diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2015-09-11 16:58:57 +0100 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2015-11-20 13:40:53 +0000 |
| commit | e20b47275109aafc559446d731e6baad4a1f55d1 (patch) | |
| tree | 81cb21ba12afa38fe00295ee9c7260ed22776559 /apps/ts.c | |
| parent | fa49924659f21454fba3d70b4f60ce76ee6059f8 (diff) | |
Add support for signer_digest option in TS.
Based on PR#2145
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'apps/ts.c')
| -rw-r--r-- | apps/ts.c | 30 |
1 files changed, 19 insertions, 11 deletions
@@ -95,14 +95,14 @@ static ASN1_INTEGER *create_nonce(int bits); /* Reply related functions. */ static int reply_command(CONF *conf, char *section, char *engine, char *queryfile, char *passin, char *inkey, - char *signer, char *chain, const char *policy, - char *in, int token_in, char *out, int token_out, - int text); + const EVP_MD *md, char *signer, char *chain, + const char *policy, char *in, int token_in, + char *out, int token_out, int text); static TS_RESP *read_PKCS7(BIO *in_bio); static TS_RESP *create_response(CONF *conf, const char *section, char *engine, char *queryfile, char *passin, - char *inkey, char *signer, char *chain, - const char *policy); + char *inkey, const EVP_MD *md, char *signer, + char *chain, const char *policy); static ASN1_INTEGER *serial_cb(TS_RESP_CTX *ctx, void *data); static ASN1_INTEGER *next_serial(const char *serialfile); static int save_ts_serial(const char *serialfile, ASN1_INTEGER *serial); @@ -342,7 +342,7 @@ int ts_main(int argc, char **argv) goto opthelp; } ret = !reply_command(conf, section, engine, queryfile, - password, inkey, signer, chain, policy, + password, inkey, md, signer, chain, policy, in, token_in, out, token_out, text); break; case OPT_VERIFY: @@ -583,8 +583,8 @@ static ASN1_INTEGER *create_nonce(int bits) static int reply_command(CONF *conf, char *section, char *engine, char *queryfile, char *passin, char *inkey, - char *signer, char *chain, const char *policy, - char *in, int token_in, + const EVP_MD *md, char *signer, char *chain, + const char *policy, char *in, int token_in, char *out, int token_out, int text) { int ret = 0; @@ -605,7 +605,7 @@ static int reply_command(CONF *conf, char *section, char *engine, } } else { response = create_response(conf, section, engine, queryfile, - passin, inkey, signer, chain, policy); + passin, inkey, md, signer, chain, policy); if (response) BIO_printf(bio_err, "Response has been generated.\n"); else @@ -691,8 +691,8 @@ static TS_RESP *read_PKCS7(BIO *in_bio) static TS_RESP *create_response(CONF *conf, const char *section, char *engine, char *queryfile, char *passin, - char *inkey, char *signer, char *chain, - const char *policy) + char *inkey, const EVP_MD *md, char *signer, + char *chain, const char *policy) { int ret = 0; TS_RESP *response = NULL; @@ -717,6 +717,14 @@ static TS_RESP *create_response(CONF *conf, const char *section, char *engine, goto end; if (!TS_CONF_set_signer_key(conf, section, inkey, passin, resp_ctx)) goto end; + + if (md) { + if (!TS_RESP_CTX_set_signer_digest(resp_ctx, md)) + goto end; + } else if (!TS_CONF_set_signer_digest(conf, section, NULL, resp_ctx)) { + goto end; + } + if (!TS_CONF_set_def_policy(conf, section, policy, resp_ctx)) goto end; if (!TS_CONF_set_policies(conf, section, resp_ctx)) |