Timestamp Protocol Wrapper (RFC 3161)

openssl-sys/src/handwritten/x509.rs

@@ -213,8 +213,7 @@ extern "C" {
     pub fn X509_ALGOR_new() -> *mut X509_ALGOR;
     pub fn X509_ALGOR_free(x: *mut X509_ALGOR);
 
-    #[cfg(ossl101)]
-    pub fn X509_ALGOR_set_md(alg: *mut X509_ALGOR, md: *const EVP_MD);
+    pub fn X509_ALGOR_set0(alg: *mut X509_ALGOR, aobj: *mut ASN1_OBJECT, ptype: c_int, pval: *mut c_void) -> c_int;
 
     pub fn X509_ALGOR_cmp(alg0: *const X509_ALGOR, alg1: *const X509_ALGOR) -> c_int;
 

openssl/src/ts.rs

@@ -4,6 +4,7 @@
 //! The aim is to provide enough functionality for a client to request and
 //! verify timestamps returned by a Time Stamp Authority.
 use bitflags::bitflags;
+use ffi::{ASN1_OBJECT_free, EVP_MD_get_type, OBJ_nid2obj, X509_ALGOR_set0};
 use foreign_types::{ForeignType, ForeignTypeRef};
 use libc::{c_int, c_long, c_uint};
 use openssl_macros::corresponds;
@@ -91,8 +92,13 @@ impl TsMsgImprint {
     ///
     /// `hash` must have originated from the hash function specified by `md`.
     pub fn from_prehash_with_algo(hash: &[u8], md: MessageDigest) -> Result<Self, ErrorStack> {
-        let mut algo = X509Algorithm::new()?;
-        algo.set_md(md);
+        let algo = X509Algorithm::new()?;
+
+        let aobj = unsafe { cvt_p(OBJ_nid2obj(EVP_MD_get_type(md.as_ptr())))? };
+        let res = unsafe { X509_ALGOR_set0(algo.as_ptr(), aobj, ffi::V_ASN1_NULL, ptr::null_mut()) };
+        cvt(res).inspect_err(|_| unsafe {
+            ASN1_OBJECT_free(aobj);
+        })?;
 
         let mut imprint = Self::new()?;
         imprint.set_algo(&algo)?;

openssl/src/x509/mod.rs

@@ -2290,14 +2290,6 @@ impl X509AlgorithmRef {
             Asn1ObjectRef::from_const_ptr_opt(oid).expect("algorithm oid must not be null")
         }
     }
-
-    #[cfg(ossl101)]
-    #[corresponds(X509_ALGOR_set_md)]
-    pub fn set_md(&mut self, md: MessageDigest) {
-        unsafe {
-            ffi::X509_ALGOR_set_md(self.as_ptr(), md.as_ptr());
-        }
-    }
 }
 
 impl PartialEq for X509AlgorithmRef {