[openssl-users] i2d_X509_SIG() in FIPS mode

Dr. Stephen Henson steve at openssl.org
Wed Feb 4 15:26:49 UTC 2015

On Tue, Feb 03, 2015, Gayathri Manoj wrote:

> Hi Steve, Viktor,
> I have tried with len also, But this also causing seg fault.
> my requiremnt is to store  max  2048 bit keys. Hence I  used  length as 512
> +1.
> currently i ma getting len value = 28514.
> X509_SIG sig;
> X509_ALGOR algor;
> ASN1_TYPE parameter;
>    ASN1_item_digest() // to get digest details
>    sig.algor = &algor;
>     sig.algor->algorithm=OBJ_nid2obj(NID_md5);
>     parameter.type=V_ASN1_NULL;
>     parameter.value.ptr=NULL;
>     sig.algor->parameter = ¶meter;
>     sig.digest = &digest;
>     sig.digest->data=(unsigned char*)msg;
>     sig.digest->length=datalen;
>     len = i2d_X509_SIG(&sig,NULL);

You should only use a pointer to an ASN.1 structure and not the actual
structure itself because you can end up with various fields taking odd
uninitialised values (I suspect the fact you haven't initialised "flags" is
at least one problem here. A complete set of accessor functions unfortnately
doesn't currently exist for X509_SIG so you have to access some internals.

In outline something like this:

X509_SIG *sig = X509_SIG_new();
X509_ALGOR_set0(sig->algor, OBJ_nid2obj(nid), V_ASN1_NULL, NULL);
ASN1_STRING_set(sig->digest, digest, digestlen);

Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

More information about the openssl-users mailing list