[openssl-users] i2d_X509_SIG() in FIPS mode

Gayathri Manoj gayathri.annur at gmail.com
Thu Feb 5 08:43:18 UTC 2015 

Hi All,

Tried with  above method and its not worked. Please let me know  is it
possible to use  NID_md5WithRSAEncryption, NID_md5  in fips mode.

Thanks,
Gayathri

On Wed, Feb 4, 2015 at 8:56 PM, Dr. Stephen Henson <steve at openssl.org>
wrote:

> On Tue, Feb 03, 2015, Gayathri Manoj wrote:
>
> > Hi Steve, Viktor,
> >
> > I have tried with len also, But this also causing seg fault.
> > my requiremnt is to store  max  2048 bit keys. Hence I  used  length as
> 512
> > +1.
> > currently i ma getting len value = 28514.
> >
> > X509_SIG sig;
> > X509_ALGOR algor;
> > ASN1_OCTET_STRING digest;
> > ASN1_TYPE parameter;
> >    ASN1_item_digest() // to get digest details
> >    sig.algor = &algor;
> >     sig.algor->algorithm=OBJ_nid2obj(NID_md5);
> >     parameter.type=V_ASN1_NULL;
> >     parameter.value.ptr=NULL;
> >     sig.algor->parameter = ¶meter;
> >     sig.digest = &digest;
> >     sig.digest->data=(unsigned char*)msg;
> >     sig.digest->length=datalen;
> >     len = i2d_X509_SIG(&sig,NULL);
> >
>
> You should only use a pointer to an ASN.1 structure and not the actual
> structure itself because you can end up with various fields taking odd
> uninitialised values (I suspect the fact you haven't initialised "flags" is
> at least one problem here. A complete set of accessor functions
> unfortnately
> doesn't currently exist for X509_SIG so you have to access some internals.
>
> In outline something like this:
>
> X509_SIG *sig = X509_SIG_new();
> X509_ALGOR_set0(sig->algor, OBJ_nid2obj(nid), V_ASN1_NULL, NULL);
> ASN1_STRING_set(sig->digest, digest, digestlen);
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150205/d5f9519c/attachment.html>

More information about the openssl-users mailing list