Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/crypto/openssl/providers/implementations/encode_decode/decode_der2key.c
104897 views
1
/*

2
 * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.

3
 *

4
 * Licensed under the Apache License 2.0 (the "License").  You may not use

5
 * this file except in compliance with the License.  You can obtain a copy

6
 * in the file LICENSE in the source distribution or at

7
 * https://www.openssl.org/source/license.html

8
 */

9


10
/*

11
 * low level APIs are deprecated for public use, but still ok for

12
 * internal use.

13
 */

14
#include "internal/deprecated.h"

15


16
#include <openssl/byteorder.h>

17
#include <openssl/core_dispatch.h>

18
#include <openssl/core_names.h>

19
#include <openssl/core_object.h>

20
#include <openssl/crypto.h>

21
#include <openssl/err.h>

22
#include <openssl/params.h>

23
#include <openssl/pem.h> /* PEM_BUFSIZE and public PEM functions */

24
#include <openssl/pkcs12.h>

25
#include <openssl/provider.h>

26
#include <openssl/x509.h>

27
#include <openssl/proverr.h>

28
#include <openssl/asn1t.h>

29
#include "internal/cryptlib.h" /* ossl_assert() */

30
#include "crypto/dh.h"

31
#include "crypto/dsa.h"

32
#include "crypto/ec.h"

33
#include "crypto/evp.h"

34
#include "crypto/ecx.h"

35
#include "crypto/rsa.h"

36
#include "crypto/ml_dsa.h"

37
#include "crypto/slh_dsa.h"

38
#include "crypto/x509.h"

39
#include "crypto/ml_kem.h"

40
#include "openssl/obj_mac.h"

41
#include "prov/bio.h"

42
#include "prov/implementations.h"

43
#include "endecoder_local.h"

44
#include "internal/nelem.h"

45
#include "ml_dsa_codecs.h"

46
#include "ml_kem_codecs.h"

47


48
#ifndef OPENSSL_NO_SLH_DSA

49
typedef struct {

50
    ASN1_OBJECT *oid;

51
} BARE_ALGOR;

52


53
typedef struct {

54
    BARE_ALGOR algor;

55
    ASN1_BIT_STRING *pubkey;

56
} BARE_PUBKEY;

57


58
ASN1_SEQUENCE(BARE_ALGOR) = {

59
    ASN1_SIMPLE(BARE_ALGOR, oid, ASN1_OBJECT),

60
} static_ASN1_SEQUENCE_END(BARE_ALGOR)

61


62
ASN1_SEQUENCE(BARE_PUBKEY) = {

63
    ASN1_EMBED(BARE_PUBKEY, algor, BARE_ALGOR),

64
    ASN1_SIMPLE(BARE_PUBKEY, pubkey, ASN1_BIT_STRING)

65
} static_ASN1_SEQUENCE_END(BARE_PUBKEY)

66
#endif /* OPENSSL_NO_SLH_DSA */

67


68
struct der2key_ctx_st; /* Forward declaration */

69
typedef int check_key_fn(void *, struct der2key_ctx_st *ctx);

70
typedef void adjust_key_fn(void *, struct der2key_ctx_st *ctx);

71
typedef void free_key_fn(void *);

72
typedef void *d2i_PKCS8_fn(const unsigned char **, long,

73
    struct der2key_ctx_st *);

74
typedef void *d2i_PUBKEY_fn(const unsigned char **, long,

75
    struct der2key_ctx_st *);

76
struct keytype_desc_st {

77
    const char *keytype_name;

78
    const OSSL_DISPATCH *fns; /* Keymgmt (to pilfer functions from) */

79


80
    /* The input structure name */

81
    const char *structure_name;

82


83
    /*

84
     * The EVP_PKEY_xxx type macro.  Should be zero for type specific

85
     * structures, non-zero when the outermost structure is PKCS#8 or

86
     * SubjectPublicKeyInfo.  This determines which of the function

87
     * pointers below will be used.

88
     */

89
    int evp_type;

90


91
    /* The selection mask for OSSL_FUNC_decoder_does_selection() */

92
    int selection_mask;

93


94
    /* For type specific decoders, we use the corresponding d2i */

95
    d2i_of_void *d2i_private_key; /* From type-specific DER */

96
    d2i_of_void *d2i_public_key; /* From type-specific DER */

97
    d2i_of_void *d2i_key_params; /* From type-specific DER */

98
    d2i_PKCS8_fn *d2i_PKCS8; /* Wrapped in a PrivateKeyInfo */

99
    d2i_PUBKEY_fn *d2i_PUBKEY; /* Wrapped in a SubjectPublicKeyInfo */

100


101
    /*

102
     * For any key, we may need to check that the key meets expectations.

103
     * This is useful when the same functions can decode several variants

104
     * of a key.

105
     */

106
    check_key_fn *check_key;

107


108
    /*

109
     * For any key, we may need to make provider specific adjustments, such

110
     * as ensure the key carries the correct library context.

111
     */

112
    adjust_key_fn *adjust_key;

113
    /* {type}_free() */

114
    free_key_fn *free_key;

115
};

116


117
/*

118
 * Context used for DER to key decoding.

119
 */

120
struct der2key_ctx_st {

121
    PROV_CTX *provctx;

122
    char propq[OSSL_MAX_PROPQUERY_SIZE];

123
    const struct keytype_desc_st *desc;

124
    /* The selection that is passed to der2key_decode() */

125
    int selection;

126
    /* Flag used to signal that a failure is fatal */

127
    unsigned int flag_fatal : 1;

128
};

129


130
typedef void *key_from_pkcs8_t(const PKCS8_PRIV_KEY_INFO *p8inf,

131
    OSSL_LIB_CTX *libctx, const char *propq);

132
static void *der2key_decode_p8(const unsigned char **input_der,

133
    long input_der_len, struct der2key_ctx_st *ctx,

134
    key_from_pkcs8_t *key_from_pkcs8)

135
{

136
    PKCS8_PRIV_KEY_INFO *p8inf = NULL;

137
    const X509_ALGOR *alg = NULL;

138
    void *key = NULL;

139


140
    if ((p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, input_der, input_der_len)) != NULL

141
        && PKCS8_pkey_get0(NULL, NULL, NULL, &alg, p8inf)

142
        && (OBJ_obj2nid(alg->algorithm) == ctx->desc->evp_type

143
            /* Allow decoding sm2 private key with id_ecPublicKey */

144
            || (OBJ_obj2nid(alg->algorithm) == NID_X9_62_id_ecPublicKey

145
                && ctx->desc->evp_type == NID_sm2)))

146
        key = key_from_pkcs8(p8inf, PROV_LIBCTX_OF(ctx->provctx), ctx->propq);

147
    PKCS8_PRIV_KEY_INFO_free(p8inf);

148


149
    return key;

150
}

151


152
/* ---------------------------------------------------------------------- */

153


154
static OSSL_FUNC_decoder_freectx_fn der2key_freectx;

155
static OSSL_FUNC_decoder_decode_fn der2key_decode;

156
static OSSL_FUNC_decoder_export_object_fn der2key_export_object;

157
static OSSL_FUNC_decoder_settable_ctx_params_fn der2key_settable_ctx_params;

158
static OSSL_FUNC_decoder_set_ctx_params_fn der2key_set_ctx_params;

159


160
static struct der2key_ctx_st *

161
der2key_newctx(void *provctx, const struct keytype_desc_st *desc)

162
{

163
    struct der2key_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx));

164


165
    if (ctx != NULL) {

166
        ctx->provctx = provctx;

167
        ctx->desc = desc;

168
    }

169
    return ctx;

170
}

171


172
static const OSSL_PARAM *der2key_settable_ctx_params(ossl_unused void *provctx)

173
{

174
    static const OSSL_PARAM settables[] = {

175
        OSSL_PARAM_utf8_string(OSSL_DECODER_PARAM_PROPERTIES, NULL, 0),

176
        OSSL_PARAM_END

177
    };

178
    return settables;

179
}

180


181
static int der2key_set_ctx_params(void *vctx, const OSSL_PARAM params[])

182
{

183
    struct der2key_ctx_st *ctx = vctx;

184
    const OSSL_PARAM *p;

185
    char *str = ctx->propq;

186


187
    p = OSSL_PARAM_locate_const(params, OSSL_DECODER_PARAM_PROPERTIES);

188
    if (p != NULL && !OSSL_PARAM_get_utf8_string(p, &str, sizeof(ctx->propq)))

189
        return 0;

190


191
    return 1;

192
}

193


194
static void der2key_freectx(void *vctx)

195
{

196
    struct der2key_ctx_st *ctx = vctx;

197


198
    OPENSSL_free(ctx);

199
}

200


201
static int der2key_check_selection(int selection,

202
    const struct keytype_desc_st *desc)

203
{

204
    /*

205
     * The selections are kinda sorta "levels", i.e. each selection given

206
     * here is assumed to include those following.

