X509_get_pubkey() in OpenSSL 3.0?
Matt Caswell
matt at openssl.org
Thu Nov 4 09:05:32 UTC 2021
Going back to the original email in this thread:
On 02/11/2021 19:42, Jason Schultz wrote:
> mycert = PEM_read_X509(fp, NULL, 0, NULL);
> pkey = X509_get_pubkey(mycert);
>
> All functions return good statuses or non-NULL pointers until the last
> one, X509_get_pubkey() returns NULL.
The PEM_read_X509 call looks suspicious. As I understand it you have a
fips libctx and non-fips libctx, with no providers loaded into the
default libctx. Correct?
The public key is actually decoded as part of the PEM_read_X509(). But,
the PEM_read_X509() call does not take a libctx parameter. Subsequently,
it attempts to decode the embedded X509 public key and will use the
default libctx - which has no providers and so the decode of the key
fails. Therefore when you subsequently try to obtain the public key with
X509_get_pubkey() you get a NULL return.
Please raise this as an issue in github.
Matt
More information about the openssl-users
mailing list