TS bugfixes: Do not hardcode message digest algorithms; fix ASN1 decoding.

Submitted by: Zoltan Glozik <zglozik@opentsa.org>
2024-11-21 01:15:20 +08:00 · 2006-02-26 23:34:53 +00:00 · 2006-02-26 23:34:53 +00:00 · 11503177d1
commit 11503177d1
parent 9ab899a660
3 changed files with 11 additions and 15 deletions
--- a/apps/ts.c
+++ b/apps/ts.c
@ -191,16 +191,6 @@ int MAIN(int argc, char **argv)
 			if (argc-- < 1) goto usage;
 			digest = *++argv;
 			}
-		else if (strcmp(*argv, "-md2") == 0
-			|| strcmp(*argv, "-md4") == 0
-			|| strcmp(*argv, "-md5") == 0
-			|| strcmp(*argv, "-sha") == 0
-			|| strcmp(*argv, "-sha1") == 0
-			|| strcmp(*argv, "-mdc2") == 0
-			|| strcmp(*argv, "-ripemd160") == 0)
-			{
-			md = EVP_get_digestbyname(*argv + 1);
-			}
 		else if (strcmp(*argv, "-rand") == 0)
 			{
 			if (argc-- < 1) goto usage;
@ -296,6 +286,10 @@ int MAIN(int argc, char **argv)
 			if (argc-- < 1) goto usage;
 			engine = *++argv;
 			}
+		else if ((md = EVP_get_digestbyname(*argv + 1)) != NULL)
+			{
+			/* empty. */
+			}
 		else
 			goto usage;
 		}
--- a/crypto/ts/ts_asn1.c
+++ b/crypto/ts/ts_asn1.c
@ -89,7 +89,7 @@ ASN1_SEQUENCE(TS_REQ) = {
 	ASN1_SIMPLE(TS_REQ, msg_imprint, TS_MSG_IMPRINT),
 	ASN1_OPT(TS_REQ, policy_id, ASN1_OBJECT),
 	ASN1_OPT(TS_REQ, nonce, ASN1_INTEGER),
-	ASN1_OPT(TS_REQ, cert_req, ASN1_BOOLEAN),
+	ASN1_OPT(TS_REQ, cert_req, ASN1_FBOOLEAN),
 	ASN1_IMP_SEQUENCE_OF_OPT(TS_REQ, extensions, X509_EXTENSION, 0)
 } ASN1_SEQUENCE_END(TS_REQ)

@ -134,7 +134,7 @@ ASN1_SEQUENCE(TS_TST_INFO) = {
 	ASN1_SIMPLE(TS_TST_INFO, serial, ASN1_INTEGER),
 	ASN1_SIMPLE(TS_TST_INFO, time, ASN1_GENERALIZEDTIME),
 	ASN1_OPT(TS_TST_INFO, accuracy, TS_ACCURACY),
-	ASN1_OPT(TS_TST_INFO, ordering, ASN1_BOOLEAN),
+	ASN1_OPT(TS_TST_INFO, ordering, ASN1_FBOOLEAN),
 	ASN1_OPT(TS_TST_INFO, nonce, ASN1_INTEGER),
 	ASN1_EXP_OPT(TS_TST_INFO, tsa, GENERAL_NAME, 0),
 	ASN1_IMP_SEQUENCE_OF_OPT(TS_TST_INFO, extensions, X509_EXTENSION, 1)
--- a/doc/apps/ts.pod
+++ b/doc/apps/ts.pod
@ -12,7 +12,7 @@ B<-query>
 [B<-config> configfile]
 [B<-data> file_to_hash]
 [B<-digest> digest_bytes]
-[B<-md2>|B<-md4>|B<-md5>|B<-sha>|B<-sha1>|B<-mdc2>|B<-ripemd160>]
+[B<-md2>|B<-md4>|B<-md5>|B<-sha>|B<-sha1>|B<-mdc2>|B<-ripemd160>|B<...>]
 [B<-policy> object_id]
 [B<-no_nonce>]
 [B<-cert>]
@ -124,9 +124,11 @@ per byte, the bytes optionally separated by colons (e.g. 1A:F6:01:... or
 1AF601...). The number of bytes must match the message digest algorithm 
 in use. (Optional)

-=item B<-md2>|B<-md4>|B<-md5>|B<-sha>|B<-sha1>|B<-mdc2>|B<-ripemd160>
+=item B<-md2>|B<-md4>|B<-md5>|B<-sha>|B<-sha1>|B<-mdc2>|B<-ripemd160>|B<...>

-The message digest to apply to the data file. The default is SHA-1. (Optional)
+The message digest to apply to the data file, it supports all the message
+digest algorithms that are supported by the openssl B<dgst> command.
+The default is SHA-1. (Optional)

 =item B<-policy> object_id