207
     */

208
    int checks[] = {

209
        OSSL_KEYMGMT_SELECT_PRIVATE_KEY,

210
        OSSL_KEYMGMT_SELECT_PUBLIC_KEY,

211
        OSSL_KEYMGMT_SELECT_ALL_PARAMETERS

212
    };

213
    size_t i;

214


215
    /* The decoder implementations made here support guessing */

216
    if (selection == 0)

217
        return 1;

218


219
    for (i = 0; i < OSSL_NELEM(checks); i++) {

220
        int check1 = (selection & checks[i]) != 0;

221
        int check2 = (desc->selection_mask & checks[i]) != 0;

222


223
        /*

224
         * If the caller asked for the currently checked bit(s), return

225
         * whether the decoder description says it's supported.

226
         */

227
        if (check1)

228
            return check2;

229
    }

230


231
    /* This should be dead code, but just to be safe... */

232
    return 0;

233
}

234


235
static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,

236
    OSSL_CALLBACK *data_cb, void *data_cbarg,

237
    OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)

238
{

239
    struct der2key_ctx_st *ctx = vctx;

240
    unsigned char *der = NULL;

241
    const unsigned char *derp;

242
    long der_len = 0;

243
    void *key = NULL;

244
    int ok = 0;

245


246
    ctx->selection = selection;

247
    /*

248
     * The caller is allowed to specify 0 as a selection mask, to have the

249
     * structure and key type guessed.  For type-specific structures, this

250
     * is not recommended, as some structures are very similar.

251
     * Note that 0 isn't the same as OSSL_KEYMGMT_SELECT_ALL, as the latter

252
     * signifies a private key structure, where everything else is assumed

253
     * to be present as well.

254
     */

255
    if (selection == 0)

256
        selection = ctx->desc->selection_mask;

257
    if ((selection & ctx->desc->selection_mask) == 0) {

258
        ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);

259
        return 0;

260
    }

261


262
    ok = ossl_read_der(ctx->provctx, cin, &der, &der_len);

263
    if (!ok)

264
        goto next;

265


266
    ok = 0; /* Assume that we fail */

267


268
    ERR_set_mark();

269
    if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {

270
        derp = der;

271
        if (ctx->desc->d2i_PKCS8 != NULL) {

272
            key = ctx->desc->d2i_PKCS8(&derp, der_len, ctx);

273
            if (ctx->flag_fatal) {

274
                ERR_clear_last_mark();

275
                goto end;

276
            }

277
        } else if (ctx->desc->d2i_private_key != NULL) {

278
            key = ctx->desc->d2i_private_key(NULL, &derp, der_len);

279
        }

280
        if (key == NULL && ctx->selection != 0) {

281
            ERR_clear_last_mark();

282
            goto next;

283
        }

284
    }

285
    if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {

286
        derp = der;

287
        if (ctx->desc->d2i_PUBKEY != NULL)

288
            key = ctx->desc->d2i_PUBKEY(&derp, der_len, ctx);

289
        else if (ctx->desc->d2i_public_key != NULL)

290
            key = ctx->desc->d2i_public_key(NULL, &derp, der_len);

291
        if (key == NULL && ctx->selection != 0) {

292
            ERR_clear_last_mark();

293
            goto next;

294
        }

295
    }

296
    if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) {

297
        derp = der;

298
        if (ctx->desc->d2i_key_params != NULL)

299
            key = ctx->desc->d2i_key_params(NULL, &derp, der_len);

300
        if (key == NULL && ctx->selection != 0) {

301
            ERR_clear_last_mark();

302
            goto next;

303
        }

304
    }

305
    if (key == NULL)

306
        ERR_clear_last_mark();

307
    else

308
        ERR_pop_to_mark();

309


310
    /*

311
     * Last minute check to see if this was the correct type of key.  This

312
     * should never lead to a fatal error, i.e. the decoding itself was

313
     * correct, it was just an unexpected key type.  This is generally for

314
     * classes of key types that have subtle variants, like RSA-PSS keys as

315
     * opposed to plain RSA keys.

316
     */

317
    if (key != NULL

318
        && ctx->desc->check_key != NULL

319
        && !ctx->desc->check_key(key, ctx)) {

320
        ctx->desc->free_key(key);

321
        key = NULL;

322
    }

323


324
    if (key != NULL && ctx->desc->adjust_key != NULL)

325
        ctx->desc->adjust_key(key, ctx);

326


327
next:

328
    /*

329
     * Indicated that we successfully decoded something, or not at all.

330
     * Ending up "empty handed" is not an error.

331
     */

332
    ok = 1;

333


334
    /*

335
     * We free memory here so it's not held up during the callback, because

336
     * we know the process is recursive and the allocated chunks of memory

337
     * add up.

338
     */

339
    OPENSSL_free(der);

340
    der = NULL;

341


342
    if (key != NULL) {

343
        OSSL_PARAM params[4];

344
        int object_type = OSSL_OBJECT_PKEY;

345


346
        params[0] = OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &object_type);

347


348
#ifndef OPENSSL_NO_SM2

349
        if (strcmp(ctx->desc->keytype_name, "EC") == 0

350
            && (EC_KEY_get_flags(key) & EC_FLAG_SM2_RANGE) != 0)

351
            params[1] = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE,

352
                "SM2", 0);

353
        else

354
#endif

355
            params[1] = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE,

356
                (char *)ctx->desc->keytype_name,

357
                0);

358
        /* The address of the key becomes the octet string */

359
        params[2] = OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE,

360
            &key, sizeof(key));

361
        params[3] = OSSL_PARAM_construct_end();

362


363
        ok = data_cb(params, data_cbarg);

364
    }

365


366
end:

367
    ctx->desc->free_key(key);

368
    OPENSSL_free(der);

369


370
    return ok;

371
}

372


373
static int der2key_export_object(void *vctx,

374
    const void *reference, size_t reference_sz,

375
    OSSL_CALLBACK *export_cb, void *export_cbarg)

376
{

377
    struct der2key_ctx_st *ctx = vctx;

378
    OSSL_FUNC_keymgmt_export_fn *export = ossl_prov_get_keymgmt_export(ctx->desc->fns);

379
    void *keydata;

380


381
    if (reference_sz == sizeof(keydata) && export != NULL) {

382
        int selection = ctx->selection;

383


384
        if (selection == 0)

385
            selection = OSSL_KEYMGMT_SELECT_ALL;

386
        /* The contents of the reference is the address to our object */

387
        keydata = *(void **)reference;

388


389
        return export(keydata, selection, export_cb, export_cbarg);

390
    }

391
    return 0;

392
}

393


394
#define D2I_PUBKEY_NOCTX(n, f)                              \

395
    static void *                                           \

396
    n##_d2i_PUBKEY(const unsigned char **der, long der_len, \

397
        ossl_unused struct der2key_ctx_st *ctx)             \

398
    {                                                       \

399
        return f(NULL, der, der_len);                       \

400
    }

401


402
/* ---------------------------------------------------------------------- */

403


404
#ifndef OPENSSL_NO_DH

405
#define dh_evp_type EVP_PKEY_DH

406
#define dh_d2i_private_key NULL

407
#define dh_d2i_public_key NULL

408
#define dh_d2i_key_params (d2i_of_void *)d2i_DHparams

409
#define dh_free (free_key_fn *)DH_free

410
#define dh_check NULL

411


412
static void *dh_d2i_PKCS8(const unsigned char **der, long der_len,

413
    struct der2key_ctx_st *ctx)

414
{

415
    return der2key_decode_p8(der, der_len, ctx,

416
        (key_from_pkcs8_t *)ossl_dh_key_from_pkcs8);

