Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/crypto/openssl/providers/implementations/encode_decode/decode_der2key.c
48383 views
1
/*

2
 * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.

3
 *

4
 * Licensed under the Apache License 2.0 (the "License").  You may not use

5
 * this file except in compliance with the License.  You can obtain a copy

6
 * in the file LICENSE in the source distribution or at

7
 * https://www.openssl.org/source/license.html

8
 */

9


10
/*

11
 * low level APIs are deprecated for public use, but still ok for

12
 * internal use.

13
 */

14
#include "internal/deprecated.h"

15


16
#include <openssl/byteorder.h>

17
#include <openssl/core_dispatch.h>

18
#include <openssl/core_names.h>

19
#include <openssl/core_object.h>

20
#include <openssl/crypto.h>

21
#include <openssl/err.h>

22
#include <openssl/params.h>

23
#include <openssl/pem.h>         /* PEM_BUFSIZE and public PEM functions */

24
#include <openssl/pkcs12.h>

25
#include <openssl/provider.h>

26
#include <openssl/x509.h>

27
#include <openssl/proverr.h>

28
#include <openssl/asn1t.h>

29
#include "internal/cryptlib.h"   /* ossl_assert() */

30
#include "crypto/dh.h"

31
#include "crypto/dsa.h"

32
#include "crypto/ec.h"

33
#include "crypto/evp.h"

34
#include "crypto/ecx.h"

35
#include "crypto/rsa.h"

36
#include "crypto/ml_dsa.h"

37
#include "crypto/slh_dsa.h"

38
#include "crypto/x509.h"

39
#include "crypto/ml_kem.h"

40
#include "openssl/obj_mac.h"

41
#include "prov/bio.h"

42
#include "prov/implementations.h"

43
#include "endecoder_local.h"

44
#include "internal/nelem.h"

45
#include "ml_dsa_codecs.h"

46
#include "ml_kem_codecs.h"

47


48
#ifndef OPENSSL_NO_SLH_DSA

49
typedef struct {

50
    ASN1_OBJECT *oid;

51
} BARE_ALGOR;

52


53
typedef struct {

54
    BARE_ALGOR algor;

55
    ASN1_BIT_STRING *pubkey;

56
} BARE_PUBKEY;

57


58
ASN1_SEQUENCE(BARE_ALGOR) = {

59
    ASN1_SIMPLE(BARE_ALGOR, oid, ASN1_OBJECT),

60
} static_ASN1_SEQUENCE_END(BARE_ALGOR)

61


62
ASN1_SEQUENCE(BARE_PUBKEY) = {

63
    ASN1_EMBED(BARE_PUBKEY, algor, BARE_ALGOR),

64
    ASN1_SIMPLE(BARE_PUBKEY, pubkey, ASN1_BIT_STRING)

65
} static_ASN1_SEQUENCE_END(BARE_PUBKEY)

66
#endif /* OPENSSL_NO_SLH_DSA */

67


68
struct der2key_ctx_st;           /* Forward declaration */

69
typedef int check_key_fn(void *, struct der2key_ctx_st *ctx);

70
typedef void adjust_key_fn(void *, struct der2key_ctx_st *ctx);

71
typedef void free_key_fn(void *);

72
typedef void *d2i_PKCS8_fn(const unsigned char **, long,

73
                           struct der2key_ctx_st *);

74
typedef void *d2i_PUBKEY_fn(const unsigned char **, long,

75
                            struct der2key_ctx_st *);

76
struct keytype_desc_st {

77
    const char *keytype_name;

78
    const OSSL_DISPATCH *fns; /* Keymgmt (to pilfer functions from) */

79


80
    /* The input structure name */

81
    const char *structure_name;

82


83
    /*

84
     * The EVP_PKEY_xxx type macro.  Should be zero for type specific

85
     * structures, non-zero when the outermost structure is PKCS#8 or

86
     * SubjectPublicKeyInfo.  This determines which of the function

87
     * pointers below will be used.

88
     */

89
    int evp_type;

90


91
    /* The selection mask for OSSL_FUNC_decoder_does_selection() */

92
    int selection_mask;

93


94
    /* For type specific decoders, we use the corresponding d2i */

95
    d2i_of_void *d2i_private_key; /* From type-specific DER */

96
    d2i_of_void *d2i_public_key;  /* From type-specific DER */

97
    d2i_of_void *d2i_key_params;  /* From type-specific DER */

98
    d2i_PKCS8_fn *d2i_PKCS8;      /* Wrapped in a PrivateKeyInfo */

99
    d2i_PUBKEY_fn *d2i_PUBKEY;    /* Wrapped in a SubjectPublicKeyInfo */

100


101
    /*

102
     * For any key, we may need to check that the key meets expectations.

103
     * This is useful when the same functions can decode several variants

104
     * of a key.

105
     */

106
    check_key_fn *check_key;

107


108
    /*

109
     * For any key, we may need to make provider specific adjustments, such

110
     * as ensure the key carries the correct library context.

111
     */

112
    adjust_key_fn *adjust_key;

113
    /* {type}_free() */

114
    free_key_fn *free_key;

115
};

116


117
/*

118
 * Context used for DER to key decoding.

119
 */

120
struct der2key_ctx_st {

121
    PROV_CTX *provctx;

122
    char propq[OSSL_MAX_PROPQUERY_SIZE];

123
    const struct keytype_desc_st *desc;

124
    /* The selection that is passed to der2key_decode() */

125
    int selection;

126
    /* Flag used to signal that a failure is fatal */

127
    unsigned int flag_fatal : 1;

128
};

129


130
typedef void *key_from_pkcs8_t(const PKCS8_PRIV_KEY_INFO *p8inf,

131
                               OSSL_LIB_CTX *libctx, const char *propq);

132
static void *der2key_decode_p8(const unsigned char **input_der,

133
                               long input_der_len, struct der2key_ctx_st *ctx,

134
                               key_from_pkcs8_t *key_from_pkcs8)

135
{

136
    PKCS8_PRIV_KEY_INFO *p8inf = NULL;

137
    const X509_ALGOR *alg = NULL;

138
    void *key = NULL;

139


140
    if ((p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, input_der, input_der_len)) != NULL

141
        && PKCS8_pkey_get0(NULL, NULL, NULL, &alg, p8inf)

142
        && (OBJ_obj2nid(alg->algorithm) == ctx->desc->evp_type

143
            /* Allow decoding sm2 private key with id_ecPublicKey */

144
            || (OBJ_obj2nid(alg->algorithm) == NID_X9_62_id_ecPublicKey

145
                && ctx->desc->evp_type == NID_sm2)))

