[openssl-users] i2d_X509_SIG() in FIPS mode

Dr. Stephen Henson steve at openssl.org
Thu Feb 5 13:51:55 UTC 2015

On Thu, Feb 05, 2015, Gayathri Manoj wrote:

> Tried with  above method and its not worked. Please let me know  is it
> possible to use  NID_md5WithRSAEncryption, NID_md5  in fips mode.

I threw together a quick test program and it has no problems for me. Let
me know if it doesn't work for you.

#include <stdio.h>
#include <openssl/x509.h>
#include <openssl/bio.h>

int len;
unsigned char *der = NULL;
BIO *out;
X509_SIG *sig = X509_SIG_new();
printf("Fips mode is %d\n", FIPS_mode());
X509_ALGOR_set0(sig->algor, OBJ_nid2obj(NID_md5), V_ASN1_NULL, NULL);
ASN1_STRING_set(sig->digest, "Hello World", -1);
len = i2d_X509_SIG(sig, &der);
out = BIO_new_fp(stdout, BIO_NOCLOSE);
ASN1_parse(out, der, len, 0);

Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

More information about the openssl-users mailing list