417
}

418


419
D2I_PUBKEY_NOCTX(dh, ossl_d2i_DH_PUBKEY)

420
D2I_PUBKEY_NOCTX(dhx, ossl_d2i_DHx_PUBKEY)

421


422
static void dh_adjust(void *key, struct der2key_ctx_st *ctx)

423
{

424
    ossl_dh_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));

425
}

426


427
#define dhx_evp_type EVP_PKEY_DHX

428
#define dhx_d2i_private_key NULL

429
#define dhx_d2i_public_key NULL

430
#define dhx_d2i_key_params (d2i_of_void *)d2i_DHxparams

431
#define dhx_d2i_PKCS8 dh_d2i_PKCS8

432
#define dhx_free (free_key_fn *)DH_free

433
#define dhx_check NULL

434
#define dhx_adjust dh_adjust

435
#endif

436


437
/* ---------------------------------------------------------------------- */

438


439
#ifndef OPENSSL_NO_DSA

440
#define dsa_evp_type EVP_PKEY_DSA

441
#define dsa_d2i_private_key (d2i_of_void *)d2i_DSAPrivateKey

442
#define dsa_d2i_public_key (d2i_of_void *)d2i_DSAPublicKey

443
#define dsa_d2i_key_params (d2i_of_void *)d2i_DSAparams

444
#define dsa_free (free_key_fn *)DSA_free

445
#define dsa_check NULL

446


447
static void *dsa_d2i_PKCS8(const unsigned char **der, long der_len,

448
    struct der2key_ctx_st *ctx)

449
{

450
    return der2key_decode_p8(der, der_len, ctx,

451
        (key_from_pkcs8_t *)ossl_dsa_key_from_pkcs8);

452
}

453


454
D2I_PUBKEY_NOCTX(dsa, ossl_d2i_DSA_PUBKEY)

455


456
static void dsa_adjust(void *key, struct der2key_ctx_st *ctx)

457
{

458
    ossl_dsa_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));

459
}

460
#endif

461


462
/* ---------------------------------------------------------------------- */

463


464
#ifndef OPENSSL_NO_EC

465
#define ec_evp_type EVP_PKEY_EC

466
#define ec_d2i_private_key (d2i_of_void *)d2i_ECPrivateKey

467
#define ec_d2i_public_key NULL

468
#define ec_d2i_key_params (d2i_of_void *)d2i_ECParameters

469
#define ec_free (free_key_fn *)EC_KEY_free

470


471
static void *ec_d2i_PKCS8(const unsigned char **der, long der_len,

472
    struct der2key_ctx_st *ctx)

473
{

474
    return der2key_decode_p8(der, der_len, ctx,

475
        (key_from_pkcs8_t *)ossl_ec_key_from_pkcs8);

476
}

477


478
D2I_PUBKEY_NOCTX(ec, d2i_EC_PUBKEY)

479


480
static int ec_check(void *key, struct der2key_ctx_st *ctx)

481
{

482
    /* We're trying to be clever by comparing two truths */

483
    int ret = 0;

484
    int sm2 = (EC_KEY_get_flags(key) & EC_FLAG_SM2_RANGE) != 0;

485


486
    if (sm2)

487
        ret = ctx->desc->evp_type == EVP_PKEY_SM2

488
            || ctx->desc->evp_type == NID_X9_62_id_ecPublicKey;

489
    else

490
        ret = ctx->desc->evp_type != EVP_PKEY_SM2;

491


492
    return ret;

493
}

494


495
static void ec_adjust(void *key, struct der2key_ctx_st *ctx)

496
{

497
    ossl_ec_key_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));

498
}

499


500
#ifndef OPENSSL_NO_ECX

501
/*

502
 * ED25519, ED448, X25519, X448 only implement PKCS#8 and SubjectPublicKeyInfo,

503
 * so no d2i functions to be had.

504
 */

505


506
static void *ecx_d2i_PKCS8(const unsigned char **der, long der_len,

507
    struct der2key_ctx_st *ctx)

508
{

509
    return der2key_decode_p8(der, der_len, ctx,

510
        (key_from_pkcs8_t *)ossl_ecx_key_from_pkcs8);

511
}

512


513
D2I_PUBKEY_NOCTX(ed25519, ossl_d2i_ED25519_PUBKEY)

514
D2I_PUBKEY_NOCTX(ed448, ossl_d2i_ED448_PUBKEY)

515
D2I_PUBKEY_NOCTX(x25519, ossl_d2i_X25519_PUBKEY)

516
D2I_PUBKEY_NOCTX(x448, ossl_d2i_X448_PUBKEY)

517


518
static void ecx_key_adjust(void *key, struct der2key_ctx_st *ctx)

519
{

520
    ossl_ecx_key_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));

521
}

522


523
#define ed25519_evp_type EVP_PKEY_ED25519

524
#define ed25519_d2i_private_key NULL

525
#define ed25519_d2i_public_key NULL

526
#define ed25519_d2i_key_params NULL

527
#define ed25519_d2i_PKCS8 ecx_d2i_PKCS8

528
#define ed25519_free (free_key_fn *)ossl_ecx_key_free

529
#define ed25519_check NULL

530
#define ed25519_adjust ecx_key_adjust

531


532
#define ed448_evp_type EVP_PKEY_ED448

533
#define ed448_d2i_private_key NULL

534
#define ed448_d2i_public_key NULL

535
#define ed448_d2i_key_params NULL

536
#define ed448_d2i_PKCS8 ecx_d2i_PKCS8

537
#define ed448_free (free_key_fn *)ossl_ecx_key_free

538
#define ed448_check NULL

539
#define ed448_adjust ecx_key_adjust

540


541
#define x25519_evp_type EVP_PKEY_X25519

542
#define x25519_d2i_private_key NULL

543
#define x25519_d2i_public_key NULL

544
#define x25519_d2i_key_params NULL

545
#define x25519_d2i_PKCS8 ecx_d2i_PKCS8

546
#define x25519_free (free_key_fn *)ossl_ecx_key_free

547
#define x25519_check NULL

548
#define x25519_adjust ecx_key_adjust

549


550
#define x448_evp_type EVP_PKEY_X448

551
#define x448_d2i_private_key NULL

552
#define x448_d2i_public_key NULL

553
#define x448_d2i_key_params NULL

554
#define x448_d2i_PKCS8 ecx_d2i_PKCS8

555
#define x448_free (free_key_fn *)ossl_ecx_key_free

556
#define x448_check NULL

557
#define x448_adjust ecx_key_adjust

558
#endif /* OPENSSL_NO_ECX */

559


560
#ifndef OPENSSL_NO_SM2

561
#define sm2_evp_type EVP_PKEY_SM2

562
#define sm2_d2i_private_key (d2i_of_void *)d2i_ECPrivateKey

563
#define sm2_d2i_public_key NULL

564
#define sm2_d2i_key_params (d2i_of_void *)d2i_ECParameters

565
#define sm2_d2i_PUBKEY ec_d2i_PUBKEY

566
#define sm2_free (free_key_fn *)EC_KEY_free

567
#define sm2_check ec_check

568
#define sm2_adjust ec_adjust

569


570
static void *sm2_d2i_PKCS8(const unsigned char **der, long der_len,

571
    struct der2key_ctx_st *ctx)

572
{

573
    return der2key_decode_p8(der, der_len, ctx,

574
        (key_from_pkcs8_t *)ossl_ec_key_from_pkcs8);

575
}

576
#endif

577


578
#endif

579


580
/* ---------------------------------------------------------------------- */

581


582
#ifndef OPENSSL_NO_ML_KEM

583
static void *

584
ml_kem_d2i_PKCS8(const uint8_t **der, long der_len, struct der2key_ctx_st *ctx)

585
{

586
    ML_KEM_KEY *key;

587


588
    key = ossl_ml_kem_d2i_PKCS8(*der, der_len, ctx->desc->evp_type,

589
        ctx->provctx, ctx->propq);

590
    if (key != NULL)

591
        *der += der_len;

592
    return key;

593
}

594


595
static ossl_inline void *

596
ml_kem_d2i_PUBKEY(const uint8_t **der, long der_len,

597
    struct der2key_ctx_st *ctx)

598
{

599
    ML_KEM_KEY *key;

600


601
    key = ossl_ml_kem_d2i_PUBKEY(*der, der_len, ctx->desc->evp_type,

602
        ctx->provctx, ctx->propq);

