From e20b47275109aafc559446d731e6baad4a1f55d1 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 11 Sep 2015 16:58:57 +0100 Subject: Add support for signer_digest option in TS. Based on PR#2145 Reviewed-by: Matt Caswell --- apps/ts.c | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) (limited to 'apps/ts.c') diff --git a/apps/ts.c b/apps/ts.c index b58703a77b..ac91323ac6 100644 --- a/apps/ts.c +++ b/apps/ts.c @@ -95,14 +95,14 @@ static ASN1_INTEGER *create_nonce(int bits); /* Reply related functions. */ static int reply_command(CONF *conf, char *section, char *engine, char *queryfile, char *passin, char *inkey, - char *signer, char *chain, const char *policy, - char *in, int token_in, char *out, int token_out, - int text); + const EVP_MD *md, char *signer, char *chain, + const char *policy, char *in, int token_in, + char *out, int token_out, int text); static TS_RESP *read_PKCS7(BIO *in_bio); static TS_RESP *create_response(CONF *conf, const char *section, char *engine, char *queryfile, char *passin, - char *inkey, char *signer, char *chain, - const char *policy); + char *inkey, const EVP_MD *md, char *signer, + char *chain, const char *policy); static ASN1_INTEGER *serial_cb(TS_RESP_CTX *ctx, void *data); static ASN1_INTEGER *next_serial(const char *serialfile); static int save_ts_serial(const char *serialfile, ASN1_INTEGER *serial); @@ -342,7 +342,7 @@ int ts_main(int argc, char **argv) goto opthelp; } ret = !reply_command(conf, section, engine, queryfile, - password, inkey, signer, chain, policy, + password, inkey, md, signer, chain, policy, in, token_in, out, token_out, text); break; case OPT_VERIFY: @@ -583,8 +583,8 @@ static ASN1_INTEGER *create_nonce(int bits) static int reply_command(CONF *conf, char *section, char *engine, char *queryfile, char *passin, char *inkey, - char *signer, char *chain, const char *policy, - char *in, int token_in, + const EVP_MD *md, char *signer, char *chain, + const char *policy, char *in, int token_in, char *out, int token_out, int text) { int ret = 0; @@ -605,7 +605,7 @@ static int reply_command(CONF *conf, char *section, char *engine, } } else { response = create_response(conf, section, engine, queryfile, - passin, inkey, signer, chain, policy); + passin, inkey, md, signer, chain, policy); if (response) BIO_printf(bio_err, "Response has been generated.\n"); else @@ -691,8 +691,8 @@ static TS_RESP *read_PKCS7(BIO *in_bio) static TS_RESP *create_response(CONF *conf, const char *section, char *engine, char *queryfile, char *passin, - char *inkey, char *signer, char *chain, - const char *policy) + char *inkey, const EVP_MD *md, char *signer, + char *chain, const char *policy) { int ret = 0; TS_RESP *response = NULL; @@ -717,6 +717,14 @@ static TS_RESP *create_response(CONF *conf, const char *section, char *engine, goto end; if (!TS_CONF_set_signer_key(conf, section, inkey, passin, resp_ctx)) goto end; + + if (md) { + if (!TS_RESP_CTX_set_signer_digest(resp_ctx, md)) + goto end; + } else if (!TS_CONF_set_signer_digest(conf, section, NULL, resp_ctx)) { + goto end; + } + if (!TS_CONF_set_def_policy(conf, section, policy, resp_ctx)) goto end; if (!TS_CONF_set_policies(conf, section, resp_ctx)) -- cgit v1.2.3