146
        key = key_from_pkcs8(p8inf, PROV_LIBCTX_OF(ctx->provctx), ctx->propq);

147
    PKCS8_PRIV_KEY_INFO_free(p8inf);

148


149
    return key;

150
}

151


152
/* ---------------------------------------------------------------------- */

153


154
static OSSL_FUNC_decoder_freectx_fn der2key_freectx;

155
static OSSL_FUNC_decoder_decode_fn der2key_decode;

156
static OSSL_FUNC_decoder_export_object_fn der2key_export_object;

157
static OSSL_FUNC_decoder_settable_ctx_params_fn der2key_settable_ctx_params;

158
static OSSL_FUNC_decoder_set_ctx_params_fn der2key_set_ctx_params;

159


160
static struct der2key_ctx_st *

161
der2key_newctx(void *provctx, const struct keytype_desc_st *desc)

162
{

163
    struct der2key_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx));

164


165
    if (ctx != NULL) {

166
        ctx->provctx = provctx;

167
        ctx->desc = desc;

168
    }

169
    return ctx;

170
}

171


172
static const OSSL_PARAM *der2key_settable_ctx_params(ossl_unused void *provctx)

173
{

174
    static const OSSL_PARAM settables[] = {

175
        OSSL_PARAM_utf8_string(OSSL_DECODER_PARAM_PROPERTIES, NULL, 0),

176
        OSSL_PARAM_END

177
    };

178
    return settables;

179
}

180


181
static int der2key_set_ctx_params(void *vctx, const OSSL_PARAM params[])

182
{

183
    struct der2key_ctx_st *ctx = vctx;

184
    const OSSL_PARAM *p;

185
    char *str = ctx->propq;

186


187
    p = OSSL_PARAM_locate_const(params, OSSL_DECODER_PARAM_PROPERTIES);

188
    if (p != NULL && !OSSL_PARAM_get_utf8_string(p, &str, sizeof(ctx->propq)))

189
        return 0;

190


191
    return 1;

192
}

193


194
static void der2key_freectx(void *vctx)

195
{

196
    struct der2key_ctx_st *ctx = vctx;

197


198
    OPENSSL_free(ctx);

199
}

200


201
static int der2key_check_selection(int selection,

202
                                   const struct keytype_desc_st *desc)

203
{

204
    /*

205
     * The selections are kinda sorta "levels", i.e. each selection given

206
     * here is assumed to include those following.

207
     */

208
    int checks[] = {

209
        OSSL_KEYMGMT_SELECT_PRIVATE_KEY,

210
        OSSL_KEYMGMT_SELECT_PUBLIC_KEY,

211
        OSSL_KEYMGMT_SELECT_ALL_PARAMETERS

212
    };

213
    size_t i;

214


215
    /* The decoder implementations made here support guessing */

216
    if (selection == 0)

217
        return 1;

218


219
    for (i = 0; i < OSSL_NELEM(checks); i++) {

220
        int check1 = (selection & checks[i]) != 0;

221
        int check2 = (desc->selection_mask & checks[i]) != 0;

222


223
        /*

224
         * If the caller asked for the currently checked bit(s), return

225
         * whether the decoder description says it's supported.

226
         */

227
        if (check1)

228
            return check2;

229
    }

230


231
    /* This should be dead code, but just to be safe... */

232
    return 0;

233
}

234


235
static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,

236
                          OSSL_CALLBACK *data_cb, void *data_cbarg,

237
                          OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)

238
{

239
    struct der2key_ctx_st *ctx = vctx;

240
    unsigned char *der = NULL;

241
    const unsigned char *derp;

242
    long der_len = 0;

243
    void *key = NULL;

244
    int ok = 0;

245


246
    ctx->selection = selection;

247
    /*

248
     * The caller is allowed to specify 0 as a selection mask, to have the

249
     * structure and key type guessed.  For type-specific structures, this

250
     * is not recommended, as some structures are very similar.

251
     * Note that 0 isn't the same as OSSL_KEYMGMT_SELECT_ALL, as the latter

252
     * signifies a private key structure, where everything else is assumed

253
     * to be present as well.

254
     */

255
    if (selection == 0)

256
        selection = ctx->desc->selection_mask;

257
    if ((selection & ctx->desc->selection_mask) == 0) {

258
        ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);

259
        return 0;

260
    }

261


262
    ok = ossl_read_der(ctx->provctx, cin, &der, &der_len);

263
    if (!ok)

264
        goto next;

265


266
    ok = 0; /* Assume that we fail */

267


268
    ERR_set_mark();

269
    if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {

270
        derp = der;

271
        if (ctx->desc->d2i_PKCS8 != NULL) {

272
            key = ctx->desc->d2i_PKCS8(&derp, der_len, ctx);

273
            if (ctx->flag_fatal) {

274
                ERR_clear_last_mark();

275
                goto end;

276
            }

277
        } else if (ctx->desc->d2i_private_key != NULL) {

278
            key = ctx->desc->d2i_private_key(NULL, &derp, der_len);

279
        }

280
        if (key == NULL && ctx->selection != 0) {

281
            ERR_clear_last_mark();

282
            goto next;

283
        }

284
    }

285
    if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {

286
        derp = der;

287
        if (ctx->desc->d2i_PUBKEY != NULL)

288
            key = ctx->desc->d2i_PUBKEY(&derp, der_len, ctx);

289
        else if (ctx->desc->d2i_public_key != NULL)

290
            key = ctx->desc->d2i_public_key(NULL, &derp, der_len);

291
        if (key == NULL && ctx->selection != 0) {

292
            ERR_clear_last_mark();

293
            goto next;

294
        }

295
    }

296
    if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) {

297
        derp = der;

298
        if (ctx->desc->d2i_key_params != NULL)

299
            key = ctx->desc->d2i_key_params(NULL, &derp, der_len);

300
        if (key == NULL && ctx->selection != 0) {

301
            ERR_clear_last_mark();

302
            goto next;

303
        }

304
    }

305
    if (key == NULL)

306
        ERR_clear_last_mark();

307
    else

308
        ERR_pop_to_mark();

309


310
    /*

311
     * Last minute check to see if this was the correct type of key.  This

312
     * should never lead to a fatal error, i.e. the decoding itself was

313
     * correct, it was just an unexpected key type.  This is generally for

314
     * classes of key types that have subtle variants, like RSA-PSS keys as

315
     * opposed to plain RSA keys.

316
     */

317
    if (key != NULL

318
        && ctx->desc->check_key != NULL

319
        && !ctx->desc->check_key(key, ctx)) {

320
        ctx->desc->free_key(key);

321
        key = NULL;

322
    }

323


324
    if (key != NULL && ctx->desc->adjust_key != NULL)

325
        ctx->desc->adjust_key(key, ctx);

326


327
 next:

328
    /*

329
     * Indicated that we successfully decoded something, or not at all.