603
    if (key != NULL)

604
        *der += der_len;

605
    return key;

606
}

607


608
#define ml_kem_512_evp_type EVP_PKEY_ML_KEM_512

609
#define ml_kem_512_d2i_private_key NULL

610
#define ml_kem_512_d2i_public_key NULL

611
#define ml_kem_512_d2i_key_params NULL

612
#define ml_kem_512_d2i_PUBKEY ml_kem_d2i_PUBKEY

613
#define ml_kem_512_d2i_PKCS8 ml_kem_d2i_PKCS8

614
#define ml_kem_512_free (free_key_fn *)ossl_ml_kem_key_free

615
#define ml_kem_512_check NULL

616
#define ml_kem_512_adjust NULL

617


618
#define ml_kem_768_evp_type EVP_PKEY_ML_KEM_768

619
#define ml_kem_768_d2i_private_key NULL

620
#define ml_kem_768_d2i_public_key NULL

621
#define ml_kem_768_d2i_key_params NULL

622
#define ml_kem_768_d2i_PUBKEY ml_kem_d2i_PUBKEY

623
#define ml_kem_768_d2i_PKCS8 ml_kem_d2i_PKCS8

624
#define ml_kem_768_free (free_key_fn *)ossl_ml_kem_key_free

625
#define ml_kem_768_check NULL

626
#define ml_kem_768_adjust NULL

627


628
#define ml_kem_1024_evp_type EVP_PKEY_ML_KEM_1024

629
#define ml_kem_1024_d2i_private_key NULL

630
#define ml_kem_1024_d2i_public_key NULL

631
#define ml_kem_1024_d2i_PUBKEY ml_kem_d2i_PUBKEY

632
#define ml_kem_1024_d2i_PKCS8 ml_kem_d2i_PKCS8

633
#define ml_kem_1024_d2i_key_params NULL

634
#define ml_kem_1024_free (free_key_fn *)ossl_ml_kem_key_free

635
#define ml_kem_1024_check NULL

636
#define ml_kem_1024_adjust NULL

637


638
#endif

639


640
#ifndef OPENSSL_NO_SLH_DSA

641
static void *

642
slh_dsa_d2i_PKCS8(const uint8_t **der, long der_len, struct der2key_ctx_st *ctx)

643
{

644
    SLH_DSA_KEY *key = NULL, *ret = NULL;

645
    OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);

646
    PKCS8_PRIV_KEY_INFO *p8inf = NULL;

647
    const unsigned char *p;

648
    const X509_ALGOR *alg = NULL;

649
    int plen, ptype;

650


651
    if ((p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, der, der_len)) == NULL

652
        || !PKCS8_pkey_get0(NULL, &p, &plen, &alg, p8inf))

653
        goto end;

654


655
    /* Algorithm parameters must be absent. */

656
    if ((X509_ALGOR_get0(NULL, &ptype, NULL, alg), ptype != V_ASN1_UNDEF)) {

657
        ERR_raise_data(ERR_LIB_PROV, PROV_R_UNEXPECTED_KEY_PARAMETERS,

658
            "unexpected parameters with a PKCS#8 %s private key",

659
            ctx->desc->keytype_name);

660
        goto end;

661
    }

662
    if (OBJ_obj2nid(alg->algorithm) != ctx->desc->evp_type)

663
        goto end;

664
    if ((key = ossl_slh_dsa_key_new(libctx, ctx->propq,

665
             ctx->desc->keytype_name))

666
        == NULL)

667
        goto end;

668


669
    if (!ossl_slh_dsa_set_priv(key, p, plen))

670
        goto end;

671
    ret = key;

672
end:

673
    PKCS8_PRIV_KEY_INFO_free(p8inf);

674
    if (ret == NULL)

675
        ossl_slh_dsa_key_free(key);

676
    return ret;

677
}

678


679
static ossl_inline void *slh_dsa_d2i_PUBKEY(const uint8_t **der, long der_len,

680
    struct der2key_ctx_st *ctx)

681
{

682
    int ok = 0;

683
    OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);

684
    SLH_DSA_KEY *ret = NULL;

685
    BARE_PUBKEY *spki = NULL;

686
    const uint8_t *end = *der;

687
    size_t len;

688


689
    ret = ossl_slh_dsa_key_new(libctx, ctx->propq, ctx->desc->keytype_name);

690
    if (ret == NULL)

691
        return NULL;

692
    len = ossl_slh_dsa_key_get_pub_len(ret);

693


694
    /*-

695
     * The DER ASN.1 encoding of SLH-DSA public keys prepends 18 bytes to the

696
     * encoded public key (since the largest public key size is 64 bytes):

697
     *

698
     * - 2 byte outer sequence tag and length

699
     * -  2 byte algorithm sequence tag and length

700
     * -    2 byte algorithm OID tag and length

701
     * -      9 byte algorithm OID

702
     * -  2 byte bit string tag and length

703
     * -    1 bitstring lead byte

704
     *

705
     * Check that we have the right OID, the bit string has no "bits left" and

706
     * that we consume all the input exactly.

707
     */

708
    if (der_len != 18 + (long)len) {

709
        ERR_raise_data(ERR_LIB_PROV, PROV_R_BAD_ENCODING,

710
            "unexpected %s public key length: %ld != %ld",

711
            ctx->desc->keytype_name, der_len,

712
            18 + (long)len);

713
        goto err;

714
    }

715


716
    if ((spki = OPENSSL_zalloc(sizeof(*spki))) == NULL)

717
        goto err;

718


719
    /* The spki storage is freed on error */

720
    if (ASN1_item_d2i_ex((ASN1_VALUE **)&spki, &end, der_len,

721
            ASN1_ITEM_rptr(BARE_PUBKEY), NULL, NULL)

722
        == NULL) {

723
        ERR_raise_data(ERR_LIB_PROV, PROV_R_BAD_ENCODING,

724
            "malformed %s public key ASN.1 encoding",

725
            ossl_slh_dsa_key_get_name(ret));

726
        goto err;

727
    }

728


729
    /* The spki structure now owns some memory */

730
    if ((spki->pubkey->flags & 0x7) != 0 || end != *der + der_len) {

731
        ERR_raise_data(ERR_LIB_PROV, PROV_R_BAD_ENCODING,

732
            "malformed %s public key ASN.1 encoding",

733
            ossl_slh_dsa_key_get_name(ret));

734
        goto err;

735
    }

736
    if (OBJ_cmp(OBJ_nid2obj(ctx->desc->evp_type), spki->algor.oid) != 0) {

737
        ERR_raise_data(ERR_LIB_PROV, PROV_R_BAD_ENCODING,

738
            "unexpected algorithm OID for an %s public key",

739
            ossl_slh_dsa_key_get_name(ret));

740
        goto err;

741
    }

742


743
    if (!ossl_slh_dsa_set_pub(ret, spki->pubkey->data, spki->pubkey->length)) {

744
        ERR_raise_data(ERR_LIB_PROV, PROV_R_BAD_ENCODING,

745
            "failed to parse %s public key from the input data",

746
            ossl_slh_dsa_key_get_name(ret));

747
        goto err;

748
    }

749
    ok = 1;

750
err:

751
    if (spki != NULL) {

752
        ASN1_OBJECT_free(spki->algor.oid);

753
        ASN1_BIT_STRING_free(spki->pubkey);

754
        OPENSSL_free(spki);

755
    }

756
    if (!ok) {

757
        ossl_slh_dsa_key_free(ret);

758
        ret = NULL;

759
    }

760
    return ret;

