i2d_X509_SIG() in FIPS mode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks Steve for looking into this. Earlier I have tested the same  way and
no values  came in der.

Finally i find out the crash reason. For getting digest we have used
ASN1_item_digest() and in this we have passed  digest type as EVP_MD5()
which is not allowed in fips and its not thrown any error.  And got return
value of this api as SUCCESS. Later i changed this to EVP_sha1() and able
to get the value in i2d_X509_SIG().

Thanks,
Gayathri


On Thu, Feb 5, 2015 at 7:21 PM, Dr. Stephen Henson <steve at openssl.org>
wrote:

> On Thu, Feb 05, 2015, Gayathri Manoj wrote:
>
> >
> > Tried with  above method and its not worked. Please let me know  is it
> > possible to use  NID_md5WithRSAEncryption, NID_md5  in fips mode.
> >
>
> I threw together a quick test program and it has no problems for me. Let
> me know if it doesn't work for you.
>
> #include <stdio.h>
> #include <openssl/x509.h>
> #include <openssl/bio.h>
>
> main()
> {
> int len;
> unsigned char *der = NULL;
> BIO *out;
> X509_SIG *sig = X509_SIG_new();
> FIPS_mode_set(1);
> printf("Fips mode is %d\n", FIPS_mode());
> X509_ALGOR_set0(sig->algor, OBJ_nid2obj(NID_md5), V_ASN1_NULL, NULL);
> ASN1_STRING_set(sig->digest, "Hello World", -1);
> len = i2d_X509_SIG(sig, &der);
> out = BIO_new_fp(stdout, BIO_NOCLOSE);
> ASN1_parse(out, der, len, 0);
> }
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150206/68d94a9c/attachment.html>


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux