Rene G. Eberhard wrote:
> 
> OpenSSL 0.9.5-dev 09 Aug 1999
> 
> Consider the following: Sign a PKCS#10 with apps/x509.c
> 
> openssl x509 -CAserial serial.txt -CAkey RSA_1024_NONE.key.pem
>              -CA RSA_RSA_1024_NONE.cert.pem -in req.pem -req
> 
> In this case need_rand can be set to zero.
> But it is set to one in
> 
> else if (strcmp(*argv,"-req") == 0)
>     {
>     reqfile=1;
>     need_rand = 1;
>     }
> ..
> ..
> else if (strcmp(*argv,"-CA") == 0)
>     {
>     if (--argc < 1) goto bad;
>     CAfile= *(++argv);
>     CA_flag= ++num;
>     need_rand = 1;
>     }
> 

Presumably this is in case a DSA key is used in which case you do need a
random number. I suppose the key type could be checked though.

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] 
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to