[openssl-users] i2d_X509_SIG() in FIPS mode
Dr. Stephen Henson
steve at openssl.org
Wed Feb 4 15:26:49 UTC 2015
On Tue, Feb 03, 2015, Gayathri Manoj wrote:
> Hi Steve, Viktor,
> I have tried with len also, But this also causing seg fault.
> my requiremnt is to store max 2048 bit keys. Hence I used length as 512
> currently i ma getting len value = 28514.
> X509_SIG sig;
> X509_ALGOR algor;
> ASN1_OCTET_STRING digest;
> ASN1_TYPE parameter;
> ASN1_item_digest() // to get digest details
> sig.algor = &algor;
> sig.algor->parameter = ¶meter;
> sig.digest = &digest;
> sig.digest->data=(unsigned char*)msg;
> len = i2d_X509_SIG(&sig,NULL);
You should only use a pointer to an ASN.1 structure and not the actual
structure itself because you can end up with various fields taking odd
uninitialised values (I suspect the fact you haven't initialised "flags" is
at least one problem here. A complete set of accessor functions unfortnately
doesn't currently exist for X509_SIG so you have to access some internals.
In outline something like this:
X509_SIG *sig = X509_SIG_new();
X509_ALGOR_set0(sig->algor, OBJ_nid2obj(nid), V_ASN1_NULL, NULL);
ASN1_STRING_set(sig->digest, digest, digestlen);
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-users