-/* crypto/ts/ts_resp_sign.c */
/*
* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL project
* 2002.
{
ASN1_INTEGER *serial = ASN1_INTEGER_new();
- if (!serial)
+ if (serial == NULL)
goto err;
if (!ASN1_INTEGER_set(serial, 1))
goto err;
return NULL;
}
+ ctx->signer_md = EVP_sha256();
+
ctx->serial_cb = def_serial_cb;
ctx->time_cb = def_time_cb;
ctx->extension_cb = def_extension_cb;
{
EVP_PKEY_free(ctx->signer_key);
ctx->signer_key = key;
- CRYPTO_add(&ctx->signer_key->references, +1, CRYPTO_LOCK_EVP_PKEY);
+ EVP_PKEY_up_ref(ctx->signer_key);
return 1;
}
+int TS_RESP_CTX_set_signer_digest(TS_RESP_CTX *ctx, const EVP_MD *md)
+{
+ ctx->signer_md = md;
+ return 1;
+}
+
int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy)
{
ASN1_OBJECT_free(ctx->default_policy);
}
if ((si = PKCS7_add_signature(p7, ctx->signer_cert,
- ctx->signer_key, EVP_sha1())) == NULL) {
+ ctx->signer_key, ctx->signer_md)) == NULL) {
TSerr(TS_F_TS_RESP_SIGN, TS_R_PKCS7_ADD_SIGNATURE_ERROR);
goto err;
}
{
ESS_CERT_ID *cid = NULL;
GENERAL_NAME *name = NULL;
+ unsigned char cert_sha1[SHA_DIGEST_LENGTH];
+ /* Call for side-effect of computing hash and caching extensions */
X509_check_purpose(cert, -1, 0);
if ((cid = ESS_CERT_ID_new()) == NULL)
goto err;
- if (!ASN1_OCTET_STRING_set(cid->hash, cert->sha1_hash,
- sizeof(cert->sha1_hash)))
+ X509_digest(cert, EVP_sha1(), cert_sha1, NULL);
+ if (!ASN1_OCTET_STRING_set(cid->hash, cert_sha1, SHA_DIGEST_LENGTH))
goto err;
/* Setting the issuer/serial if requested. */
projects / openssl.git / blobdiff