER -a -P -g -o $zone $zonefile \
         > /dev/null 2> signer.err || cat signer.err
 cp $rsazsk2.key ns1/rsa.key
 mv Krsa* ns1

bin/tests/system/redirect/ns1/sign.sh

@@ -16,20 +16,20 @@ zone=signed
 infile=example.db
 zonefile=signed.db
 
-key1=`$KEYGEN -q -a rsasha256 -r $RANDFILE $zone`
+key1=`$KEYGEN -q -a rsasha256 $zone`
-key2=`$KEYGEN -q -a rsasha256 -r $RANDFILE -fk $zone`
+key2=`$KEYGEN -q -a rsasha256 -fk $zone`
 
 cat $infile $key1.key $key2.key > $zonefile
 
-$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null
+$SIGNER -P -g -o $zone $zonefile > /dev/null
 
 zone=nsec3
 infile=example.db
 zonefile=nsec3.db
 
-key1=`$KEYGEN -q -a rsasha256 -r $RANDFILE -3 $zone`
+key1=`$KEYGEN -q -a rsasha256 -3 $zone`
-key2=`$KEYGEN -q -a rsasha256 -r $RANDFILE -3 -fk $zone`
+key2=`$KEYGEN -q -a rsasha256 -3 -fk $zone`
 
 cat $infile $key1.key $key2.key > $zonefile
 
-$SIGNER -P -3 - -g -r $RANDFILE -o $zone $zonefile > /dev/null
+$SIGNER -P -3 - -g -o $zone $zonefile > /dev/null

bin/tests/system/redirect/ns3/sign.sh

@@ -16,20 +16,20 @@ zone=signed
 infile=example.db
 zonefile=signed.db
 
-key1=`$KEYGEN -q -a rsasha256 -r $RANDFILE $zone`
+key1=`$KEYGEN -q -a rsasha256 $zone`
-key2=`$KEYGEN -q -a rsasha256 -r $RANDFILE -fk $zone`
+key2=`$KEYGEN -q -a rsasha256 -fk $zone`
 
 cat $infile $key1.key $key2.key > $zonefile
 
-$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null
+$SIGNER -P -g -o $zone $zonefile > /dev/null
 
 zone=nsec3
 infile=example.db
 zonefile=nsec3.db
 
-key1=`$KEYGEN -q -a rsasha256 -r $RANDFILE -3 $zone`
+key1=`$KEYGEN -q -a rsasha256 -3 $zone`
-key2=`$KEYGEN -q -a rsasha256 -r $RANDFILE -3 -fk $zone`
+key2=`$KEYGEN -q -a rsasha256 -3 -fk $zone`
 
 cat $infile $key1.key $key2.key > $zonefile
 
-$SIGNER -P -3 - -g -r $RANDFILE -o $zone $zonefile > /dev/null
+$SIGNER -P -3 - -g -o $zone $zonefile > /dev/null

bin/tests/system/redirect/setup.sh

@@ -14,8 +14,6 @@ SYSTEMTESTTOP=..
 
 $SHELL clean.sh
 
-test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
-
 copy_setports ns1/named.conf.in ns1/named.conf
 copy_setports ns2/named.conf.in ns2/named.conf
 copy_setports ns3/named.conf.in ns3/named.conf

bin/tests/system/resolver/ns6/keygen.sh

@@ -16,19 +16,19 @@ zone=ds.example.net
 zonefile="${zone}.db"
 infile="${zonefile}.in"
 cp $infile $zonefile
-ksk=`$KEYGEN -q -a rsasha256 -r $RANDFILE -fk $zone`
+ksk=`$KEYGEN -q -a rsasha256 -fk $zone`
-zsk=`$KEYGEN -q -a rsasha256 -r $RANDFILE -b 2048 $zone`
+zsk=`$KEYGEN -q -a rsasha256 -b 2048 $zone`
 cat $ksk.key $zsk.key >> $zonefile
-$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
 
 zone=example.net
 zonefile="${zone}.db"
 infile="${zonefile}.in"
 cp $infile $zonefile
-ksk=`$KEYGEN -q -a rsasha256 -r $RANDFILE -fk $zone`
+ksk=`$KEYGEN -q -a rsasha256 -fk $zone`
-zsk=`$KEYGEN -q -a rsasha256 -r $RANDFILE $zone`
+zsk=`$KEYGEN -q -a rsasha256 $zone`
 cat $ksk.key $zsk.key dsset-ds.example.net$TP >> $zonefile
-$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
 
 # Configure a trusted key statement (used by delve)
 cat $ksk.key | grep -v '^; ' | $PERL -n -e '

bin/tests/system/resolver/setup.sh

@@ -12,8 +12,6 @@
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
 
-test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
-
 cp ns4/tld1.db ns4/tld.db
 cp ns6/to-be-removed.tld.db.in ns6/to-be-removed.tld.db
 cp ns7/server.db.in ns7/server.db

bin/tests/system/rndc/setup.sh

@@ -14,8 +14,6 @@ SYSTEMTESTTOP=..
 
