New -pkcs12 option to CA.pl.

Document CA.pl script.
Initialise and free up the extra DH fields
(nothing uses them yet though).

diff --git a/CHANGES b/CHANGES
index 6ef0317f98bccecdf464d123cb9f95fa89b3a0e0..6a42f9422483174e8895151e1c4b28805c359f1a 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,9 @@
 
  Changes between 0.9.4 and 0.9.5  [xx XXX 2000]
 
+  *) New -pkcs12 option to CA.pl script to write out a PKCS#12 file.
+     [Steve Henson]
+
   *) Use BN_prime_checks_size(BN_num_bits(w)) rounds of Miller-Rabin when
      generating DSA primes.
      [Ulf Möller]

diff --git a/NEWS b/NEWS
index ad7917749465432fc9464e13c9268921a74636ff..b6a3d41df599e2f3e0b6c2341263f2d9e91ba225 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -7,9 +7,27 @@
 
   Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5:
 
-      o S/MIME support
+      o S/MIME support in new 'smime' command
       o Documentation for the OpenSSL command line application
-      o 
+      o Automation of 'req' application
+      o Fixes to make s_client, s_server work under Windows
+      o Support for multiple fieldnames in SPKACs
+      o New SPKAC command line utilty and associated library functions
+      o Options to allow passwords to be passed on command line or environment
+      o New public key PEM format and options to handle it
+      o Many other fixes and enhancements to command line utilities
+      o Usable certificate chain verification
+      o Certificate purpose checking
+      o Certificate trust settings
+      o Support of authority information access extension
+      o Extensions in certificate requests
+      o Simplified X509 name and attribute routines
+      o Initial incomplete support for international character sets
+      o New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD
+      o Read only memory BIOs and simplified creation function
+      o TLS/SSL code now "tolerates" MS SGC
+      o RSA_NULL option that removes RSA patent code but keeps other
+        RSA functionality
 
   Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4:
 

diff --git a/apps/CA.pl.in b/apps/CA.pl.in
index 7c023ae71f66c5b3ccc91afb1f40341511cb9e1c..0e0b7fc0bc9c0a04f063fefeadae61ce415e3e48 100644 (file)
--- a/apps/CA.pl.in
+++ b/apps/CA.pl.in
@@ -41,6 +41,7 @@ $REQ="openssl req $SSLEAY_CONFIG";
 $CA="openssl ca $SSLEAY_CONFIG";
 $VERIFY="openssl verify";
 $X509="openssl x509";
+$PKCS12="openssl pkcs12";
 
 $CATOP="./demoCA";
 $CAKEY="cakey.pem";
@@ -99,6 +100,14 @@ foreach (@ARGV) {
                    $RET=$?;
                }
            }
+       } elsif (/^-pkcs12$/) {
+           my $cname = $ARGV[1];
+           $cname = "My Certificate" unless defined $cname;
+           system ("$PKCS12 -in newcert.pem -inkey newreq.pem " .
+                       "-certfile ${CATOP}/$CACERT -out newcert.p12 " .
+                       "-export -name \"$cname\"");
+           $RET=$?;
+           exit $RET;
        } elsif (/^-xsign$/) {
            system ("$CA -policy policy_anything -infiles newreq.pem");
            $RET=$?;

diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
index c41ace5bea74c7a57bb16af8ae5d1109d54e656c..c15b2ad48364ea6f385914978ab29b0336aab9f7 100644 (file)
--- a/crypto/dh/dh.h
+++ b/crypto/dh/dh.h
@@ -106,7 +106,7 @@ struct dh_st
        /* Place holders if we want to do X9.42 DH */
        BIGNUM *q;
        BIGNUM *j;
-       unsigned *seed;
+       unsigned char *seed;
        int seedlen;
        BIGNUM *counter;
 

diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c
index ebfbcb43471c45a3b1407c80fa92012303dc8a8c..6c21463028a7f1d9301e02022858c0da1c2f092b 100644 (file)
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -113,6 +113,11 @@ DH *DH_new_method(DH_METHOD *meth)
        ret->length=0;
        ret->pub_key=NULL;
        ret->priv_key=NULL;
+       ret->q=NULL;
+       ret->j=NULL;
+       ret->seed = NULL;
+       ret->seedlen = 0;
+       ret->counter = NULL;
        ret->method_mont_p=NULL;
        ret->references = 1;
        ret->flags=ret->meth->flags;
@@ -149,6 +154,10 @@ void DH_free(DH *r)
 
        if (r->p != NULL) BN_clear_free(r->p);
        if (r->g != NULL) BN_clear_free(r->g);
+       if (r->q != NULL) BN_clear_free(r->q);
+       if (r->j != NULL) BN_clear_free(r->j);
+       if (r->seed) Free(r->seed);
+       if (r->counter != NULL) BN_clear_free(r->counter);
        if (r->pub_key != NULL) BN_clear_free(r->pub_key);
        if (r->priv_key != NULL) BN_clear_free(r->priv_key);
        Free(r);