330
     * Ending up "empty handed" is not an error.

331
     */

332
    ok = 1;

333


334
    /*

335
     * We free memory here so it's not held up during the callback, because

336
     * we know the process is recursive and the allocated chunks of memory

337
     * add up.

338
     */

339
    OPENSSL_free(der);

340
    der = NULL;

341


342
    if (key != NULL) {

343
        OSSL_PARAM params[4];

344
        int object_type = OSSL_OBJECT_PKEY;

345


346
        params[0] =

347
            OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &object_type);

348


349
#ifndef OPENSSL_NO_SM2

350
        if (strcmp(ctx->desc->keytype_name, "EC") == 0

351
            && (EC_KEY_get_flags(key) & EC_FLAG_SM2_RANGE) != 0)

352
            params[1] =

353
                OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE,

354
                                                 "SM2", 0);

355
        else

356
#endif

357
            params[1] =

358
                OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE,

359
                                                 (char *)ctx->desc->keytype_name,

360
                                                 0);

361
        /* The address of the key becomes the octet string */

362
        params[2] =

363
            OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE,

364
                                              &key, sizeof(key));

365
        params[3] = OSSL_PARAM_construct_end();

366


367
        ok = data_cb(params, data_cbarg);

368
    }

369


370
 end:

371
    ctx->desc->free_key(key);

372
    OPENSSL_free(der);

373


374
    return ok;

375
}

376


377
static int der2key_export_object(void *vctx,

378
                                 const void *reference, size_t reference_sz,

379
                                 OSSL_CALLBACK *export_cb, void *export_cbarg)

380
{

381
    struct der2key_ctx_st *ctx = vctx;

382
    OSSL_FUNC_keymgmt_export_fn *export =

383
        ossl_prov_get_keymgmt_export(ctx->desc->fns);

384
    void *keydata;

385


386
    if (reference_sz == sizeof(keydata) && export != NULL) {

387
        int selection = ctx->selection;

388


389
        if (selection == 0)

390
            selection = OSSL_KEYMGMT_SELECT_ALL;

391
        /* The contents of the reference is the address to our object */

392
        keydata = *(void **)reference;

393


394
        return export(keydata, selection, export_cb, export_cbarg);

395
    }

396
    return 0;

397
}

398


399
#define D2I_PUBKEY_NOCTX(n, f)                              \

400
    static void *                                           \

401
    n##_d2i_PUBKEY(const unsigned char **der, long der_len, \

402
                   ossl_unused struct der2key_ctx_st *ctx)  \

403
    {                                                       \

404
        return f(NULL, der, der_len);                       \

405
    }

406


407
/* ---------------------------------------------------------------------- */

408


409
#ifndef OPENSSL_NO_DH

410
# define dh_evp_type                    EVP_PKEY_DH

411
# define dh_d2i_private_key             NULL

412
# define dh_d2i_public_key              NULL

413
# define dh_d2i_key_params              (d2i_of_void *)d2i_DHparams

414
# define dh_free                        (free_key_fn *)DH_free

415
# define dh_check                       NULL

416


417
static void *dh_d2i_PKCS8(const unsigned char **der, long der_len,

418
                          struct der2key_ctx_st *ctx)

419
{

420
    return der2key_decode_p8(der, der_len, ctx,

421
                             (key_from_pkcs8_t *)ossl_dh_key_from_pkcs8);

422
}

423


424
D2I_PUBKEY_NOCTX(dh, ossl_d2i_DH_PUBKEY)

425
D2I_PUBKEY_NOCTX(dhx, ossl_d2i_DHx_PUBKEY)

426


427
static void dh_adjust(void *key, struct der2key_ctx_st *ctx)

428
{

429
    ossl_dh_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));

430
}

431


432
# define dhx_evp_type                   EVP_PKEY_DHX

433
# define dhx_d2i_private_key            NULL

434
# define dhx_d2i_public_key             NULL

435
# define dhx_d2i_key_params             (d2i_of_void *)d2i_DHxparams

436
# define dhx_d2i_PKCS8                  dh_d2i_PKCS8

437
# define dhx_free                       (free_key_fn *)DH_free

438
# define dhx_check                      NULL

439
# define dhx_adjust                     dh_adjust

440
#endif

441


442
/* ---------------------------------------------------------------------- */

443


444
#ifndef OPENSSL_NO_DSA

445
# define dsa_evp_type                   EVP_PKEY_DSA

446
# define dsa_d2i_private_key            (d2i_of_void *)d2i_DSAPrivateKey

447
# define dsa_d2i_public_key             (d2i_of_void *)d2i_DSAPublicKey

448
# define dsa_d2i_key_params             (d2i_of_void *)d2i_DSAparams

449
# define dsa_free                       (free_key_fn *)DSA_free

450
# define dsa_check                      NULL

451


452
static void *dsa_d2i_PKCS8(const unsigned char **der, long der_len,

453
                           struct der2key_ctx_st *ctx)

454
{

455
    return der2key_decode_p8(der, der_len, ctx,

456
                             (key_from_pkcs8_t *)ossl_dsa_key_from_pkcs8);

457
}

458


459
D2I_PUBKEY_NOCTX(dsa, ossl_d2i_DSA_PUBKEY)

460


461
static void dsa_adjust(void *key, struct der2key_ctx_st *ctx)

462
{

463
    ossl_dsa_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));

464
}

465
#endif

466


467
/* ---------------------------------------------------------------------- */

468


469
#ifndef OPENSSL_NO_EC

470
# define ec_evp_type                    EVP_PKEY_EC

471
# define ec_d2i_private_key             (d2i_of_void *)d2i_ECPrivateKey

472
# define ec_d2i_public_key              NULL

473
# define ec_d2i_key_params              (d2i_of_void *)d2i_ECParameters

474
# define ec_free                        (free_key_fn *)EC_KEY_free

475


476
static void *ec_d2i_PKCS8(const unsigned char **der, long der_len,

477
                          struct der2key_ctx_st *ctx)

478
{

479
    return der2key_decode_p8(der, der_len, ctx,

480
                             (key_from_pkcs8_t *)ossl_ec_key_from_pkcs8);

481
}

482


483
D2I_PUBKEY_NOCTX(ec, d2i_EC_PUBKEY)

484


485
static int ec_check(void *key, struct der2key_ctx_st *ctx)

486
{

487
    /* We're trying to be clever by comparing two truths */

488
    int ret = 0;

489
    int sm2 = (EC_KEY_get_flags(key) & EC_FLAG_SM2_RANGE) != 0;

490


491
    if (sm2)

492
        ret = ctx->desc->evp_type == EVP_PKEY_SM2

493
            || ctx->desc->evp_type == NID_X9_62_id_ecPublicKey;

494
    else

495
        ret = ctx->desc->evp_type != EVP_PKEY_SM2;

496


497
    return ret;

498
}

499


500
static void ec_adjust(void *key, struct der2key_ctx_st *ctx)

501
{

502
    ossl_ec_key_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));

503
}

504


505
# ifndef OPENSSL_NO_ECX

506
/*

507
 * ED25519, ED448, X25519, X448 only implement PKCS#8 and SubjectPublicKeyInfo,

508
 * so no d2i functions to be had.

