What is the correct way to use OSSL_DECODER
Milan Kaše
milan.kase at gmail.com
Wed Jan 12 08:41:32 UTC 2022
By further comparing the scenario with the built-in file provider and
my external provider I found that this has something to do with
library contexts.
When x509_pubkey_ex_d2i_ex tries to decode the certificate's public
key it always uses the default library context. When loading a
certificate from a file through the default provider the
OSSL_DECODER_CTX_new_for_pkey sets up decoders in this context
correctly. However when loading a certificate from my provider the
default provider has not been activated and
OSSL_DECODER_CTX_new_for_pkey contains no decoder thus the following
DECODER_from_bio fails to decode the certificate public key.
If I "hack" my provider_init function and force load the default
provider into the default library context then things start to work.
Then I realized I can also add provider on the command line:
openssl cms -sign -signer myprov:cert=0014 -provider myprov -provider default
and this work too.
How is this supposed to work?
Thanks,
Milan
More information about the openssl-users
mailing list