 $SHELL clean.sh
 
-test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
-
 $SHELL ../genzone.sh 2 >ns2/nil.db
 $SHELL ../genzone.sh 2 >ns2/other.db
 $SHELL ../genzone.sh 2 >ns2/static.db
@@ -31,7 +29,7 @@ copy_setports ns5/named.conf.in ns5/named.conf
 copy_setports ns6/named.conf.in ns6/named.conf
 
 make_key () {
-    $RNDCCONFGEN -r $RANDFILE -k key$1 -A $3 -s 10.53.0.4 -p $2 \
+    $RNDCCONFGEN -k key$1 -A $3 -s 10.53.0.4 -p $2 \
             > ns4/key${1}.conf 2> /dev/null
     egrep -v '(^# Start|^# End|^# Use|^[^#])' ns4/key$1.conf | cut -c3- | \
             sed 's/allow { 10.53.0.4/allow { any/' >> ns4/named.conf

bin/tests/system/rootkeysentinel/ns1/sign.sh

@@ -16,7 +16,7 @@ zone=.
 infile=root.db.in
 zonefile=root.db
 
-keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
+keyname=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone $zone`
 keyid=`expr ${keyname} : 'K.+008+\(.*\)'`
 
 (cd ../ns2 && $SHELL sign.sh ${keyid:-00000} )
@@ -25,7 +25,7 @@ cp ../ns2/dsset-example$TP .
 
 cat $infile $keyname.key > $zonefile
 
-$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null
+$SIGNER -P -g -o $zone $zonefile > /dev/null
 
 # Configure the resolving server with a trusted key.
 cat $keyname.key | grep -v '^; ' | $PERL -n -e '

bin/tests/system/rootkeysentinel/ns2/sign.sh

@@ -22,8 +22,8 @@ zone=example.
 infile=example.db.in
 zonefile=example.db
 
-keyname1=`$KEYGEN -q -r $RANDFILE -a DSA -b 768 -n zone $zone`
+keyname1=`$KEYGEN -q -a DSA -b 768 -n zone $zone`
-keyname2=`$KEYGEN -q -r $RANDFILE -a DSA -b 768 -n zone $zone`
+keyname2=`$KEYGEN -q -a DSA -b 768 -n zone $zone`
 
 cat $infile $keyname1.key $keyname2.key >$zonefile
 echo root-key-sentinel-is-ta-$oldid A 10.53.0.1 >> $zonefile
@@ -37,4 +37,4 @@ echo new-not-ta CNAME root-key-sentinel-not-ta-$newid >> $zonefile
 echo bad-is-ta CNAME root-key-sentinel-is-ta-$badid >> $zonefile
 echo bad-not-ta CNAME root-key-sentinel-not-ta-$badid >> $zonefile
 
-$SIGNER -P -g -r $RANDFILE -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
+$SIGNER -P -g -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null

bin/tests/system/rootkeysentinel/setup.sh

@@ -14,8 +14,6 @@ SYSTEMTESTTOP=..
 
 $SHELL clean.sh
 
-test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
-
 copy_setports ns1/named.conf.in ns1/named.conf
 copy_setports ns2/named.conf.in ns2/named.conf
 copy_setports ns3/named.conf.in ns3/named.conf

bin/tests/system/rpz/setup.sh

@@ -62,12 +62,9 @@ for NM in '' -2 -given -disabled -passthru -no-op -nodata -nxdomain -cname -wild
     sed -e "/SOA/s/blx/bl$NM/g" ns3/base.db >ns3/bl$NM.db
 done
 