509
 */

510


511
static void *ecx_d2i_PKCS8(const unsigned char **der, long der_len,

512
                           struct der2key_ctx_st *ctx)

513
{

514
    return der2key_decode_p8(der, der_len, ctx,

515
                             (key_from_pkcs8_t *)ossl_ecx_key_from_pkcs8);

516
}

517


518
D2I_PUBKEY_NOCTX(ed25519, ossl_d2i_ED25519_PUBKEY)

519
D2I_PUBKEY_NOCTX(ed448, ossl_d2i_ED448_PUBKEY)

520
D2I_PUBKEY_NOCTX(x25519, ossl_d2i_X25519_PUBKEY)

521
D2I_PUBKEY_NOCTX(x448, ossl_d2i_X448_PUBKEY)

522


523
static void ecx_key_adjust(void *key, struct der2key_ctx_st *ctx)

524
{

525
    ossl_ecx_key_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));

526
}

527


528
#  define ed25519_evp_type               EVP_PKEY_ED25519

529
#  define ed25519_d2i_private_key        NULL

530
#  define ed25519_d2i_public_key         NULL

531
#  define ed25519_d2i_key_params         NULL

532
#  define ed25519_d2i_PKCS8              ecx_d2i_PKCS8

533
#  define ed25519_free                   (free_key_fn *)ossl_ecx_key_free

534
#  define ed25519_check                  NULL

535
#  define ed25519_adjust                 ecx_key_adjust

536


537
#  define ed448_evp_type                 EVP_PKEY_ED448

538
#  define ed448_d2i_private_key          NULL

539
#  define ed448_d2i_public_key           NULL

540
#  define ed448_d2i_key_params           NULL

541
#  define ed448_d2i_PKCS8                ecx_d2i_PKCS8

542
#  define ed448_free                     (free_key_fn *)ossl_ecx_key_free

543
#  define ed448_check                    NULL

544
#  define ed448_adjust                   ecx_key_adjust

545


546
#  define x25519_evp_type                EVP_PKEY_X25519

547
#  define x25519_d2i_private_key         NULL

548
#  define x25519_d2i_public_key          NULL

549
#  define x25519_d2i_key_params          NULL

550
#  define x25519_d2i_PKCS8               ecx_d2i_PKCS8

551
#  define x25519_free                    (free_key_fn *)ossl_ecx_key_free

552
#  define x25519_check                   NULL

553
#  define x25519_adjust                  ecx_key_adjust

554


555
#  define x448_evp_type                  EVP_PKEY_X448

556
#  define x448_d2i_private_key           NULL

557
#  define x448_d2i_public_key            NULL

558
#  define x448_d2i_key_params            NULL

559
#  define x448_d2i_PKCS8                 ecx_d2i_PKCS8

560
#  define x448_free                      (free_key_fn *)ossl_ecx_key_free

561
#  define x448_check                     NULL

562
#  define x448_adjust                    ecx_key_adjust

563
# endif /* OPENSSL_NO_ECX */

564


565
# ifndef OPENSSL_NO_SM2

566
#  define sm2_evp_type                  EVP_PKEY_SM2

567
#  define sm2_d2i_private_key           (d2i_of_void *)d2i_ECPrivateKey

568
#  define sm2_d2i_public_key            NULL

569
#  define sm2_d2i_key_params            (d2i_of_void *)d2i_ECParameters

570
#  define sm2_d2i_PUBKEY                ec_d2i_PUBKEY

571
#  define sm2_free                      (free_key_fn *)EC_KEY_free

572
#  define sm2_check                     ec_check

573
#  define sm2_adjust                    ec_adjust

574


575
static void *sm2_d2i_PKCS8(const unsigned char **der, long der_len,

576
                           struct der2key_ctx_st *ctx)

577
{

578
    return der2key_decode_p8(der, der_len, ctx,

579
                             (key_from_pkcs8_t *)ossl_ec_key_from_pkcs8);

580
}

581
# endif

582


583
#endif

584


585
/* ---------------------------------------------------------------------- */

586


587
#ifndef OPENSSL_NO_ML_KEM

588
static void *

589
ml_kem_d2i_PKCS8(const uint8_t **der, long der_len, struct der2key_ctx_st *ctx)

590
{

591
    ML_KEM_KEY *key;

592


593
    key = ossl_ml_kem_d2i_PKCS8(*der, der_len, ctx->desc->evp_type,

594
                                ctx->provctx, ctx->propq);

595
    if (key != NULL)

596
        *der += der_len;

597
    return key;

598
}

599


600
static ossl_inline void *

601
ml_kem_d2i_PUBKEY(const uint8_t **der, long der_len,

602
                  struct der2key_ctx_st *ctx)

603
{

604
    ML_KEM_KEY *key;

605


606
    key = ossl_ml_kem_d2i_PUBKEY(*der, der_len, ctx->desc->evp_type,

607
                                 ctx->provctx, ctx->propq);

608
    if (key != NULL)

609
        *der += der_len;

610
    return key;

611
}

612


613
# define ml_kem_512_evp_type                EVP_PKEY_ML_KEM_512

614
# define ml_kem_512_d2i_private_key         NULL

615
# define ml_kem_512_d2i_public_key          NULL

616
# define ml_kem_512_d2i_key_params          NULL

617
# define ml_kem_512_d2i_PUBKEY              ml_kem_d2i_PUBKEY

618
# define ml_kem_512_d2i_PKCS8               ml_kem_d2i_PKCS8

619
# define ml_kem_512_free                    (free_key_fn *)ossl_ml_kem_key_free

620
# define ml_kem_512_check                   NULL

621
# define ml_kem_512_adjust                  NULL

622


623
# define ml_kem_768_evp_type                EVP_PKEY_ML_KEM_768

624
# define ml_kem_768_d2i_private_key         NULL

625
# define ml_kem_768_d2i_public_key          NULL

626
# define ml_kem_768_d2i_key_params          NULL

627
# define ml_kem_768_d2i_PUBKEY              ml_kem_d2i_PUBKEY

628
# define ml_kem_768_d2i_PKCS8               ml_kem_d2i_PKCS8

629
# define ml_kem_768_free                    (free_key_fn *)ossl_ml_kem_key_free

