<div dir="ltr"><div><div><div>Hi All,<br><br></div>Tried with above method and its not worked. Please let me know is it possible to use NID_md5WithRSAEncryption, NID_md5 in fips mode.<br><br></div>Thanks,<br></div>Gayathri<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Feb 4, 2015 at 8:56 PM, Dr. Stephen Henson <span dir="ltr"><<a href="mailto:steve@openssl.org" target="_blank">steve@openssl.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Tue, Feb 03, 2015, Gayathri Manoj wrote:<br>
<br>
> Hi Steve, Viktor,<br>
><br>
> I have tried with len also, But this also causing seg fault.<br>
> my requiremnt is to store max 2048 bit keys. Hence I used length as 512<br>
> +1.<br>
> currently i ma getting len value = 28514.<br>
><br>
> X509_SIG sig;<br>
> X509_ALGOR algor;<br>
> ASN1_OCTET_STRING digest;<br>
> ASN1_TYPE parameter;<br>
> ASN1_item_digest() // to get digest details<br>
> sig.algor = &algor;<br>
> sig.algor->algorithm=OBJ_nid2obj(NID_md5);<br>
> parameter.type=V_ASN1_NULL;<br>
> parameter.value.ptr=NULL;<br>
> sig.algor->parameter = ¶meter;<br>
> sig.digest = &digest;<br>
> sig.digest->data=(unsigned char*)msg;<br>
> sig.digest->length=datalen;<br>
> len = i2d_X509_SIG(&sig,NULL);<br>
><br>
<br>
</span>You should only use a pointer to an ASN.1 structure and not the actual<br>
structure itself because you can end up with various fields taking odd<br>
uninitialised values (I suspect the fact you haven't initialised "flags" is<br>
at least one problem here. A complete set of accessor functions unfortnately<br>
doesn't currently exist for X509_SIG so you have to access some internals.<br>
<br>
In outline something like this:<br>
<br>
X509_SIG *sig = X509_SIG_new();<br>
X509_ALGOR_set0(sig->algor, OBJ_nid2obj(nid), V_ASN1_NULL, NULL);<br>
ASN1_STRING_set(sig->digest, digest, digestlen);<br>
<span class="im HOEnZb"><br>
Steve.<br>
--<br>
Dr Stephen N. Henson. OpenSSL project core developer.<br>
Commercial tech support now available see: <a href="http://www.openssl.org" target="_blank">http://www.openssl.org</a><br>
</span><div class="HOEnZb"><div class="h5">_______________________________________________<br>
openssl-users mailing list<br>
To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-users" target="_blank">https://mta.openssl.org/mailman/listinfo/openssl-users</a><br>
</div></div></blockquote></div><br></div>