Add support for signer_digest option in TS.
[openssl.git] / apps / ts.c
index b58703a..ac91323 100644 (file)
--- a/apps/ts.c
+++ b/apps/ts.c
@@ -95,14 +95,14 @@ static ASN1_INTEGER *create_nonce(int bits);
 /* Reply related functions. */
 static int reply_command(CONF *conf, char *section, char *engine,
                          char *queryfile, char *passin, char *inkey,
-                         char *signer, char *chain, const char *policy,
-                         char *in, int token_in, char *out, int token_out,
-                         int text);
+                         const EVP_MD *md, char *signer, char *chain,
+                         const char *policy, char *in, int token_in,
+                         char *out, int token_out, int text);
 static TS_RESP *read_PKCS7(BIO *in_bio);
 static TS_RESP *create_response(CONF *conf, const char *section, char *engine,
                                 char *queryfile, char *passin,
-                                char *inkey, char *signer, char *chain,
-                                const char *policy);
+                                char *inkey, const EVP_MD *md, char *signer,
+                                char *chain, const char *policy);
 static ASN1_INTEGER *serial_cb(TS_RESP_CTX *ctx, void *data);
 static ASN1_INTEGER *next_serial(const char *serialfile);
 static int save_ts_serial(const char *serialfile, ASN1_INTEGER *serial);
@@ -342,7 +342,7 @@ int ts_main(int argc, char **argv)
                 goto opthelp;
         }
         ret = !reply_command(conf, section, engine, queryfile,
-                             password, inkey, signer, chain, policy,
+                             password, inkey, md, signer, chain, policy,
                              in, token_in, out, token_out, text);
         break;
     case OPT_VERIFY:
@@ -583,8 +583,8 @@ static ASN1_INTEGER *create_nonce(int bits)
 
 static int reply_command(CONF *conf, char *section, char *engine,
                          char *queryfile, char *passin, char *inkey,
-                         char *signer, char *chain, const char *policy,
-                         char *in, int token_in,
+                         const EVP_MD *md, char *signer, char *chain,
+                         const char *policy, char *in, int token_in,
                          char *out, int token_out, int text)
 {
     int ret = 0;
@@ -605,7 +605,7 @@ static int reply_command(CONF *conf, char *section, char *engine,
         }
     } else {
         response = create_response(conf, section, engine, queryfile,
-                                   passin, inkey, signer, chain, policy);
+                                   passin, inkey, md, signer, chain, policy);
         if (response)
             BIO_printf(bio_err, "Response has been generated.\n");
         else
@@ -691,8 +691,8 @@ static TS_RESP *read_PKCS7(BIO *in_bio)
 
 static TS_RESP *create_response(CONF *conf, const char *section, char *engine,
                                 char *queryfile, char *passin,
-                                char *inkey, char *signer, char *chain,
-                                const char *policy)
+                                char *inkey, const EVP_MD *md, char *signer,
+                                char *chain, const char *policy)
 {
     int ret = 0;
     TS_RESP *response = NULL;
@@ -717,6 +717,14 @@ static TS_RESP *create_response(CONF *conf, const char *section, char *engine,
         goto end;
     if (!TS_CONF_set_signer_key(conf, section, inkey, passin, resp_ctx))
         goto end;
+
+    if (md) {
+        if (!TS_RESP_CTX_set_signer_digest(resp_ctx, md))
+            goto end;
+    } else if (!TS_CONF_set_signer_digest(conf, section, NULL, resp_ctx)) {
+            goto end;
+    }
+
     if (!TS_CONF_set_def_policy(conf, section, policy, resp_ctx))
         goto end;
     if (!TS_CONF_set_policies(conf, section, resp_ctx))