Rene G. Eberhard wrote:
>
> OpenSSL 0.9.5-dev 09 Aug 1999
>
> Consider the following: Sign a PKCS#10 with apps/x509.c
>
> openssl x509 -CAserial serial.txt -CAkey RSA_1024_NONE.key.pem
> -CA RSA_RSA_1024_NONE.cert.pem -in req.pem -req
>
> In this case need_rand can be set to zero.
> But it is set to one in
>
> else if (strcmp(*argv,"-req") == 0)
> {
> reqfile=1;
> need_rand = 1;
> }
> ..
> ..
> else if (strcmp(*argv,"-CA") == 0)
> {
> if (--argc < 1) goto bad;
> CAfile= *(++argv);
> CA_flag= ++num;
> need_rand = 1;
> }
>
Presumably this is in case a DSA key is used in which case you do need a
random number. I suppose the key type could be checked though.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]