761
}

762


763
#define slh_dsa_sha2_128s_evp_type EVP_PKEY_SLH_DSA_SHA2_128S

764
#define slh_dsa_sha2_128s_d2i_private_key NULL

765
#define slh_dsa_sha2_128s_d2i_public_key NULL

766
#define slh_dsa_sha2_128s_d2i_key_params NULL

767
#define slh_dsa_sha2_128s_d2i_PKCS8 slh_dsa_d2i_PKCS8

768
#define slh_dsa_sha2_128s_d2i_PUBKEY slh_dsa_d2i_PUBKEY

769
#define slh_dsa_sha2_128s_free (free_key_fn *)ossl_slh_dsa_key_free

770
#define slh_dsa_sha2_128s_check NULL

771
#define slh_dsa_sha2_128s_adjust NULL

772


773
#define slh_dsa_sha2_128f_evp_type EVP_PKEY_SLH_DSA_SHA2_128F

774
#define slh_dsa_sha2_128f_d2i_private_key NULL

775
#define slh_dsa_sha2_128f_d2i_public_key NULL

776
#define slh_dsa_sha2_128f_d2i_key_params NULL

777
#define slh_dsa_sha2_128f_d2i_PKCS8 slh_dsa_d2i_PKCS8

778
#define slh_dsa_sha2_128f_d2i_PUBKEY slh_dsa_d2i_PUBKEY

779
#define slh_dsa_sha2_128f_free (free_key_fn *)ossl_slh_dsa_key_free

780
#define slh_dsa_sha2_128f_check NULL

781
#define slh_dsa_sha2_128f_adjust NULL

782


783
#define slh_dsa_sha2_192s_evp_type EVP_PKEY_SLH_DSA_SHA2_192S

784
#define slh_dsa_sha2_192s_d2i_private_key NULL

785
#define slh_dsa_sha2_192s_d2i_public_key NULL

786
#define slh_dsa_sha2_192s_d2i_key_params NULL

787
#define slh_dsa_sha2_192s_d2i_PKCS8 slh_dsa_d2i_PKCS8

788
#define slh_dsa_sha2_192s_d2i_PUBKEY slh_dsa_d2i_PUBKEY

789
#define slh_dsa_sha2_192s_free (free_key_fn *)ossl_slh_dsa_key_free

790
#define slh_dsa_sha2_192s_check NULL

791
#define slh_dsa_sha2_192s_adjust NULL

792


793
#define slh_dsa_sha2_192f_evp_type EVP_PKEY_SLH_DSA_SHA2_192F

794
#define slh_dsa_sha2_192f_d2i_private_key NULL

795
#define slh_dsa_sha2_192f_d2i_public_key NULL

796
#define slh_dsa_sha2_192f_d2i_key_params NULL

797
#define slh_dsa_sha2_192f_d2i_PKCS8 slh_dsa_d2i_PKCS8

798
#define slh_dsa_sha2_192f_d2i_PUBKEY slh_dsa_d2i_PUBKEY

799
#define slh_dsa_sha2_192f_free (free_key_fn *)ossl_slh_dsa_key_free

800
#define slh_dsa_sha2_192f_check NULL

801
#define slh_dsa_sha2_192f_adjust NULL

802


803
#define slh_dsa_sha2_256s_evp_type EVP_PKEY_SLH_DSA_SHA2_256S

804
#define slh_dsa_sha2_256s_d2i_private_key NULL

805
#define slh_dsa_sha2_256s_d2i_public_key NULL

806
#define slh_dsa_sha2_256s_d2i_key_params NULL

807
#define slh_dsa_sha2_256s_d2i_PKCS8 slh_dsa_d2i_PKCS8

808
#define slh_dsa_sha2_256s_d2i_PUBKEY slh_dsa_d2i_PUBKEY

809
#define slh_dsa_sha2_256s_free (free_key_fn *)ossl_slh_dsa_key_free

810
#define slh_dsa_sha2_256s_check NULL

811
#define slh_dsa_sha2_256s_adjust NULL

812


813
#define slh_dsa_sha2_256f_evp_type EVP_PKEY_SLH_DSA_SHA2_256F

814
#define slh_dsa_sha2_256f_d2i_private_key NULL

815
#define slh_dsa_sha2_256f_d2i_public_key NULL

816
#define slh_dsa_sha2_256f_d2i_key_params NULL

817
#define slh_dsa_sha2_256f_d2i_PKCS8 slh_dsa_d2i_PKCS8

818
#define slh_dsa_sha2_256f_d2i_PUBKEY slh_dsa_d2i_PUBKEY

819
#define slh_dsa_sha2_256f_free (free_key_fn *)ossl_slh_dsa_key_free

820
#define slh_dsa_sha2_256f_check NULL

821
#define slh_dsa_sha2_256f_adjust NULL

822


823
#define slh_dsa_shake_128s_evp_type EVP_PKEY_SLH_DSA_SHAKE_128S

824
#define slh_dsa_shake_128s_d2i_private_key NULL

825
#define slh_dsa_shake_128s_d2i_public_key NULL

826
#define slh_dsa_shake_128s_d2i_key_params NULL

827
#define slh_dsa_shake_128s_d2i_PKCS8 slh_dsa_d2i_PKCS8

828
#define slh_dsa_shake_128s_d2i_PUBKEY slh_dsa_d2i_PUBKEY

829
#define slh_dsa_shake_128s_free (free_key_fn *)ossl_slh_dsa_key_free

830
#define slh_dsa_shake_128s_check NULL

831
#define slh_dsa_shake_128s_adjust NULL

832


833
#define slh_dsa_shake_128f_evp_type EVP_PKEY_SLH_DSA_SHAKE_128F

834
#define slh_dsa_shake_128f_d2i_private_key NULL

835
#define slh_dsa_shake_128f_d2i_public_key NULL

836
#define slh_dsa_shake_128f_d2i_key_params NULL

837
#define slh_dsa_shake_128f_d2i_PKCS8 slh_dsa_d2i_PKCS8

838
#define slh_dsa_shake_128f_d2i_PUBKEY slh_dsa_d2i_PUBKEY

839
#define slh_dsa_shake_128f_free (free_key_fn *)ossl_slh_dsa_key_free

840
#define slh_dsa_shake_128f_check NULL

841
#define slh_dsa_shake_128f_adjust NULL

842


843
#define slh_dsa_shake_192s_evp_type EVP_PKEY_SLH_DSA_SHAKE_192S

844
#define slh_dsa_shake_192s_d2i_private_key NULL

845
#define slh_dsa_shake_192s_d2i_public_key NULL

846
#define slh_dsa_shake_192s_d2i_key_params NULL

847
#define slh_dsa_shake_192s_d2i_PKCS8 slh_dsa_d2i_PKCS8

848
#define slh_dsa_shake_192s_d2i_PUBKEY slh_dsa_d2i_PUBKEY

849
#define slh_dsa_shake_192s_free (free_key_fn *)ossl_slh_dsa_key_free

850
#define slh_dsa_shake_192s_check NULL

851
#define slh_dsa_shake_192s_adjust NULL

852


853
#define slh_dsa_shake_192f_evp_type EVP_PKEY_SLH_DSA_SHAKE_192F

854
#define slh_dsa_shake_192f_d2i_private_key NULL

855
#define slh_dsa_shake_192f_d2i_public_key NULL

856
#define slh_dsa_shake_192f_d2i_key_params NULL

857
#define slh_dsa_shake_192f_d2i_PKCS8 slh_dsa_d2i_PKCS8

858
#define slh_dsa_shake_192f_d2i_PUBKEY slh_dsa_d2i_PUBKEY

859
#define slh_dsa_shake_192f_free (free_key_fn *)ossl_slh_dsa_key_free

860
#define slh_dsa_shake_192f_check NULL

861
#define slh_dsa_shake_192f_adjust NULL

862


863
#define slh_dsa_shake_256s_evp_type EVP_PKEY_SLH_DSA_SHAKE_256S

864
#define slh_dsa_shake_256s_d2i_private_key NULL

865
#define slh_dsa_shake_256s_d2i_public_key NULL

866
#define slh_dsa_shake_256s_d2i_key_params NULL

867
#define slh_dsa_shake_256s_d2i_PKCS8 slh_dsa_d2i_PKCS8

868
#define slh_dsa_shake_256s_d2i_PUBKEY slh_dsa_d2i_PUBKEY

869
#define slh_dsa_shake_256s_free (free_key_fn *)ossl_slh_dsa_key_free

870
#define slh_dsa_shake_256s_check NULL

871
#define slh_dsa_shake_256s_adjust NULL

872


873
#define slh_dsa_shake_256f_evp_type EVP_PKEY_SLH_DSA_SHAKE_256F

874
#define slh_dsa_shake_256f_d2i_private_key NULL

875
#define slh_dsa_shake_256f_d2i_public_key NULL

876
#define slh_dsa_shake_256f_d2i_key_params NULL

877
#define slh_dsa_shake_256f_d2i_PKCS8 slh_dsa_d2i_PKCS8

878
#define slh_dsa_shake_256f_d2i_PUBKEY slh_dsa_d2i_PUBKEY

879
#define slh_dsa_shake_256f_free (free_key_fn *)ossl_slh_dsa_key_free

880
#define slh_dsa_shake_256f_check NULL

881
#define slh_dsa_shake_256f_adjust NULL

882
#endif /* OPENSSL_NO_SLH_DSA */

883


884
/* ---------------------------------------------------------------------- */

885


886
#define rsa_evp_type EVP_PKEY_RSA

887
#define rsa_d2i_private_key (d2i_of_void *)d2i_RSAPrivateKey

888
#define rsa_d2i_public_key (d2i_of_void *)d2i_RSAPublicKey

889
#define rsa_d2i_key_params NULL

890
#define rsa_free (free_key_fn *)RSA_free

891


892
static void *rsa_d2i_PKCS8(const unsigned char **der, long der_len,

893
    struct der2key_ctx_st *ctx)

