[openssl-users] i2d_X509_SIG() in FIPS mode

Jakob Bohm jb-openssl at wisemo.com
Wed Feb 4 14:55:58 UTC 2015 

On 03/02/2015 06:26, Gayathri Manoj wrote:
> Hi Steve, Viktor,
>
> I have tried with len also, But this also causing seg fault.
> my requiremnt is to store  max  2048 bit keys. Hence I  used length as 
> 512 +1.
> currently i ma getting len value = 28514.
>
> X509_SIG sig;
> X509_ALGOR algor;
> ASN1_OCTET_STRING digest;
> ASN1_TYPE parameter;
>    ASN1_item_digest() // to get digest details
>    sig.algor = &algor;
>     sig.algor->algorithm=OBJ_nid2obj(NID_md5);
There is the problem!  FIPS does not allow use of MD5,
probably never has.  Have you checked if thisreturned
NULL to indicate an error finding the MD5 OID?
>     parameter.type=V_ASN1_NULL;
>     parameter.value.ptr=NULL;
>     sig.algor->parameter = ¶meter;
>     sig.digest = &digest;
>     sig.digest->data=(unsigned char*)msg;
>     sig.digest->length=datalen;
>     len = i2d_X509_SIG(&sig,NULL);
Have you checked if this returns a negative value to
indicate an error?
>
> On Mon, Feb 2, 2015 at 9:31 PM, Viktor Dukhovni 
> <openssl-users at dukhovni.org <mailto:openssl-users at dukhovni.org>> wrote:
>
>     On Mon, Feb 02, 2015 at 07:15:12PM +0530, Gayathri Manoj wrote:
>
>     > unsigned char *ptr, *tmp=NULL;
>     > X509_SIG sig;
>     > ....
>
>     How is "sig" initialized?
>
>     > len=i2d_X509_SIG(sig,NULL);
>     > tmp = (unsigned char*) malloc(513);
>
>     Why 513 and not len?  What is the value of len?
>
>     > ptr=tmp;
>     > i2d_X509_SIG(&sig, &ptr);  // here causing problem.
>
Note to OpenSSL documentation team: The documentation for
the OpenSSL X509_SIG data type is circular at best, and
refers to PKCS#1 only by name, not by its currently
available location (one or more RFCs).   Also there are
apparently no documented functions using X509_SIG other
than to read/write/encode/decode the structure, the closest
I could find were some undocumented functions in pkcs12.h .


Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

More information about the openssl-users mailing list