diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2000-01-28 01:35:31 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2000-01-28 01:35:31 +0000 |
| commit | 90644dd74d5c5262831bb0be73e1226778099924 (patch) | |
| tree | f07259a214d401c86ea41876e2cbe4eb762d394a | |
| parent | 75b0edaafa5b4333c0e49831a0bce22339871ace (diff) | |
New -pkcs12 option to CA.pl.
Document CA.pl script.
Initialise and free up the extra DH fields
(nothing uses them yet though).
| -rw-r--r-- | CHANGES | 3 | ||||
| -rw-r--r-- | NEWS | 22 | ||||
| -rw-r--r-- | apps/CA.pl.in | 9 | ||||
| -rw-r--r-- | crypto/dh/dh.h | 2 | ||||
| -rw-r--r-- | crypto/dh/dh_lib.c | 9 |
5 files changed, 42 insertions, 3 deletions
@@ -4,6 +4,9 @@ Changes between 0.9.4 and 0.9.5 [xx XXX 2000] + *) New -pkcs12 option to CA.pl script to write out a PKCS#12 file. + [Steve Henson] + *) Use BN_prime_checks_size(BN_num_bits(w)) rounds of Miller-Rabin when generating DSA primes. [Ulf Möller] @@ -7,9 +7,27 @@ Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5: - o S/MIME support + o S/MIME support in new 'smime' command o Documentation for the OpenSSL command line application - o + o Automation of 'req' application + o Fixes to make s_client, s_server work under Windows + o Support for multiple fieldnames in SPKACs + o New SPKAC command line utilty and associated library functions + o Options to allow passwords to be passed on command line or environment + o New public key PEM format and options to handle it + o Many other fixes and enhancements to command line utilities + o Usable certificate chain verification + o Certificate purpose checking + o Certificate trust settings + o Support of authority information access extension + o Extensions in certificate requests + o Simplified X509 name and attribute routines + o Initial incomplete support for international character sets + o New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD + o Read only memory BIOs and simplified creation function + o TLS/SSL code now "tolerates" MS SGC + o RSA_NULL option that removes RSA patent code but keeps other + RSA functionality Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4: diff --git a/apps/CA.pl.in b/apps/CA.pl.in index 7c023ae71f..0e0b7fc0bc 100644 --- a/apps/CA.pl.in +++ b/apps/CA.pl.in @@ -41,6 +41,7 @@ $REQ="openssl req $SSLEAY_CONFIG"; $CA="openssl ca $SSLEAY_CONFIG"; $VERIFY="openssl verify"; $X509="openssl x509"; +$PKCS12="openssl pkcs12"; $CATOP="./demoCA"; $CAKEY="cakey.pem"; @@ -99,6 +100,14 @@ foreach (@ARGV) { $RET=$?; } } + } elsif (/^-pkcs12$/) { + my $cname = $ARGV[1]; + $cname = "My Certificate" unless defined $cname; + system ("$PKCS12 -in newcert.pem -inkey newreq.pem " . + "-certfile ${CATOP}/$CACERT -out newcert.p12 " . + "-export -name \"$cname\""); + $RET=$?; + exit $RET; } elsif (/^-xsign$/) { system ("$CA -policy policy_anything -infiles newreq.pem"); $RET=$?; diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index c41ace5bea..c15b2ad483 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -106,7 +106,7 @@ struct dh_st /* Place holders if we want to do X9.42 DH */ BIGNUM *q; BIGNUM *j; - unsigned *seed; + unsigned char *seed; int seedlen; BIGNUM *counter; diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index ebfbcb4347..6c21463028 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -113,6 +113,11 @@ DH *DH_new_method(DH_METHOD *meth) ret->length=0; ret->pub_key=NULL; ret->priv_key=NULL; + ret->q=NULL; + ret->j=NULL; + ret->seed = NULL; + ret->seedlen = 0; + ret->counter = NULL; ret->method_mont_p=NULL; ret->references = 1; ret->flags=ret->meth->flags; @@ -149,6 +154,10 @@ void DH_free(DH *r) if (r->p != NULL) BN_clear_free(r->p); if (r->g != NULL) BN_clear_free(r->g); + if (r->q != NULL) BN_clear_free(r->q); + if (r->j != NULL) BN_clear_free(r->j); + if (r->seed) Free(r->seed); + if (r->counter != NULL) BN_clear_free(r->counter); if (r->pub_key != NULL) BN_clear_free(r->pub_key); if (r->priv_key != NULL) BN_clear_free(r->priv_key); Free(r); |