894
{

895
    return der2key_decode_p8(der, der_len, ctx,

896
        (key_from_pkcs8_t *)ossl_rsa_key_from_pkcs8);

897
}

898


899
static void *

900
rsa_d2i_PUBKEY(const unsigned char **der, long der_len,

901
    ossl_unused struct der2key_ctx_st *ctx)

902
{

903
    return d2i_RSA_PUBKEY(NULL, der, der_len);

904
}

905


906
static int rsa_check(void *key, struct der2key_ctx_st *ctx)

907
{

908
    int valid;

909


910
    switch (RSA_test_flags(key, RSA_FLAG_TYPE_MASK)) {

911
    case RSA_FLAG_TYPE_RSA:

912
        valid = (ctx->desc->evp_type == EVP_PKEY_RSA);

913
        break;

914
    case RSA_FLAG_TYPE_RSASSAPSS:

915
        valid = (ctx->desc->evp_type == EVP_PKEY_RSA_PSS);

916
        break;

917
    default:

918
        /* Currently unsupported RSA key type */

919
        valid = 0;

920
    }

921


922
    valid = (valid && ossl_rsa_check_factors(key));

923


924
    return valid;

925
}

926


927
static void rsa_adjust(void *key, struct der2key_ctx_st *ctx)

928
{

929
    ossl_rsa_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));

930
}

931


932
#define rsapss_evp_type EVP_PKEY_RSA_PSS

933
#define rsapss_d2i_private_key (d2i_of_void *)d2i_RSAPrivateKey

934
#define rsapss_d2i_public_key (d2i_of_void *)d2i_RSAPublicKey

935
#define rsapss_d2i_key_params NULL

936
#define rsapss_d2i_PKCS8 rsa_d2i_PKCS8

937
#define rsapss_d2i_PUBKEY rsa_d2i_PUBKEY

938
#define rsapss_free (free_key_fn *)RSA_free

939
#define rsapss_check rsa_check

940
#define rsapss_adjust rsa_adjust

941


942
/* ---------------------------------------------------------------------- */

943


944
#ifndef OPENSSL_NO_ML_DSA

945
static void *

946
ml_dsa_d2i_PKCS8(const uint8_t **der, long der_len, struct der2key_ctx_st *ctx)

947
{

948
    ML_DSA_KEY *key;

949


950
    key = ossl_ml_dsa_d2i_PKCS8(*der, der_len, ctx->desc->evp_type,

951
        ctx->provctx, ctx->propq);

952
    if (key != NULL)

953
        *der += der_len;

954
    return key;

955
}

956


957
static ossl_inline void *ml_dsa_d2i_PUBKEY(const uint8_t **der, long der_len,

958
    struct der2key_ctx_st *ctx)

959
{

960
    ML_DSA_KEY *key;

961


962
    key = ossl_ml_dsa_d2i_PUBKEY(*der, der_len, ctx->desc->evp_type,

963
        ctx->provctx, ctx->propq);

964
    if (key != NULL)

965
        *der += der_len;

966
    return key;

967
}

968


969
#define ml_dsa_44_evp_type EVP_PKEY_ML_DSA_44

970
#define ml_dsa_44_d2i_private_key NULL

971
#define ml_dsa_44_d2i_public_key NULL

972
#define ml_dsa_44_d2i_key_params NULL

973
#define ml_dsa_44_d2i_PUBKEY ml_dsa_d2i_PUBKEY

974
#define ml_dsa_44_d2i_PKCS8 ml_dsa_d2i_PKCS8

975
#define ml_dsa_44_free (free_key_fn *)ossl_ml_dsa_key_free

976
#define ml_dsa_44_check NULL

977
#define ml_dsa_44_adjust NULL

978


979
#define ml_dsa_65_evp_type EVP_PKEY_ML_DSA_65

980
#define ml_dsa_65_d2i_private_key NULL

981
#define ml_dsa_65_d2i_public_key NULL

982
#define ml_dsa_65_d2i_key_params NULL

983
#define ml_dsa_65_d2i_PUBKEY ml_dsa_d2i_PUBKEY

984
#define ml_dsa_65_d2i_PKCS8 ml_dsa_d2i_PKCS8

985
#define ml_dsa_65_free (free_key_fn *)ossl_ml_dsa_key_free

986
#define ml_dsa_65_check NULL

987
#define ml_dsa_65_adjust NULL

988


989
#define ml_dsa_87_evp_type EVP_PKEY_ML_DSA_87

990
#define ml_dsa_87_d2i_private_key NULL

991
#define ml_dsa_87_d2i_public_key NULL

992
#define ml_dsa_87_d2i_PUBKEY ml_dsa_d2i_PUBKEY

993
#define ml_dsa_87_d2i_PKCS8 ml_dsa_d2i_PKCS8

994
#define ml_dsa_87_d2i_key_params NULL

995
#define ml_dsa_87_free (free_key_fn *)ossl_ml_dsa_key_free

996
#define ml_dsa_87_check NULL

997
#define ml_dsa_87_adjust NULL

998


999
#endif

1000


1001
/* ---------------------------------------------------------------------- */

1002


1003
/*

1004
 * The DO_ macros help define the selection mask and the method functions

1005
 * for each kind of object we want to decode.

