X509_get_pubkey() in OpenSSL 3.0?

Matt Caswell matt at openssl.org
Thu Nov 4 09:05:32 UTC 2021

Going back to the original email in this thread:

On 02/11/2021 19:42, Jason Schultz wrote:
>      mycert = PEM_read_X509(fp, NULL, 0, NULL);
>      pkey = X509_get_pubkey(mycert);
> All functions return good statuses or non-NULL pointers until the last 
> one, X509_get_pubkey() returns NULL.

The PEM_read_X509 call looks suspicious. As I understand it you have a 
fips libctx and non-fips libctx, with no providers loaded into the 
default libctx. Correct?

The public key is actually decoded as part of the PEM_read_X509(). But, 
the PEM_read_X509() call does not take a libctx parameter. Subsequently, 
it attempts to decode the embedded X509 public key and will use the 
default libctx - which has no providers and so the decode of the key 
fails. Therefore when you subsequently try to obtain the public key with 
X509_get_pubkey() you get a NULL return.

Please raise this as an issue in github.


More information about the openssl-users mailing list