630
# define ml_kem_768_check                   NULL

631
# define ml_kem_768_adjust                  NULL

632


633
# define ml_kem_1024_evp_type               EVP_PKEY_ML_KEM_1024

634
# define ml_kem_1024_d2i_private_key        NULL

635
# define ml_kem_1024_d2i_public_key         NULL

636
# define ml_kem_1024_d2i_PUBKEY             ml_kem_d2i_PUBKEY

637
# define ml_kem_1024_d2i_PKCS8              ml_kem_d2i_PKCS8

638
# define ml_kem_1024_d2i_key_params         NULL

639
# define ml_kem_1024_free                   (free_key_fn *)ossl_ml_kem_key_free

640
# define ml_kem_1024_check                  NULL

641
# define ml_kem_1024_adjust                 NULL

642


643
#endif

644


645
#ifndef OPENSSL_NO_SLH_DSA

646
static void *

647
slh_dsa_d2i_PKCS8(const uint8_t **der, long der_len, struct der2key_ctx_st *ctx)

648
{

649
    SLH_DSA_KEY *key = NULL, *ret = NULL;

650
    OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);

651
    PKCS8_PRIV_KEY_INFO *p8inf = NULL;

652
    const unsigned char *p;

653
    const X509_ALGOR *alg = NULL;

654
    int plen, ptype;

655


656
    if ((p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, der, der_len)) == NULL

657
        || !PKCS8_pkey_get0(NULL, &p, &plen, &alg, p8inf))

658
        goto end;

659


660
    /* Algorithm parameters must be absent. */

661
    if ((X509_ALGOR_get0(NULL, &ptype, NULL, alg), ptype != V_ASN1_UNDEF)) {

662
        ERR_raise_data(ERR_LIB_PROV, PROV_R_UNEXPECTED_KEY_PARAMETERS,

663
                       "unexpected parameters with a PKCS#8 %s private key",

664
                       ctx->desc->keytype_name);

665
        goto end;

666
    }

667
    if (OBJ_obj2nid(alg->algorithm) != ctx->desc->evp_type)

668
        goto end;

669
    if ((key = ossl_slh_dsa_key_new(libctx, ctx->propq,

670
                                    ctx->desc->keytype_name)) == NULL)

671
        goto end;

672


673
    if (!ossl_slh_dsa_set_priv(key, p, plen))

674
        goto end;

675
    ret = key;

676
 end:

677
    PKCS8_PRIV_KEY_INFO_free(p8inf);

678
    if (ret == NULL)

679
        ossl_slh_dsa_key_free(key);

680
    return ret;

681
}

682


683
static ossl_inline void *slh_dsa_d2i_PUBKEY(const uint8_t **der, long der_len,

684
                                            struct der2key_ctx_st *ctx)

685
{

686
    int ok = 0;

687
    OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);

688
    SLH_DSA_KEY *ret = NULL;

689
    BARE_PUBKEY *spki = NULL;

690
    const uint8_t *end = *der;

691
    size_t len;

692


693
    ret = ossl_slh_dsa_key_new(libctx, ctx->propq, ctx->desc->keytype_name);

694
    if (ret == NULL)

695
        return NULL;

696
    len = ossl_slh_dsa_key_get_pub_len(ret);

697


698
    /*-

699
     * The DER ASN.1 encoding of SLH-DSA public keys prepends 18 bytes to the

700
     * encoded public key (since the largest public key size is 64 bytes):

701
     *

702
     * - 2 byte outer sequence tag and length

703
     * -  2 byte algorithm sequence tag and length

704
     * -    2 byte algorithm OID tag and length

705
     * -      9 byte algorithm OID

706
     * -  2 byte bit string tag and length

707
     * -    1 bitstring lead byte

708
     *

709
     * Check that we have the right OID, the bit string has no "bits left" and

710
     * that we consume all the input exactly.

711
     */

712
    if (der_len != 18 + (long)len) {

713
        ERR_raise_data(ERR_LIB_PROV, PROV_R_BAD_ENCODING,

714
                       "unexpected %s public key length: %ld != %ld",

715
                       ctx->desc->keytype_name, der_len,

716
                       18 + (long)len);

717
        goto err;

718
    }

719


720
    if ((spki = OPENSSL_zalloc(sizeof(*spki))) == NULL)

721
        goto err;

722


723
    /* The spki storage is freed on error */

724
    if (ASN1_item_d2i_ex((ASN1_VALUE **)&spki, &end, der_len,

725
                         ASN1_ITEM_rptr(BARE_PUBKEY), NULL, NULL) == NULL) {

726
        ERR_raise_data(ERR_LIB_PROV, PROV_R_BAD_ENCODING,

727
                       "malformed %s public key ASN.1 encoding",

728
                       ossl_slh_dsa_key_get_name(ret));

729
        goto err;

730
    }

731


732
    /* The spki structure now owns some memory */

733
    if ((spki->pubkey->flags & 0x7) != 0 || end != *der + der_len) {

734
        ERR_raise_data(ERR_LIB_PROV, PROV_R_BAD_ENCODING,

735
                       "malformed %s public key ASN.1 encoding",

736
                       ossl_slh_dsa_key_get_name(ret));

737
        goto err;

738
    }

739
    if (OBJ_cmp(OBJ_nid2obj(ctx->desc->evp_type), spki->algor.oid) != 0) {

740
        ERR_raise_data(ERR_LIB_PROV, PROV_R_BAD_ENCODING,

741
                       "unexpected algorithm OID for an %s public key",

742
                       ossl_slh_dsa_key_get_name(ret));

743
        goto err;

744
    }

745


746
    if (!ossl_slh_dsa_set_pub(ret, spki->pubkey->data, spki->pubkey->length)) {

747
        ERR_raise_data(ERR_LIB_PROV, PROV_R_BAD_ENCODING,

748
                       "failed to parse %s public key from the input data",

749
                       ossl_slh_dsa_key_get_name(ret));

750
        goto err;

751
    }

752
    ok = 1;

753
 err:

754
    if (spki != NULL) {

755
        ASN1_OBJECT_free(spki->algor.oid);

756
        ASN1_BIT_STRING_free(spki->pubkey);

757
        OPENSSL_free(spki);

758
    }

759
    if (!ok) {

760
        ossl_slh_dsa_key_free(ret);

761
        ret = NULL;

762
    }

763
    return ret;

