[openssl-users] i2d_X509_SIG() in FIPS mode

Dr. Stephen Henson steve at openssl.org
Thu Feb 5 12:47:10 UTC 2015

On Thu, Feb 05, 2015, Gayathri Manoj wrote:

> Hi All,
> Tried with  above method and its not worked. Please let me know  is it
> possible to use  NID_md5WithRSAEncryption, NID_md5  in fips mode.

You can use the OID and encode structures using it: the ASN.1 code is not
part of the FIPS module.

You can't use the signing or digest algorithm (at least by default) as that is
blocked in FIPS mode. But you'd get an error message and not a crash.

Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

More information about the openssl-users mailing list