New -pkcs12 option to CA.pl. Document CA.pl script. Initialise and free up the extra DH fields (nothing uses them yet though).

90644dd7 · Dr. Stephen Henson · 75b0edaa · 90644dd7 · 90644dd7 · 90644dd7
隐藏空白更改
内联并排

Showing with 42 addition and 3 deletion

CHANGES CHANGES +3 -0

NEWS NEWS +20 -2

apps/CA.pl.in apps/CA.pl.in +9 -0

crypto/dh/dh.h crypto/dh/dh.h +1 -1

crypto/dh/dh_lib.c crypto/dh/dh_lib.c +9 -0

未找到文件。
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,9 @@

 Changes between 0.9.4 and 0.9.5  [xx XXX 2000]

+  *) New -pkcs12 option to CA.pl script to write out a PKCS#12 file.
+     [Steve Henson]
+
  *) Use BN_prime_checks_size(BN_num_bits(w)) rounds of Miller-Rabin when
     generating DSA primes.
     [Ulf Möller]

--- a/NEWS
+++ b/NEWS
@@ -7,9 +7,27 @@

  Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5:

-      o S/MIME support
+      o S/MIME support in new 'smime' command
      o Documentation for the OpenSSL command line application
-      o 
+      o Automation of 'req' application
+      o Fixes to make s_client, s_server work under Windows
+      o Support for multiple fieldnames in SPKACs
+      o New SPKAC command line utilty and associated library functions
+      o Options to allow passwords to be passed on command line or environment
+      o New public key PEM format and options to handle it
+      o Many other fixes and enhancements to command line utilities
+      o Usable certificate chain verification
+      o Certificate purpose checking
+      o Certificate trust settings
+      o Support of authority information access extension
+      o Extensions in certificate requests
+      o Simplified X509 name and attribute routines
+      o Initial incomplete support for international character sets
+      o New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD
+      o Read only memory BIOs and simplified creation function
+      o TLS/SSL code now "tolerates" MS SGC
+      o RSA_NULL option that removes RSA patent code but keeps other
+        RSA functionality

  Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4:


--- a/apps/CA.pl.in
+++ b/apps/CA.pl.in
@@ -41,6 +41,7 @@ $REQ="openssl req $SSLEAY_CONFIG";
 $CA="openssl ca $SSLEAY_CONFIG";
 $VERIFY="openssl verify";
 $X509="openssl x509";
+$PKCS12="openssl pkcs12";

 $CATOP="./demoCA";
 $CAKEY="cakey.pem";
@@ -99,6 +100,14 @@ foreach (@ARGV) {
 		    $RET=$?;
 		}
 	    }
+	} elsif (/^-pkcs12$/) {
+	    my $cname = $ARGV[1];
+	    $cname = "My Certificate" unless defined $cname;
+	    system ("$PKCS12 -in newcert.pem -inkey newreq.pem " .
+			"-certfile ${CATOP}/$CACERT -out newcert.p12 " .
+			"-export -name \"$cname\"");
+	    $RET=$?;
+	    exit $RET;
 	} elsif (/^-xsign$/) {
 	    system ("$CA -policy policy_anything -infiles newreq.pem");
 	    $RET=$?;

--- a/crypto/dh/dh.h
+++ b/crypto/dh/dh.h
@@ -106,7 +106,7 @@ struct dh_st
 	/* Place holders if we want to do X9.42 DH */
 	BIGNUM *q;
 	BIGNUM *j;
-	unsigned *seed;
+	unsigned char *seed;
 	int seedlen;
 	BIGNUM *counter;


--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -113,6 +113,11 @@ DH *DH_new_method(DH_METHOD *meth)
 	ret->length=0;
 	ret->pub_key=NULL;
 	ret->priv_key=NULL;
+	ret->q=NULL;
+	ret->j=NULL;
+	ret->seed = NULL;
+	ret->seedlen = 0;
+	ret->counter = NULL;
 	ret->method_mont_p=NULL;
 	ret->references = 1;
 	ret->flags=ret->meth->flags;
@@ -149,6 +154,10 @@ void DH_free(DH *r)

 	if (r->p != NULL) BN_clear_free(r->p);
 	if (r->g != NULL) BN_clear_free(r->g);
+	if (r->q != NULL) BN_clear_free(r->q);
+	if (r->j != NULL) BN_clear_free(r->j);
+	if (r->seed) Free(r->seed);
+	if (r->counter != NULL) BN_clear_free(r->counter);
 	if (r->pub_key != NULL) BN_clear_free(r->pub_key);
 	if (r->priv_key != NULL) BN_clear_free(r->priv_key);
 	Free(r);