[openssl-users] i2d_X509_SIG() in FIPS mode
gayathri.annur at gmail.com
Fri Feb 6 09:46:28 UTC 2015
Thanks Steve for looking into this. Earlier I have tested the same way and
no values came in der.
Finally i find out the crash reason. For getting digest we have used
ASN1_item_digest() and in this we have passed digest type as EVP_MD5()
which is not allowed in fips and its not thrown any error. And got return
value of this api as SUCCESS. Later i changed this to EVP_sha1() and able
to get the value in i2d_X509_SIG().
On Thu, Feb 5, 2015 at 7:21 PM, Dr. Stephen Henson <steve at openssl.org>
> On Thu, Feb 05, 2015, Gayathri Manoj wrote:
> > Tried with above method and its not worked. Please let me know is it
> > possible to use NID_md5WithRSAEncryption, NID_md5 in fips mode.
> I threw together a quick test program and it has no problems for me. Let
> me know if it doesn't work for you.
> #include <stdio.h>
> #include <openssl/x509.h>
> #include <openssl/bio.h>
> int len;
> unsigned char *der = NULL;
> BIO *out;
> X509_SIG *sig = X509_SIG_new();
> printf("Fips mode is %d\n", FIPS_mode());
> X509_ALGOR_set0(sig->algor, OBJ_nid2obj(NID_md5), V_ASN1_NULL, NULL);
> ASN1_STRING_set(sig->digest, "Hello World", -1);
> len = i2d_X509_SIG(sig, &der);
> out = BIO_new_fp(stdout, BIO_NOCLOSE);
> ASN1_parse(out, der, len, 0);
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users