/* Reply related functions. */
static int reply_command(CONF *conf, char *section, char *engine,
char *queryfile, char *passin, char *inkey,
- char *signer, char *chain, const char *policy,
- char *in, int token_in, char *out, int token_out,
- int text);
+ const EVP_MD *md, char *signer, char *chain,
+ const char *policy, char *in, int token_in,
+ char *out, int token_out, int text);
static TS_RESP *read_PKCS7(BIO *in_bio);
static TS_RESP *create_response(CONF *conf, const char *section, char *engine,
char *queryfile, char *passin,
- char *inkey, char *signer, char *chain,
- const char *policy);
+ char *inkey, const EVP_MD *md, char *signer,
+ char *chain, const char *policy);
static ASN1_INTEGER *serial_cb(TS_RESP_CTX *ctx, void *data);
static ASN1_INTEGER *next_serial(const char *serialfile);
static int save_ts_serial(const char *serialfile, ASN1_INTEGER *serial);
goto opthelp;
}
ret = !reply_command(conf, section, engine, queryfile,
- password, inkey, signer, chain, policy,
+ password, inkey, md, signer, chain, policy,
in, token_in, out, token_out, text);
break;
case OPT_VERIFY:
return 0;
if (input) {
- EVP_MD_CTX md_ctx;
+ EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
unsigned char buffer[4096];
int length;
+ if (md_ctx == NULL)
+ return 0;
*md_value = app_malloc(md_value_len, "digest buffer");
- EVP_DigestInit(&md_ctx, md);
+ EVP_DigestInit(md_ctx, md);
while ((length = BIO_read(input, buffer, sizeof(buffer))) > 0) {
- EVP_DigestUpdate(&md_ctx, buffer, length);
+ EVP_DigestUpdate(md_ctx, buffer, length);
}
- if (!EVP_DigestFinal(&md_ctx, *md_value, NULL))
+ if (!EVP_DigestFinal(md_ctx, *md_value, NULL)) {
+ EVP_MD_CTX_free(md_ctx);
return 0;
+ }
+ EVP_MD_CTX_free(md_ctx);
} else {
long digest_len;
*md_value = string_to_hex(digest, &digest_len);
static int reply_command(CONF *conf, char *section, char *engine,
char *queryfile, char *passin, char *inkey,
- char *signer, char *chain, const char *policy,
- char *in, int token_in,
+ const EVP_MD *md, char *signer, char *chain,
+ const char *policy, char *in, int token_in,
char *out, int token_out, int text)
{
int ret = 0;
}
} else {
response = create_response(conf, section, engine, queryfile,
- passin, inkey, signer, chain, policy);
+ passin, inkey, md, signer, chain, policy);
if (response)
BIO_printf(bio_err, "Response has been generated.\n");
else
static TS_RESP *create_response(CONF *conf, const char *section, char *engine,
char *queryfile, char *passin,
- char *inkey, char *signer, char *chain,
- const char *policy)
+ char *inkey, const EVP_MD *md, char *signer,
+ char *chain, const char *policy)
{
int ret = 0;
TS_RESP *response = NULL;
goto end;
if (!TS_CONF_set_signer_key(conf, section, inkey, passin, resp_ctx))
goto end;
+
+ if (md) {
+ if (!TS_RESP_CTX_set_signer_digest(resp_ctx, md))
+ goto end;
+ } else if (!TS_CONF_set_signer_digest(conf, section, NULL, resp_ctx)) {
+ goto end;
+ }
+
if (!TS_CONF_set_def_policy(conf, section, policy, resp_ctx))
goto end;
if (!TS_CONF_set_policies(conf, section, resp_ctx))