[openssl-users] i2d_X509_SIG() in FIPS mode
jb-openssl at wisemo.com
Wed Feb 4 14:55:58 UTC 2015
On 03/02/2015 06:26, Gayathri Manoj wrote:
> Hi Steve, Viktor,
> I have tried with len also, But this also causing seg fault.
> my requiremnt is to store max 2048 bit keys. Hence I used length as
> 512 +1.
> currently i ma getting len value = 28514.
> X509_SIG sig;
> X509_ALGOR algor;
> ASN1_OCTET_STRING digest;
> ASN1_TYPE parameter;
> ASN1_item_digest() // to get digest details
> sig.algor = &algor;
There is the problem! FIPS does not allow use of MD5,
probably never has. Have you checked if thisreturned
NULL to indicate an error finding the MD5 OID?
> sig.algor->parameter = ¶meter;
> sig.digest = &digest;
> sig.digest->data=(unsigned char*)msg;
> len = i2d_X509_SIG(&sig,NULL);
Have you checked if this returns a negative value to
indicate an error?
> On Mon, Feb 2, 2015 at 9:31 PM, Viktor Dukhovni
> <openssl-users at dukhovni.org <mailto:openssl-users at dukhovni.org>> wrote:
> On Mon, Feb 02, 2015 at 07:15:12PM +0530, Gayathri Manoj wrote:
> > unsigned char *ptr, *tmp=NULL;
> > X509_SIG sig;
> > ....
> How is "sig" initialized?
> > len=i2d_X509_SIG(sig,NULL);
> > tmp = (unsigned char*) malloc(513);
> Why 513 and not len? What is the value of len?
> > ptr=tmp;
> > i2d_X509_SIG(&sig, &ptr); // here causing problem.
Note to OpenSSL documentation team: The documentation for
the OpenSSL X509_SIG data type is circular at best, and
refers to PKCS#1 only by name, not by its currently
available location (one or more RFCs). Also there are
apparently no documented functions using X509_SIG other
than to read/write/encode/decode the structure, the closest
I could find were some undocumented functions in pkcs12.h .
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
More information about the openssl-users