TS bugfixes: Do not hardcode message digest algorithms; fix ASN1 decoding.

Submitted by: Zoltan Glozik <zglozik@opentsa.org>

diff --git a/apps/ts.c b/apps/ts.c
index b8fb50b3b58d64533219b1e283f256668befe3fb..0083f9a1e14b069422af814a1afb3b317c971546 100644 (file)
--- a/apps/ts.c
+++ b/apps/ts.c
@@ -191,16 +191,6 @@ int MAIN(int argc, char **argv)
                        if (argc-- < 1) goto usage;
                        digest = *++argv;
                        }
                        if (argc-- < 1) goto usage;
                        digest = *++argv;
                        }

-               else if (strcmp(*argv, "-md2") == 0
-                       || strcmp(*argv, "-md4") == 0
-                       || strcmp(*argv, "-md5") == 0
-                       || strcmp(*argv, "-sha") == 0
-                       || strcmp(*argv, "-sha1") == 0
-                       || strcmp(*argv, "-mdc2") == 0
-                       || strcmp(*argv, "-ripemd160") == 0)
-                       {
-                       md = EVP_get_digestbyname(*argv + 1);
-                       }

                else if (strcmp(*argv, "-rand") == 0)
                        {
                        if (argc-- < 1) goto usage;
                else if (strcmp(*argv, "-rand") == 0)
                        {
                        if (argc-- < 1) goto usage;


@@ -296,6 +286,10 @@ int MAIN(int argc, char **argv)
                        if (argc-- < 1) goto usage;
                        engine = *++argv;
                        }
                        if (argc-- < 1) goto usage;
                        engine = *++argv;
                        }

+               else if ((md = EVP_get_digestbyname(*argv + 1)) != NULL)
+                       {
+                       /* empty. */
+                       }

                else
                        goto usage;
                }
                else
                        goto usage;
                }

diff --git a/crypto/ts/ts_asn1.c b/crypto/ts/ts_asn1.c
index 808d419c4b8f16a77e1169e692ef6441ce233524..f68650595b20939a22b071d8ba131ed64a2a3ec5 100644 (file)
--- a/crypto/ts/ts_asn1.c
+++ b/crypto/ts/ts_asn1.c
@@ -89,7 +89,7 @@ ASN1_SEQUENCE(TS_REQ) = {
        ASN1_SIMPLE(TS_REQ, msg_imprint, TS_MSG_IMPRINT),
        ASN1_OPT(TS_REQ, policy_id, ASN1_OBJECT),
        ASN1_OPT(TS_REQ, nonce, ASN1_INTEGER),
        ASN1_SIMPLE(TS_REQ, msg_imprint, TS_MSG_IMPRINT),
        ASN1_OPT(TS_REQ, policy_id, ASN1_OBJECT),
        ASN1_OPT(TS_REQ, nonce, ASN1_INTEGER),

-       ASN1_OPT(TS_REQ, cert_req, ASN1_BOOLEAN),
+       ASN1_OPT(TS_REQ, cert_req, ASN1_FBOOLEAN),

        ASN1_IMP_SEQUENCE_OF_OPT(TS_REQ, extensions, X509_EXTENSION, 0)
 } ASN1_SEQUENCE_END(TS_REQ)
 
        ASN1_IMP_SEQUENCE_OF_OPT(TS_REQ, extensions, X509_EXTENSION, 0)
 } ASN1_SEQUENCE_END(TS_REQ)
 


@@ -134,7 +134,7 @@ ASN1_SEQUENCE(TS_TST_INFO) = {
        ASN1_SIMPLE(TS_TST_INFO, serial, ASN1_INTEGER),
        ASN1_SIMPLE(TS_TST_INFO, time, ASN1_GENERALIZEDTIME),
        ASN1_OPT(TS_TST_INFO, accuracy, TS_ACCURACY),
        ASN1_SIMPLE(TS_TST_INFO, serial, ASN1_INTEGER),
        ASN1_SIMPLE(TS_TST_INFO, time, ASN1_GENERALIZEDTIME),
        ASN1_OPT(TS_TST_INFO, accuracy, TS_ACCURACY),

-       ASN1_OPT(TS_TST_INFO, ordering, ASN1_BOOLEAN),
+       ASN1_OPT(TS_TST_INFO, ordering, ASN1_FBOOLEAN),

        ASN1_OPT(TS_TST_INFO, nonce, ASN1_INTEGER),
        ASN1_EXP_OPT(TS_TST_INFO, tsa, GENERAL_NAME, 0),
        ASN1_IMP_SEQUENCE_OF_OPT(TS_TST_INFO, extensions, X509_EXTENSION, 1)
        ASN1_OPT(TS_TST_INFO, nonce, ASN1_INTEGER),
        ASN1_EXP_OPT(TS_TST_INFO, tsa, GENERAL_NAME, 0),
        ASN1_IMP_SEQUENCE_OF_OPT(TS_TST_INFO, extensions, X509_EXTENSION, 1)

diff --git a/doc/apps/ts.pod b/doc/apps/ts.pod
index 95da5b7b5c8ab0fef2f45fc601521555f98c2eee..a630762f19ba242dafa6705c9be107e2832a2e58 100644 (file)
--- a/doc/apps/ts.pod
+++ b/doc/apps/ts.pod
@@ -12,7 +12,7 @@ B<-query>
 [B<-config> configfile]
 [B<-data> file_to_hash]
 [B<-digest> digest_bytes]
 [B<-config> configfile]
 [B<-data> file_to_hash]
 [B<-digest> digest_bytes]

-[B<-md2>|B<-md4>|B<-md5>|B<-sha>|B<-sha1>|B<-mdc2>|B<-ripemd160>]
+[B<-md2>|B<-md4>|B<-md5>|B<-sha>|B<-sha1>|B<-mdc2>|B<-ripemd160>|B<...>]

 [B<-policy> object_id]
 [B<-no_nonce>]
 [B<-cert>]
 [B<-policy> object_id]
 [B<-no_nonce>]
 [B<-cert>]


@@ -124,9 +124,11 @@ per byte, the bytes optionally separated by colons (e.g. 1A:F6:01:... or
 1AF601...). The number of bytes must match the message digest algorithm 
 in use. (Optional)
 
 1AF601...). The number of bytes must match the message digest algorithm 
 in use. (Optional)
 

-=item B<-md2>|B<-md4>|B<-md5>|B<-sha>|B<-sha1>|B<-mdc2>|B<-ripemd160>
+=item B<-md2>|B<-md4>|B<-md5>|B<-sha>|B<-sha1>|B<-mdc2>|B<-ripemd160>|B<...>

 
 

-The message digest to apply to the data file. The default is SHA-1. (Optional)
+The message digest to apply to the data file, it supports all the message
+digest algorithms that are supported by the openssl B<dgst> command.
+The default is SHA-1. (Optional)

 
 =item B<-policy> object_id
 
 
 =item B<-policy> object_id