-# sign the root and a zone in ns2
-test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
-
 # $1=directory, $2=domain name, $3=input zone file, $4=output file
 signzone () {
-    KEYNAME=`$KEYGEN -q -a rsasha256 -r $RANDFILE -K $1 $2`
+    KEYNAME=`$KEYGEN -q -a rsasha256 -K $1 $2`
     cat $1/$3 $1/$KEYNAME.key > $1/tmp
     $SIGNER -Pp -K $1 -o $2 -f $1/$4 $1/tmp >/dev/null
     sed -n -e 's/\(.*\) IN DNSKEY \([0-9]\{1,\} [0-9]\{1,\} [0-9]\{1,\}\) \(.*\)/trusted-keys {"\1" \2 "\3";};/p' $1/$KEYNAME.key >>trusted.conf

bin/tests/system/rsabigexponent/ns1/sign.sh

@@ -18,11 +18,11 @@ zonefile=root.db
 
 cp ../ns2/dsset-example.in dsset-example$TP
 
-keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
+keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
 
 cat $infile $keyname.key > $zonefile
 
-$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null
+$SIGNER -P -g -o $zone $zonefile > /dev/null
 
 # Configure the resolving server with a trusted key.
 cat $keyname.key | grep -v '^; ' | $PERL -n -e '

bin/tests/system/rsabigexponent/ns2/sign.sh

@@ -22,6 +22,6 @@ do
 	cp $i `echo $i | sed s/X/K/`
 done
 
-$SIGNER -r $RANDFILE -g -s 20000101000000 -e 20361231235959 -o $zone \
+$SIGNER -g -s 20000101000000 -e 20361231235959 -o $zone \
 	$infile Kexample.+005+51829 Kexample.+005+51829 \
 	> /dev/null 2> signer.err

bin/tests/system/rsabigexponent/prereq.sh

@@ -12,8 +12,6 @@
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
 
-test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
-
 if $BIGKEY > /dev/null 2>&1
 then
     rm -f Kexample.*

bin/tests/system/rsabigexponent/setup.sh

@@ -14,8 +14,6 @@ SYSTEMTESTTOP=..
 
 $SHELL clean.sh
 
-test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
-
 copy_setports ns1/named.conf.in ns1/named.conf
 copy_setports ns2/named.conf.in ns2/named.conf
 copy_setports ns3/named.conf.in ns3/named.conf

bin/tests/system/sfcache/ns1/sign.sh

@@ -20,11 +20,11 @@ zonefile=root.db
 
 cp ../ns2/dsset-example$TP .
 
-keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone`
+keyname=`$KEYGEN -q -a RSAMD5 -b 1024 -n zone $zone`
 
 cat $infile $keyname.key > $zonefile
 
-$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null
+$SIGNER -P -g -o $zone $zonefile > /dev/null
 
 # Configure the resolving server with a trusted key.
 cat $keyname.key | grep -v '^; ' | $PERL -n -e '

bin/tests/system/sfcache/ns2/sign.sh

@@ -16,9 +16,9 @@ zone=example.
 infile=example.db.in
 zonefile=example.db
 
-keyname1=`$KEYGEN -q -r $RANDFILE -a DSA -b 768 -n zone $zone`
+keyname1=`$KEYGEN -q -a DSA -b 768 -n zone $zone`
-keyname2=`$KEYGEN -q -r $RANDFILE -a DSA -b 768 -n zone $zone`
+keyname2=`$KEYGEN -q -a DSA -b 768 -n zone $zone`
 
 cat $infile $keyname1.key $keyname2.key >$zonefile
 
-$SIGNER -P -g -r $RANDFILE -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
+$SIGNER -P -g -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null

bin/tests/system/sfcache/prereq.sh

@@ -12,9 +12,7 @@
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
 
-$GENRANDOM 800 $RANDFILE
+if $KEYGEN -q -a RSAMD5 -b 1024 -n zone foo > /dev/null 2>&1
-
-if $KEYGEN -q -a RSAMD5 -b 1024 -n zone -r $RANDFILE foo > /dev/null 2>&1
 then
     rm -f Kfoo*
 else

bin/tests/system/sfcache/setup.sh

@@ -14,8 +14,6 @@ SYSTEMTESTTOP=..
 
 $SHELL clean.sh
 
-test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
-
 copy_setports ns1/named.conf.in ns1/named.conf
 copy_setports ns2/named.conf.in ns2/named.conf
 copy_setports ns5/named.conf.in ns5/named.conf

bin/tests/system/smartsign/setup.sh

@@ -13,5 +13,3 @@ SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
 
 $SHELL clean.sh
-
-test -r $RANDFILE || $GENRANDOM 800 $RANDFILE