|
Hi, I am looking at porting an application that handles Card Verifiable Certificate (CVC) requests from OpenSSL 1.1.1 to 3.0.8. The requests are basic PKCS#10 but the public key algorithm uses different OIDs. To deal with this the application creates new objects and registers a new EVP_PKEY_ASN1_METHOD for each, copied from an existing. This
is sufficient for X509_REQ_get_pubkey() to work with OpenSSL 1.1.1. These are the main function calls minus error handling: OBJ_create("1.3.36.3.5.3.1", "ecc-with-sha256", "ecc-with-sha256"); meth_default = EVP_PKEY_asn1_find(NULL, NID_X9_62_id_ecPublicKey); meth_new = EVP_PKEY_asn1_new(OBJ_txt2nid("ecc-with-sha256"), 0, "EC", "G2 ECC with SHA256"); EVP_PKEY_asn1_copy(meth_new, meth_default); EVP_PKEY_asn1_add0(meth_new); ... req = PEM_read_bio_X509_REQ(in, NULL, NULL, NULL); pubkey = X509_REQ_get_pubkey(req); The same code using 3.0.8 gets a decode error from X509_PUBKEY_get0. I assume this has to do with the introduction of providers and decoders in OpenSSL 3. What are my options for treating these CVC public keys like
a regular ecPublicKey? Can I simply add the alternate OIDs to an existing decoder? Do I need to create my own duplicate of an existing decoder? Regards, Andrew. |
