Make `openssl x509 -noout -modulus' functional also for DSA certificates (in

addition to RSA certificates) to match the behaviour of `openssl dsa -noout -modulus' as it's already the case for `openssl rsa -noout -modulus'. For RSA the -modulus is the real "modulus" while for DSA currently the public key is printed (a decision which was already done by `openssl dsa -modulus' in the past) which serves a similar purpose. Additionally the NO_RSA no longer completely removes the whole -modulus option; it now only avoids using the RSA stuff. Same applies to NO_DSA now, too.

Make `openssl x509 -noout -modulus' functional also for DSA certificates (in
addition to RSA certificates) to match the behaviour of `openssl dsa -noout -modulus' as it's already the case for `openssl rsa -noout -modulus'. For RSA the -modulus is the real "modulus" while for DSA currently the public key is printed (a decision which was already done by `openssl dsa -modulus' in the past) which serves a similar purpose. Additionally the NO_RSA no longer completely removes the whole -modulus option; it now only avoids using the RSA stuff. Same applies to NO_DSA now, too.
7be304ac · Ralf S. Engelschall · 6b313a73 · 7be304ac · 7be304ac
隐藏空白更改
内联并排

Showing with 18 addition and 2 deletion

CHANGES CHANGES +11 -0

apps/x509.c apps/x509.c +7 -2

未找到文件。
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,17 @@

 Changes between 0.9.1c and 0.9.2

+  *) Make `openssl x509 -noout -modulus' functional also for DSA certificates
+     (in addition to RSA certificates) to match the behaviour of `openssl dsa
+     -noout -modulus' as it's already the case for `openssl rsa -noout
+     -modulus'.  For RSA the -modulus is the real "modulus" while for DSA
+     currently the public key is printed (a decision which was already done by
+     `openssl dsa -modulus' in the past) which serves a similar purpose.
+     Additionally the NO_RSA no longer completely removes the whole -modulus
+     option; it now only avoids using the RSA stuff. Same applies to NO_DSA
+     now, too.
+     [Ralf S.  Engelschall]
+
  *) Add Arne Ansper's reliable BIO - this is an encrypted, block-digested
     BIO. See the source (crypto/evp/bio_ok.c) for more info.
     [Arne Ansper <arne@ats.cyber.ee>]

--- a/apps/x509.c
+++ b/apps/x509.c
@@ -468,7 +468,6 @@ bad:
 				BIO_printf(STDout,"%08lx\n",X509_subject_name_hash(x));
 				}
 			else
-#ifndef NO_RSA
 				if (modulus == i)
 				{
 				EVP_PKEY *pkey;
@@ -481,15 +480,21 @@ bad:
 					goto end;
 					}
 				BIO_printf(STDout,"Modulus=");
+#ifndef NO_RSA
 				if (pkey->type == EVP_PKEY_RSA)
 					BN_print(STDout,pkey->pkey.rsa->n);
 				else
+#endif
+#ifndef NO_DSA
+				if (pkey->type == EVP_PKEY_DSA)
+					BN_print(STDout,pkey->pkey.dsa->pub_key);
+				else
+#endif
 					BIO_printf(STDout,"Wrong Algorithm type");
 				BIO_printf(STDout,"\n");
 				EVP_PKEY_free(pkey);
 				}
 			else
-#endif
 				if (C == i)
 				{
 				unsigned char *d;