From: Dr. Stephen Henson Date: Fri, 28 Jan 2000 01:35:31 +0000 (+0000) Subject: New -pkcs12 option to CA.pl. X-Git-Tag: OpenSSL_0_9_5beta1~166 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=90644dd74d5c5262831bb0be73e1226778099924;p=oweals%2Fopenssl.git New -pkcs12 option to CA.pl. Document CA.pl script. Initialise and free up the extra DH fields (nothing uses them yet though). --- diff --git a/CHANGES b/CHANGES index 6ef0317f98..6a42f94224 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,9 @@ Changes between 0.9.4 and 0.9.5 [xx XXX 2000] + *) New -pkcs12 option to CA.pl script to write out a PKCS#12 file. + [Steve Henson] + *) Use BN_prime_checks_size(BN_num_bits(w)) rounds of Miller-Rabin when generating DSA primes. [Ulf Möller] diff --git a/NEWS b/NEWS index ad79177494..b6a3d41df5 100644 --- a/NEWS +++ b/NEWS @@ -7,9 +7,27 @@ Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5: - o S/MIME support + o S/MIME support in new 'smime' command o Documentation for the OpenSSL command line application - o + o Automation of 'req' application + o Fixes to make s_client, s_server work under Windows + o Support for multiple fieldnames in SPKACs + o New SPKAC command line utilty and associated library functions + o Options to allow passwords to be passed on command line or environment + o New public key PEM format and options to handle it + o Many other fixes and enhancements to command line utilities + o Usable certificate chain verification + o Certificate purpose checking + o Certificate trust settings + o Support of authority information access extension + o Extensions in certificate requests + o Simplified X509 name and attribute routines + o Initial incomplete support for international character sets + o New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD + o Read only memory BIOs and simplified creation function + o TLS/SSL code now "tolerates" MS SGC + o RSA_NULL option that removes RSA patent code but keeps other + RSA functionality Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4: diff --git a/apps/CA.pl.in b/apps/CA.pl.in index 7c023ae71f..0e0b7fc0bc 100644 --- a/apps/CA.pl.in +++ b/apps/CA.pl.in @@ -41,6 +41,7 @@ $REQ="openssl req $SSLEAY_CONFIG"; $CA="openssl ca $SSLEAY_CONFIG"; $VERIFY="openssl verify"; $X509="openssl x509"; +$PKCS12="openssl pkcs12"; $CATOP="./demoCA"; $CAKEY="cakey.pem"; @@ -99,6 +100,14 @@ foreach (@ARGV) { $RET=$?; } } + } elsif (/^-pkcs12$/) { + my $cname = $ARGV[1]; + $cname = "My Certificate" unless defined $cname; + system ("$PKCS12 -in newcert.pem -inkey newreq.pem " . + "-certfile ${CATOP}/$CACERT -out newcert.p12 " . + "-export -name \"$cname\""); + $RET=$?; + exit $RET; } elsif (/^-xsign$/) { system ("$CA -policy policy_anything -infiles newreq.pem"); $RET=$?; diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index c41ace5bea..c15b2ad483 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -106,7 +106,7 @@ struct dh_st /* Place holders if we want to do X9.42 DH */ BIGNUM *q; BIGNUM *j; - unsigned *seed; + unsigned char *seed; int seedlen; BIGNUM *counter; diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index ebfbcb4347..6c21463028 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -113,6 +113,11 @@ DH *DH_new_method(DH_METHOD *meth) ret->length=0; ret->pub_key=NULL; ret->priv_key=NULL; + ret->q=NULL; + ret->j=NULL; + ret->seed = NULL; + ret->seedlen = 0; + ret->counter = NULL; ret->method_mont_p=NULL; ret->references = 1; ret->flags=ret->meth->flags; @@ -149,6 +154,10 @@ void DH_free(DH *r) if (r->p != NULL) BN_clear_free(r->p); if (r->g != NULL) BN_clear_free(r->g); + if (r->q != NULL) BN_clear_free(r->q); + if (r->j != NULL) BN_clear_free(r->j); + if (r->seed) Free(r->seed); + if (r->counter != NULL) BN_clear_free(r->counter); if (r->pub_key != NULL) BN_clear_free(r->pub_key); if (r->priv_key != NULL) BN_clear_free(r->priv_key); Free(r);