EVP_PKEY_get_raw_public_key fails with OpenSSL 3.0
fus at plutonium24.de
fus at plutonium24.de
Thu Nov 10 23:35:32 UTC 2022
I have been using EVP_PKEY_get_raw_public_key with OpenSSL 1.1.1 without
any problems to extract a raw public key (secp521r1, NIST curve P-521).
With OpenSSL 3.0 this fails. I'm using this call to get the raw public
key and to compare it with a reference value I have and I also check
that the group name is "secp521r1".
This is what happens:
1) as pkey->keymgmt != NULL EVP_PKEY_get_raw_public_key calls
evp_keymgmt_util_export with selection=OSSL_KEYMGMT_SELECT_PUBLIC_KEY
2) evp_keymgmt_util_export calls evp_keymgmt_export
3) evp_keymgmt_export calls ec_export
4) ec_export fails as it does not support returning a public key without
domain parameters (selection only contains
OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
In OpenSSL 1.1.1 the pkey->keymgmt check in the first step is not
present and a totally different path is taken which returns the correct
public key.
At first this seems incompatible to me. But I think it would also be
possible that by accident I misued the function with OpenSSL 1.1.1 as
the algorithm is also not in the list of supported algorithms for
OpenSSL 1.1.1.
Is this the correct function call and what did I do wrong? Or: what
would be the correct approach to get the raw key?
Regards
Frank
More information about the openssl-users
mailing list