1006
 */

1007
#define DO_type_specific_keypair(keytype) \

1008
    "type-specific", keytype##_evp_type,  \

1009
        (OSSL_KEYMGMT_SELECT_KEYPAIR),    \

1010
        keytype##_d2i_private_key,        \

1011
        keytype##_d2i_public_key,         \

1012
        NULL,                             \

1013
        NULL,                             \

1014
        NULL,                             \

1015
        keytype##_check,                  \

1016
        keytype##_adjust,                 \

1017
        keytype##_free

1018


1019
#define DO_type_specific_pub(keytype)     \

1020
    "type-specific", keytype##_evp_type,  \

1021
        (OSSL_KEYMGMT_SELECT_PUBLIC_KEY), \

1022
        NULL,                             \

1023
        keytype##_d2i_public_key,         \

1024
        NULL,                             \

1025
        NULL,                             \

1026
        NULL,                             \

1027
        keytype##_check,                  \

1028
        keytype##_adjust,                 \

1029
        keytype##_free

1030


1031
#define DO_type_specific_priv(keytype)     \

1032
    "type-specific", keytype##_evp_type,   \

1033
        (OSSL_KEYMGMT_SELECT_PRIVATE_KEY), \

1034
        keytype##_d2i_private_key,         \

1035
        NULL,                              \

1036
        NULL,                              \

1037
        NULL,                              \

1038
        NULL,                              \

1039
        keytype##_check,                   \

1040
        keytype##_adjust,                  \

1041
        keytype##_free

1042


1043
#define DO_type_specific_params(keytype)      \

1044
    "type-specific", keytype##_evp_type,      \

1045
        (OSSL_KEYMGMT_SELECT_ALL_PARAMETERS), \

1046
        NULL,                                 \

1047
        NULL,                                 \

1048
        keytype##_d2i_key_params,             \

1049
        NULL,                                 \

1050
        NULL,                                 \

1051
        keytype##_check,                      \

1052
        keytype##_adjust,                     \

1053
        keytype##_free

1054


1055
#define DO_type_specific(keytype)        \

1056
    "type-specific", keytype##_evp_type, \

1057
        (OSSL_KEYMGMT_SELECT_ALL),       \

1058
        keytype##_d2i_private_key,       \

1059
        keytype##_d2i_public_key,        \

1060
        keytype##_d2i_key_params,        \

1061
        NULL,                            \

1062
        NULL,                            \

1063
        keytype##_check,                 \

1064
        keytype##_adjust,                \

1065
        keytype##_free

1066


1067
#define DO_type_specific_no_pub(keytype)           \

1068
    "type-specific", keytype##_evp_type,           \

1069
        (OSSL_KEYMGMT_SELECT_PRIVATE_KEY           \

1070
            | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS), \

1071
        keytype##_d2i_private_key,                 \

1072
        NULL,                                      \

1073
        keytype##_d2i_key_params,                  \

1074
        NULL,                                      \

1075
        NULL,                                      \

1076
        keytype##_check,                           \

1077
        keytype##_adjust,                          \

1078
        keytype##_free

1079


1080
#define DO_PrivateKeyInfo(keytype)         \

1081
    "PrivateKeyInfo", keytype##_evp_type,  \

1082
        (OSSL_KEYMGMT_SELECT_PRIVATE_KEY), \

1083
        NULL,                              \

1084
        NULL,                              \

1085
        NULL,                              \

1086
        keytype##_d2i_PKCS8,               \

1087
        NULL,                              \

1088
        keytype##_check,                   \

1089
        keytype##_adjust,                  \

1090
        keytype##_free

1091


1092
#define DO_SubjectPublicKeyInfo(keytype)        \

1093
    "SubjectPublicKeyInfo", keytype##_evp_type, \

1094
        (OSSL_KEYMGMT_SELECT_PUBLIC_KEY),       \

1095
        NULL,                                   \

1096
        NULL,                                   \

1097
        NULL,                                   \

1098
        NULL,                                   \

1099
        keytype##_d2i_PUBKEY,                   \

1100
        keytype##_check,                        \

1101
        keytype##_adjust,                       \

1102
        keytype##_free

1103


1104
#define DO_DH(keytype)                        \

1105
    "DH", keytype##_evp_type,                 \

1106
        (OSSL_KEYMGMT_SELECT_ALL_PARAMETERS), \

1107
        NULL,                                 \

1108
        NULL,                                 \

1109
        keytype##_d2i_key_params,             \

1110
        NULL,                                 \

1111
        NULL,                                 \

1112
        keytype##_check,                      \

1113
        keytype##_adjust,                     \

1114
        keytype##_free

1115


1116
#define DO_DHX(keytype)                       \

1117
    "DHX", keytype##_evp_type,                \

1118
        (OSSL_KEYMGMT_SELECT_ALL_PARAMETERS), \

1119
        NULL,                                 \

1120
        NULL,                                 \

1121
        keytype##_d2i_key_params,             \

1122
        NULL,                                 \

1123
        NULL,                                 \

1124
        keytype##_check,                      \

1125
        keytype##_adjust,                     \

1126
        keytype##_free

1127


1128
#define DO_DSA(keytype)            \

1129
    "DSA", keytype##_evp_type,     \

1130
        (OSSL_KEYMGMT_SELECT_ALL), \

1131
        keytype##_d2i_private_key, \

1132
        keytype##_d2i_public_key,  \

1133
        keytype##_d2i_key_params,  \

1134
        NULL,                      \

1135
        NULL,                      \

1136
        keytype##_check,           \

1137
        keytype##_adjust,          \

1138
        keytype##_free

1139


1140
#define DO_EC(keytype)                             \

1141
    "EC", keytype##_evp_type,                      \

1142
        (OSSL_KEYMGMT_SELECT_PRIVATE_KEY           \

1143
            | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS), \

1144
        keytype##_d2i_private_key,                 \

1145
        NULL,                                      \

1146
        keytype##_d2i_key_params,                  \

1147
        NULL,                                      \

1148
        NULL,                                      \

1149
        keytype##_check,                           \

1150
        keytype##_adjust,                          \

1151
        keytype##_free

1152


1153
#define DO_RSA(keytype)                \

1154
    "RSA", keytype##_evp_type,         \

1155
        (OSSL_KEYMGMT_SELECT_KEYPAIR), \

1156
        keytype##_d2i_private_key,     \

1157
        keytype##_d2i_public_key,      \

1158
        NULL,                          \

1159
        NULL,                          \

1160
        NULL,                          \

1161
        keytype##_check,               \

1162
        keytype##_adjust,              \

1163
        keytype##_free

1164


1165
/*

1166
 * MAKE_DECODER is the single driver for creating OSSL_DISPATCH tables.

1167
 * It takes the following arguments:

1168
 *

1169
 * keytype_name The implementation key type as a string.

1170
 * keytype      The implementation key type.  This must correspond exactly

1171
 *              to our existing keymgmt keytype names...  in other words,

1172
 *              there must exist an ossl_##keytype##_keymgmt_functions.

1173
 * type         The type name for the set of functions that implement the

1174
 *              decoder for the key type.  This isn't necessarily the same

1175
 *              as keytype.  For example, the key types ed25519, ed448,

1176
 *              x25519 and x448 are all handled by the same functions with

1177
 *              the common type name ecx.

1178
 * kind         The kind of support to implement.  This translates into

1179
 *              the DO_##kind macros above, to populate the keytype_desc_st

1180
 *              structure.

1181
 */

1182
#define MAKE_DECODER(keytype_name, keytype, type, kind)                                                               \

1183
    static const struct keytype_desc_st kind##_##keytype##_desc = { keytype_name, ossl_##keytype##_keymgmt_functions, \

1184
        DO_##kind(keytype) };                                                                                         \

1185
                                                                                                                      \

1186
    static OSSL_FUNC_decoder_newctx_fn kind##_der2##keytype##_newctx;                                                 \

1187
                                                                                                                      \

1188
    static void *kind##_der2##keytype##_newctx(void *provctx)                                                         \

1189
    {                                                                                                                 \

1190
        return der2key_newctx(provctx, &kind##_##keytype##_desc);                                                     \

1191
    }                                                                                                                 \

1192
    static int kind##_der2##keytype##_does_selection(void *provctx,                                                   \

1193
        int selection)                                                                                                \

1194
    {                                                                                                                 \

1195
        return der2key_check_selection(selection,                                                                     \

1196
            &kind##_##keytype##_desc);                                                                                \

1197
    }                                                                                                                 \

1198
    const OSSL_DISPATCH                                                                                               \

1199
        ossl_##kind##_der_to_##keytype##_decoder_functions[]                                                          \

1200
        = {                                                                                                           \

1201
              { OSSL_FUNC_DECODER_NEWCTX,                                                                             \

1202
                  (void (*)(void))kind##_der2##keytype##_newctx },                                                    \

1203
              { OSSL_FUNC_DECODER_FREECTX,                                                                            \

1204
                  (void (*)(void))der2key_freectx },                                                                  \

1205
              { OSSL_FUNC_DECODER_DOES_SELECTION,                                                                     \

1206
                  (void (*)(void))kind##_der2##keytype##_does_selection },                                            \

1207
              { OSSL_FUNC_DECODER_DECODE,                                                                             \

1208
                  (void (*)(void))der2key_decode },                                                                   \

1209
              { OSSL_FUNC_DECODER_EXPORT_OBJECT,                                                                      \

1210
                  (void (*)(void))der2key_export_object },                                                            \

1211
              { OSSL_FUNC_DECODER_SETTABLE_CTX_PARAMS,                                                                \

1212
                  (void (*)(void))der2key_settable_ctx_params },                                                      \

1213
              { OSSL_FUNC_DECODER_SET_CTX_PARAMS,                                                                     \

1214
                  (void (*)(void))der2key_set_ctx_params },                                                           \

1215
              OSSL_DISPATCH_END                                                                                       \

