[openssl-users] i2d_X509_SIG() in FIPS mode
Dr. Stephen Henson
steve at openssl.org
Thu Feb 5 13:51:55 UTC 2015
On Thu, Feb 05, 2015, Gayathri Manoj wrote:
>
> Tried with above method and its not worked. Please let me know is it
> possible to use NID_md5WithRSAEncryption, NID_md5 in fips mode.
>
I threw together a quick test program and it has no problems for me. Let
me know if it doesn't work for you.
#include <stdio.h>
#include <openssl/x509.h>
#include <openssl/bio.h>
main()
{
int len;
unsigned char *der = NULL;
BIO *out;
X509_SIG *sig = X509_SIG_new();
FIPS_mode_set(1);
printf("Fips mode is %d\n", FIPS_mode());
X509_ALGOR_set0(sig->algor, OBJ_nid2obj(NID_md5), V_ASN1_NULL, NULL);
ASN1_STRING_set(sig->digest, "Hello World", -1);
len = i2d_X509_SIG(sig, &der);
out = BIO_new_fp(stdout, BIO_NOCLOSE);
ASN1_parse(out, der, len, 0);
}
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-users
mailing list