764
}

765


766
# define slh_dsa_sha2_128s_evp_type        EVP_PKEY_SLH_DSA_SHA2_128S

767
# define slh_dsa_sha2_128s_d2i_private_key NULL

768
# define slh_dsa_sha2_128s_d2i_public_key  NULL

769
# define slh_dsa_sha2_128s_d2i_key_params  NULL

770
# define slh_dsa_sha2_128s_d2i_PKCS8       slh_dsa_d2i_PKCS8

771
# define slh_dsa_sha2_128s_d2i_PUBKEY      slh_dsa_d2i_PUBKEY

772
# define slh_dsa_sha2_128s_free            (free_key_fn *)ossl_slh_dsa_key_free

773
# define slh_dsa_sha2_128s_check           NULL

774
# define slh_dsa_sha2_128s_adjust          NULL

775


776
# define slh_dsa_sha2_128f_evp_type        EVP_PKEY_SLH_DSA_SHA2_128F

777
# define slh_dsa_sha2_128f_d2i_private_key NULL

778
# define slh_dsa_sha2_128f_d2i_public_key  NULL

779
# define slh_dsa_sha2_128f_d2i_key_params  NULL

780
# define slh_dsa_sha2_128f_d2i_PKCS8       slh_dsa_d2i_PKCS8

781
# define slh_dsa_sha2_128f_d2i_PUBKEY      slh_dsa_d2i_PUBKEY

782
# define slh_dsa_sha2_128f_free            (free_key_fn *)ossl_slh_dsa_key_free

783
# define slh_dsa_sha2_128f_check           NULL

784
# define slh_dsa_sha2_128f_adjust          NULL

785


786
# define slh_dsa_sha2_192s_evp_type        EVP_PKEY_SLH_DSA_SHA2_192S

787
# define slh_dsa_sha2_192s_d2i_private_key NULL

788
# define slh_dsa_sha2_192s_d2i_public_key  NULL

789
# define slh_dsa_sha2_192s_d2i_key_params  NULL

790
# define slh_dsa_sha2_192s_d2i_PKCS8       slh_dsa_d2i_PKCS8

791
# define slh_dsa_sha2_192s_d2i_PUBKEY      slh_dsa_d2i_PUBKEY

792
# define slh_dsa_sha2_192s_free            (free_key_fn *)ossl_slh_dsa_key_free

793
# define slh_dsa_sha2_192s_check           NULL

794
# define slh_dsa_sha2_192s_adjust          NULL

795


796
# define slh_dsa_sha2_192f_evp_type        EVP_PKEY_SLH_DSA_SHA2_192F

797
# define slh_dsa_sha2_192f_d2i_private_key NULL

798
# define slh_dsa_sha2_192f_d2i_public_key  NULL

799
# define slh_dsa_sha2_192f_d2i_key_params  NULL

800
# define slh_dsa_sha2_192f_d2i_PKCS8       slh_dsa_d2i_PKCS8

801
# define slh_dsa_sha2_192f_d2i_PUBKEY      slh_dsa_d2i_PUBKEY

802
# define slh_dsa_sha2_192f_free            (free_key_fn *)ossl_slh_dsa_key_free

803
# define slh_dsa_sha2_192f_check           NULL

804
# define slh_dsa_sha2_192f_adjust          NULL

805


806
# define slh_dsa_sha2_256s_evp_type        EVP_PKEY_SLH_DSA_SHA2_256S

807
# define slh_dsa_sha2_256s_d2i_private_key NULL

808
# define slh_dsa_sha2_256s_d2i_public_key  NULL

809
# define slh_dsa_sha2_256s_d2i_key_params  NULL

810
# define slh_dsa_sha2_256s_d2i_PKCS8       slh_dsa_d2i_PKCS8

811
# define slh_dsa_sha2_256s_d2i_PUBKEY      slh_dsa_d2i_PUBKEY

812
# define slh_dsa_sha2_256s_free            (free_key_fn *)ossl_slh_dsa_key_free

813
# define slh_dsa_sha2_256s_check           NULL

814
# define slh_dsa_sha2_256s_adjust          NULL

815


816
# define slh_dsa_sha2_256f_evp_type        EVP_PKEY_SLH_DSA_SHA2_256F

817
# define slh_dsa_sha2_256f_d2i_private_key NULL

818
# define slh_dsa_sha2_256f_d2i_public_key  NULL

819
# define slh_dsa_sha2_256f_d2i_key_params  NULL

820
# define slh_dsa_sha2_256f_d2i_PKCS8       slh_dsa_d2i_PKCS8

821
# define slh_dsa_sha2_256f_d2i_PUBKEY      slh_dsa_d2i_PUBKEY

822
# define slh_dsa_sha2_256f_free            (free_key_fn *)ossl_slh_dsa_key_free

823
# define slh_dsa_sha2_256f_check           NULL

824
# define slh_dsa_sha2_256f_adjust          NULL

825


826
# define slh_dsa_shake_128s_evp_type        EVP_PKEY_SLH_DSA_SHAKE_128S

827
# define slh_dsa_shake_128s_d2i_private_key NULL

828
# define slh_dsa_shake_128s_d2i_public_key  NULL

829
# define slh_dsa_shake_128s_d2i_key_params  NULL

830
# define slh_dsa_shake_128s_d2i_PKCS8       slh_dsa_d2i_PKCS8

831
# define slh_dsa_shake_128s_d2i_PUBKEY      slh_dsa_d2i_PUBKEY

832
# define slh_dsa_shake_128s_free            (free_key_fn *)ossl_slh_dsa_key_free

833
# define slh_dsa_shake_128s_check           NULL

834
# define slh_dsa_shake_128s_adjust          NULL

835


836
# define slh_dsa_shake_128f_evp_type        EVP_PKEY_SLH_DSA_SHAKE_128F

837
# define slh_dsa_shake_128f_d2i_private_key NULL

838
# define slh_dsa_shake_128f_d2i_public_key  NULL

839
# define slh_dsa_shake_128f_d2i_key_params  NULL

840
# define slh_dsa_shake_128f_d2i_PKCS8       slh_dsa_d2i_PKCS8

841
# define slh_dsa_shake_128f_d2i_PUBKEY      slh_dsa_d2i_PUBKEY

842
# define slh_dsa_shake_128f_free            (free_key_fn *)ossl_slh_dsa_key_free

843
# define slh_dsa_shake_128f_check           NULL

844
# define slh_dsa_shake_128f_adjust          NULL

845


846
# define slh_dsa_shake_192s_evp_type        EVP_PKEY_SLH_DSA_SHAKE_192S

847
# define slh_dsa_shake_192s_d2i_private_key NULL

848
# define slh_dsa_shake_192s_d2i_public_key  NULL

849
# define slh_dsa_shake_192s_d2i_key_params  NULL

850
# define slh_dsa_shake_192s_d2i_PKCS8       slh_dsa_d2i_PKCS8

851
# define slh_dsa_shake_192s_d2i_PUBKEY      slh_dsa_d2i_PUBKEY

852
# define slh_dsa_shake_192s_free            (free_key_fn *)ossl_slh_dsa_key_free

