From e20b47275109aafc559446d731e6baad4a1f55d1 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 11 Sep 2015 16:58:57 +0100 Subject: Add support for signer_digest option in TS. Based on PR#2145 Reviewed-by: Matt Caswell --- crypto/ts/ts_rsp_sign.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'crypto/ts/ts_rsp_sign.c') diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c index c7738b8a51..f84555d8fc 100644 --- a/crypto/ts/ts_rsp_sign.c +++ b/crypto/ts/ts_rsp_sign.c @@ -169,6 +169,8 @@ TS_RESP_CTX *TS_RESP_CTX_new() return NULL; } + ctx->signer_md = EVP_sha256(); + ctx->serial_cb = def_serial_cb; ctx->time_cb = def_time_cb; ctx->extension_cb = def_extension_cb; @@ -215,6 +217,12 @@ int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key) return 1; } +int TS_RESP_CTX_set_signer_digest(TS_RESP_CTX *ctx, const EVP_MD *md) +{ + ctx->signer_md = md; + return 1; +} + int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy) { ASN1_OBJECT_free(ctx->default_policy); @@ -700,7 +708,7 @@ static int ts_RESP_sign(TS_RESP_CTX *ctx) } if ((si = PKCS7_add_signature(p7, ctx->signer_cert, - ctx->signer_key, EVP_sha1())) == NULL) { + ctx->signer_key, ctx->signer_md)) == NULL) { TSerr(TS_F_TS_RESP_SIGN, TS_R_PKCS7_ADD_SIGNATURE_ERROR); goto err; } -- cgit v1.2.3