1216
          }

1217


1218
#ifndef OPENSSL_NO_DH

1219
MAKE_DECODER("DH", dh, dh, PrivateKeyInfo);

1220
MAKE_DECODER("DH", dh, dh, SubjectPublicKeyInfo);

1221
MAKE_DECODER("DH", dh, dh, type_specific_params);

1222
MAKE_DECODER("DH", dh, dh, DH);

1223
MAKE_DECODER("DHX", dhx, dhx, PrivateKeyInfo);

1224
MAKE_DECODER("DHX", dhx, dhx, SubjectPublicKeyInfo);

1225
MAKE_DECODER("DHX", dhx, dhx, type_specific_params);

1226
MAKE_DECODER("DHX", dhx, dhx, DHX);

1227
#endif

1228
#ifndef OPENSSL_NO_DSA

1229
MAKE_DECODER("DSA", dsa, dsa, PrivateKeyInfo);

1230
MAKE_DECODER("DSA", dsa, dsa, SubjectPublicKeyInfo);

1231
MAKE_DECODER("DSA", dsa, dsa, type_specific);

1232
MAKE_DECODER("DSA", dsa, dsa, DSA);

1233
#endif

1234
#ifndef OPENSSL_NO_EC

1235
MAKE_DECODER("EC", ec, ec, PrivateKeyInfo);

1236
MAKE_DECODER("EC", ec, ec, SubjectPublicKeyInfo);

1237
MAKE_DECODER("EC", ec, ec, type_specific_no_pub);

1238
MAKE_DECODER("EC", ec, ec, EC);

1239
#ifndef OPENSSL_NO_ECX

1240
MAKE_DECODER("X25519", x25519, ecx, PrivateKeyInfo);

1241
MAKE_DECODER("X25519", x25519, ecx, SubjectPublicKeyInfo);

1242
MAKE_DECODER("X448", x448, ecx, PrivateKeyInfo);

1243
MAKE_DECODER("X448", x448, ecx, SubjectPublicKeyInfo);

1244
MAKE_DECODER("ED25519", ed25519, ecx, PrivateKeyInfo);

1245
MAKE_DECODER("ED25519", ed25519, ecx, SubjectPublicKeyInfo);

1246
MAKE_DECODER("ED448", ed448, ecx, PrivateKeyInfo);

1247
MAKE_DECODER("ED448", ed448, ecx, SubjectPublicKeyInfo);

1248
#endif

1249
#ifndef OPENSSL_NO_SM2

1250
MAKE_DECODER("SM2", sm2, ec, PrivateKeyInfo);

1251
MAKE_DECODER("SM2", sm2, ec, SubjectPublicKeyInfo);

1252
MAKE_DECODER("SM2", sm2, sm2, type_specific_no_pub);

1253
#endif

1254
#endif

1255
#ifndef OPENSSL_NO_ML_KEM

1256
MAKE_DECODER("ML-KEM-512", ml_kem_512, ml_kem_512, PrivateKeyInfo);

1257
MAKE_DECODER("ML-KEM-512", ml_kem_512, ml_kem_512, SubjectPublicKeyInfo);

1258
MAKE_DECODER("ML-KEM-768", ml_kem_768, ml_kem_768, PrivateKeyInfo);

1259
MAKE_DECODER("ML-KEM-768", ml_kem_768, ml_kem_768, SubjectPublicKeyInfo);

1260
MAKE_DECODER("ML-KEM-1024", ml_kem_1024, ml_kem_1024, PrivateKeyInfo);

1261
MAKE_DECODER("ML-KEM-1024", ml_kem_1024, ml_kem_1024, SubjectPublicKeyInfo);

1262
#endif

1263
#ifndef OPENSSL_NO_SLH_DSA

1264
MAKE_DECODER("SLH-DSA-SHA2-128s", slh_dsa_sha2_128s, slh_dsa, PrivateKeyInfo);

1265
MAKE_DECODER("SLH-DSA-SHA2-128f", slh_dsa_sha2_128f, slh_dsa, PrivateKeyInfo);

1266
MAKE_DECODER("SLH-DSA-SHA2-192s", slh_dsa_sha2_192s, slh_dsa, PrivateKeyInfo);

1267
MAKE_DECODER("SLH-DSA-SHA2-192f", slh_dsa_sha2_192f, slh_dsa, PrivateKeyInfo);

1268
MAKE_DECODER("SLH-DSA-SHA2-256s", slh_dsa_sha2_256s, slh_dsa, PrivateKeyInfo);

1269
MAKE_DECODER("SLH-DSA-SHA2-256f", slh_dsa_sha2_256f, slh_dsa, PrivateKeyInfo);

1270
MAKE_DECODER("SLH-DSA-SHAKE-128s", slh_dsa_shake_128s, slh_dsa, PrivateKeyInfo);

1271
MAKE_DECODER("SLH-DSA-SHAKE-128f", slh_dsa_shake_128f, slh_dsa, PrivateKeyInfo);

1272
MAKE_DECODER("SLH-DSA-SHAKE-192s", slh_dsa_shake_192s, slh_dsa, PrivateKeyInfo);

1273
MAKE_DECODER("SLH-DSA-SHAKE-192f", slh_dsa_shake_192f, slh_dsa, PrivateKeyInfo);

1274
MAKE_DECODER("SLH-DSA-SHAKE-256s", slh_dsa_shake_256s, slh_dsa, PrivateKeyInfo);

1275
MAKE_DECODER("SLH-DSA-SHAKE-256f", slh_dsa_shake_256f, slh_dsa, PrivateKeyInfo);

1276


1277
MAKE_DECODER("SLH-DSA-SHA2-128s", slh_dsa_sha2_128s, slh_dsa, SubjectPublicKeyInfo);

1278
MAKE_DECODER("SLH-DSA-SHA2-128f", slh_dsa_sha2_128f, slh_dsa, SubjectPublicKeyInfo);

1279
MAKE_DECODER("SLH-DSA-SHA2-192s", slh_dsa_sha2_192s, slh_dsa, SubjectPublicKeyInfo);

1280
MAKE_DECODER("SLH-DSA-SHA2-192f", slh_dsa_sha2_192f, slh_dsa, SubjectPublicKeyInfo);

1281
MAKE_DECODER("SLH-DSA-SHA2-256s", slh_dsa_sha2_256s, slh_dsa, SubjectPublicKeyInfo);

1282
MAKE_DECODER("SLH-DSA-SHA2-256f", slh_dsa_sha2_256f, slh_dsa, SubjectPublicKeyInfo);

1283
MAKE_DECODER("SLH-DSA-SHAKE-128s", slh_dsa_shake_128s, slh_dsa, SubjectPublicKeyInfo);

1284
MAKE_DECODER("SLH-DSA-SHAKE-128f", slh_dsa_shake_128f, slh_dsa, SubjectPublicKeyInfo);

1285
MAKE_DECODER("SLH-DSA-SHAKE-192s", slh_dsa_shake_192s, slh_dsa, SubjectPublicKeyInfo);

1286
MAKE_DECODER("SLH-DSA-SHAKE-192f", slh_dsa_shake_192f, slh_dsa, SubjectPublicKeyInfo);

1287
MAKE_DECODER("SLH-DSA-SHAKE-256s", slh_dsa_shake_256s, slh_dsa, SubjectPublicKeyInfo);

1288
MAKE_DECODER("SLH-DSA-SHAKE-256f", slh_dsa_shake_256f, slh_dsa, SubjectPublicKeyInfo);

1289
#endif /* OPENSSL_NO_SLH_DSA */

1290
MAKE_DECODER("RSA", rsa, rsa, PrivateKeyInfo);

1291
MAKE_DECODER("RSA", rsa, rsa, SubjectPublicKeyInfo);

1292
MAKE_DECODER("RSA", rsa, rsa, type_specific_keypair);

1293
MAKE_DECODER("RSA", rsa, rsa, RSA);

1294
MAKE_DECODER("RSA-PSS", rsapss, rsapss, PrivateKeyInfo);

1295
MAKE_DECODER("RSA-PSS", rsapss, rsapss, SubjectPublicKeyInfo);

1296


1297
#ifndef OPENSSL_NO_ML_DSA

1298
MAKE_DECODER("ML-DSA-44", ml_dsa_44, ml_dsa_44, PrivateKeyInfo);

1299
MAKE_DECODER("ML-DSA-44", ml_dsa_44, ml_dsa_44, SubjectPublicKeyInfo);

1300
MAKE_DECODER("ML-DSA-65", ml_dsa_65, ml_dsa_65, PrivateKeyInfo);

1301
MAKE_DECODER("ML-DSA-65", ml_dsa_65, ml_dsa_65, SubjectPublicKeyInfo);

1302
MAKE_DECODER("ML-DSA-87", ml_dsa_87, ml_dsa_87, PrivateKeyInfo);

1303
MAKE_DECODER("ML-DSA-87", ml_dsa_87, ml_dsa_87, SubjectPublicKeyInfo);

1304
#endif

1305


1306