853
# define slh_dsa_shake_192s_check           NULL

854
# define slh_dsa_shake_192s_adjust          NULL

855


856
# define slh_dsa_shake_192f_evp_type        EVP_PKEY_SLH_DSA_SHAKE_192F

857
# define slh_dsa_shake_192f_d2i_private_key NULL

858
# define slh_dsa_shake_192f_d2i_public_key  NULL

859
# define slh_dsa_shake_192f_d2i_key_params  NULL

860
# define slh_dsa_shake_192f_d2i_PKCS8       slh_dsa_d2i_PKCS8

861
# define slh_dsa_shake_192f_d2i_PUBKEY      slh_dsa_d2i_PUBKEY

862
# define slh_dsa_shake_192f_free            (free_key_fn *)ossl_slh_dsa_key_free

863
# define slh_dsa_shake_192f_check           NULL

864
# define slh_dsa_shake_192f_adjust          NULL

865


866
# define slh_dsa_shake_256s_evp_type        EVP_PKEY_SLH_DSA_SHAKE_256S

867
# define slh_dsa_shake_256s_d2i_private_key NULL

868
# define slh_dsa_shake_256s_d2i_public_key  NULL

869
# define slh_dsa_shake_256s_d2i_key_params  NULL

870
# define slh_dsa_shake_256s_d2i_PKCS8       slh_dsa_d2i_PKCS8

871
# define slh_dsa_shake_256s_d2i_PUBKEY      slh_dsa_d2i_PUBKEY

872
# define slh_dsa_shake_256s_free            (free_key_fn *)ossl_slh_dsa_key_free

873
# define slh_dsa_shake_256s_check           NULL

874
# define slh_dsa_shake_256s_adjust          NULL

875


876
# define slh_dsa_shake_256f_evp_type        EVP_PKEY_SLH_DSA_SHAKE_256F

877
# define slh_dsa_shake_256f_d2i_private_key NULL

878
# define slh_dsa_shake_256f_d2i_public_key  NULL

879
# define slh_dsa_shake_256f_d2i_key_params  NULL

880
# define slh_dsa_shake_256f_d2i_PKCS8       slh_dsa_d2i_PKCS8

881
# define slh_dsa_shake_256f_d2i_PUBKEY      slh_dsa_d2i_PUBKEY

882
# define slh_dsa_shake_256f_free            (free_key_fn *)ossl_slh_dsa_key_free

883
# define slh_dsa_shake_256f_check           NULL

884
# define slh_dsa_shake_256f_adjust          NULL

885
#endif /* OPENSSL_NO_SLH_DSA */

886


887
/* ---------------------------------------------------------------------- */

888


889
#define rsa_evp_type                    EVP_PKEY_RSA

890
#define rsa_d2i_private_key             (d2i_of_void *)d2i_RSAPrivateKey

891
#define rsa_d2i_public_key              (d2i_of_void *)d2i_RSAPublicKey

892
#define rsa_d2i_key_params              NULL

893
#define rsa_free                        (free_key_fn *)RSA_free

894


895
static void *rsa_d2i_PKCS8(const unsigned char **der, long der_len,

896
                           struct der2key_ctx_st *ctx)

897
{

898
    return der2key_decode_p8(der, der_len, ctx,

899
                             (key_from_pkcs8_t *)ossl_rsa_key_from_pkcs8);

900
}

901


902
static void *

903
rsa_d2i_PUBKEY(const unsigned char **der, long der_len,

904
               ossl_unused struct der2key_ctx_st *ctx)

905
{

906
    return d2i_RSA_PUBKEY(NULL, der, der_len);

907
}

908


909
static int rsa_check(void *key, struct der2key_ctx_st *ctx)

910
{

911
    int valid;

912


913
    switch (RSA_test_flags(key, RSA_FLAG_TYPE_MASK)) {

914
    case RSA_FLAG_TYPE_RSA:

915
        valid = (ctx->desc->evp_type == EVP_PKEY_RSA);

916
        break;

917
    case RSA_FLAG_TYPE_RSASSAPSS:

918
        valid = (ctx->desc->evp_type == EVP_PKEY_RSA_PSS);

919
        break;

920
    default:

921
        /* Currently unsupported RSA key type */

922
        valid = 0;

923
    }

924


925
    valid = (valid && ossl_rsa_check_factors(key));

926


927
    return valid;

928
}

929


930
static void rsa_adjust(void *key, struct der2key_ctx_st *ctx)

931
{

932
    ossl_rsa_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));

933
}

934


935
#define rsapss_evp_type                 EVP_PKEY_RSA_PSS

936
#define rsapss_d2i_private_key          (d2i_of_void *)d2i_RSAPrivateKey

937
#define rsapss_d2i_public_key           (d2i_of_void *)d2i_RSAPublicKey

938
#define rsapss_d2i_key_params           NULL

939
#define rsapss_d2i_PKCS8                rsa_d2i_PKCS8

940
#define rsapss_d2i_PUBKEY               rsa_d2i_PUBKEY

941
#define rsapss_free                     (free_key_fn *)RSA_free

942
#define rsapss_check                    rsa_check

943
#define rsapss_adjust                   rsa_adjust

944


945
/* ---------------------------------------------------------------------- */

946


947
#ifndef OPENSSL_NO_ML_DSA

948
static void *

949
ml_dsa_d2i_PKCS8(const uint8_t **der, long der_len, struct der2key_ctx_st *ctx)

950
{

951
    ML_DSA_KEY *key;

952


953
    key = ossl_ml_dsa_d2i_PKCS8(*der, der_len, ctx->desc->evp_type,

954
                                ctx->provctx, ctx->propq);

955
    if (key != NULL)

956
        *der += der_len;

957
    return key;

958
}

959


960
static ossl_inline void * ml_dsa_d2i_PUBKEY(const uint8_t **der, long der_len,

961
                                            struct der2key_ctx_st *ctx)

962
{

963
    ML_DSA_KEY *key;

964


965
    key = ossl_ml_dsa_d2i_PUBKEY(*der, der_len, ctx->desc->evp_type,

966
                                 ctx->provctx, ctx->propq);

967
    if (key != NULL)

968
        *der += der_len;

969
    return key;

