Commit 90644dd7 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files 

New -pkcs12 option to CA.pl.
Document CA.pl script.
Initialise and free up the extra DH fields
(nothing uses them yet though).
parent 75b0edaa

CHANGES

+3 −0
Original line number Diff line number Diff line
@@ -4,6 +4,9 @@ 


 Changes between 0.9.4 and 0.9.5  [xx XXX 2000]



  *) New -pkcs12 option to CA.pl script to write out a PKCS#12 file.

     [Steve Henson]



  *) Use BN_prime_checks_size(BN_num_bits(w)) rounds of Miller-Rabin when

     generating DSA primes.

     [Ulf Möller]

NEWS

+20 −2
Original line number Diff line number Diff line
@@ -7,9 +7,27 @@ 


  Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5:



      o S/MIME support

      o S/MIME support in new 'smime' command

      o Documentation for the OpenSSL command line application

      o 

      o Automation of 'req' application

      o Fixes to make s_client, s_server work under Windows

      o Support for multiple fieldnames in SPKACs

      o New SPKAC command line utilty and associated library functions

      o Options to allow passwords to be passed on command line or environment

      o New public key PEM format and options to handle it

      o Many other fixes and enhancements to command line utilities

      o Usable certificate chain verification

      o Certificate purpose checking

      o Certificate trust settings

      o Support of authority information access extension

      o Extensions in certificate requests

      o Simplified X509 name and attribute routines

      o Initial incomplete support for international character sets

      o New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD

      o Read only memory BIOs and simplified creation function

      o TLS/SSL code now "tolerates" MS SGC

      o RSA_NULL option that removes RSA patent code but keeps other

        RSA functionality



  Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4:

apps/CA.pl.in

+9 −0
Original line number Diff line number Diff line
@@ -41,6 +41,7 @@ $REQ="openssl req $SSLEAY_CONFIG"; 
$CA="openssl ca $SSLEAY_CONFIG";

$VERIFY="openssl verify";

$X509="openssl x509";

$PKCS12="openssl pkcs12";



$CATOP="./demoCA";

$CAKEY="cakey.pem";
@@ -99,6 +100,14 @@ foreach (@ARGV) { 
		    $RET=$?;

		}

	    }

	} elsif (/^-pkcs12$/) {

	    my $cname = $ARGV[1];

	    $cname = "My Certificate" unless defined $cname;

	    system ("$PKCS12 -in newcert.pem -inkey newreq.pem " .

			"-certfile ${CATOP}/$CACERT -out newcert.p12 " .

			"-export -name \"$cname\"");

	    $RET=$?;

	    exit $RET;

	} elsif (/^-xsign$/) {

	    system ("$CA -policy policy_anything -infiles newreq.pem");

	    $RET=$?;

crypto/dh/dh.h

+1 −1
Original line number Diff line number Diff line
@@ -106,7 +106,7 @@ struct dh_st 
	/* Place holders if we want to do X9.42 DH */

	BIGNUM *q;

	BIGNUM *j;

	unsigned *seed;

	unsigned char *seed;

	int seedlen;

	BIGNUM *counter;

crypto/dh/dh_lib.c

+9 −0
Original line number Diff line number Diff line
@@ -113,6 +113,11 @@ DH *DH_new_method(DH_METHOD *meth) 
	ret->length=0;

	ret->pub_key=NULL;

	ret->priv_key=NULL;

	ret->q=NULL;

	ret->j=NULL;

	ret->seed = NULL;

	ret->seedlen = 0;

	ret->counter = NULL;

	ret->method_mont_p=NULL;

	ret->references = 1;

	ret->flags=ret->meth->flags;
@@ -149,6 +154,10 @@ void DH_free(DH *r) 


	if (r->p != NULL) BN_clear_free(r->p);

	if (r->g != NULL) BN_clear_free(r->g);

	if (r->q != NULL) BN_clear_free(r->q);

	if (r->j != NULL) BN_clear_free(r->j);

	if (r->seed) Free(r->seed);

	if (r->counter != NULL) BN_clear_free(r->counter);

	if (r->pub_key != NULL) BN_clear_free(r->pub_key);

	if (r->priv_key != NULL) BN_clear_free(r->priv_key);

	Free(r);