970
}

971


972
# define ml_dsa_44_evp_type                EVP_PKEY_ML_DSA_44

973
# define ml_dsa_44_d2i_private_key         NULL

974
# define ml_dsa_44_d2i_public_key          NULL

975
# define ml_dsa_44_d2i_key_params          NULL

976
# define ml_dsa_44_d2i_PUBKEY              ml_dsa_d2i_PUBKEY

977
# define ml_dsa_44_d2i_PKCS8               ml_dsa_d2i_PKCS8

978
# define ml_dsa_44_free                    (free_key_fn *)ossl_ml_dsa_key_free

979
# define ml_dsa_44_check                   NULL

980
# define ml_dsa_44_adjust                  NULL

981


982
# define ml_dsa_65_evp_type                EVP_PKEY_ML_DSA_65

983
# define ml_dsa_65_d2i_private_key         NULL

984
# define ml_dsa_65_d2i_public_key          NULL

985
# define ml_dsa_65_d2i_key_params          NULL

986
# define ml_dsa_65_d2i_PUBKEY              ml_dsa_d2i_PUBKEY

987
# define ml_dsa_65_d2i_PKCS8               ml_dsa_d2i_PKCS8

988
# define ml_dsa_65_free                    (free_key_fn *)ossl_ml_dsa_key_free

989
# define ml_dsa_65_check                   NULL

990
# define ml_dsa_65_adjust                  NULL

991


992
# define ml_dsa_87_evp_type               EVP_PKEY_ML_DSA_87

993
# define ml_dsa_87_d2i_private_key        NULL

994
# define ml_dsa_87_d2i_public_key         NULL

995
# define ml_dsa_87_d2i_PUBKEY             ml_dsa_d2i_PUBKEY

996
# define ml_dsa_87_d2i_PKCS8              ml_dsa_d2i_PKCS8

997
# define ml_dsa_87_d2i_key_params         NULL

998
# define ml_dsa_87_free                   (free_key_fn *)ossl_ml_dsa_key_free

999
# define ml_dsa_87_check                  NULL

1000
# define ml_dsa_87_adjust                 NULL

1001


1002
#endif

1003


1004
/* ---------------------------------------------------------------------- */

1005


1006
/*

1007
 * The DO_ macros help define the selection mask and the method functions

1008
 * for each kind of object we want to decode.

1009
 */

1010
#define DO_type_specific_keypair(keytype)               \

1011
    "type-specific", keytype##_evp_type,                \

1012
        ( OSSL_KEYMGMT_SELECT_KEYPAIR ),                \

1013
        keytype##_d2i_private_key,                      \

1014
        keytype##_d2i_public_key,                       \

1015
        NULL,                                           \

1016
        NULL,                                           \

1017
        NULL,                                           \

1018
        keytype##_check,                                \

1019
        keytype##_adjust,                               \

1020
        keytype##_free

1021


1022
#define DO_type_specific_pub(keytype)                   \

1023
    "type-specific", keytype##_evp_type,                \

1024
        ( OSSL_KEYMGMT_SELECT_PUBLIC_KEY ),             \

1025
        NULL,                                           \

1026
        keytype##_d2i_public_key,                       \

1027
        NULL,                                           \

1028
        NULL,                                           \

1029
        NULL,                                           \

1030
        keytype##_check,                                \

1031
        keytype##_adjust,                               \

1032
        keytype##_free

1033


1034
#define DO_type_specific_priv(keytype)                  \

1035
    "type-specific", keytype##_evp_type,                \

1036
        ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY ),            \

1037
        keytype##_d2i_private_key,                      \

1038
        NULL,                                           \

1039
        NULL,                                           \

1040
        NULL,                                           \

1041
        NULL,                                           \

1042
        keytype##_check,                                \

1043
        keytype##_adjust,                               \

1044
        keytype##_free

1045


1046
#define DO_type_specific_params(keytype)                \

1047
    "type-specific", keytype##_evp_type,                \

1048
        ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ),         \

1049
        NULL,                                           \

1050
        NULL,                                           \

1051
        keytype##_d2i_key_params,                       \

1052
        NULL,                                           \

1053
        NULL,                                           \

1054
        keytype##_check,                                \

1055
        keytype##_adjust,                               \

1056
        keytype##_free

1057


1058
#define DO_type_specific(keytype)                       \

1059
    "type-specific", keytype##_evp_type,                \

1060
        ( OSSL_KEYMGMT_SELECT_ALL ),                    \

1061
        keytype##_d2i_private_key,                      \

1062
        keytype##_d2i_public_key,                       \

1063
        keytype##_d2i_key_params,                       \

1064
        NULL,                                           \

1065
        NULL,                                           \

1066
        keytype##_check,                                \

1067
        keytype##_adjust,                               \

1068
        keytype##_free

1069


1070
#define DO_type_specific_no_pub(keytype)                \

1071
    "type-specific", keytype##_evp_type,                \

1072
        ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY               \

1073
          | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ),       \

1074
        keytype##_d2i_private_key,                      \

1075
        NULL,                                           \

1076
        keytype##_d2i_key_params,                       \

1077
        NULL,                                           \

1078
        NULL,                                           \

1079
        keytype##_check,                                \

1080
        keytype##_adjust,                               \

1081
        keytype##_free

1082


1083
#define DO_PrivateKeyInfo(keytype)                      \

1084
    "PrivateKeyInfo", keytype##_evp_type,               \

1085
        ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY ),            \

1086
        NULL,                                           \

1087
        NULL,                                           \

1088
        NULL,                                           \

1089
        keytype##_d2i_PKCS8,                            \

1090
        NULL,                                           \

1091
        keytype##_check,                                \

1092
        keytype##_adjust,                               \

1093
        keytype##_free

1094


1095
#define DO_SubjectPublicKeyInfo(keytype)                \

1096
    "SubjectPublicKeyInfo", keytype##_evp_type,         \

1097
        ( OSSL_KEYMGMT_SELECT_PUBLIC_KEY ),             \

1098
        NULL,                                           \

1099
        NULL,                                           \

1100
        NULL,                                           \

1101
        NULL,                                           \

1102
        keytype##_d2i_PUBKEY,                           \

1103
        keytype##_check,                                \

1104
        keytype##_adjust,                               \

1105
        keytype##_free

1106


1107
#define DO_DH(keytype)                                  \

1108
    "DH", keytype##_evp_type,                           \

1109
        ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ),         \

1110
        NULL,                                           \

1111
        NULL,                                           \

1112
        keytype##_d2i_key_params,                       \

1113
        NULL,                                           \

1114
        NULL,                                           \

1115
        keytype##_check,                                \

1116
        keytype##_adjust,                               \

1117
        keytype##_free

1118


1119
#define DO_DHX(keytype)                                 \

1120
    "DHX", keytype##_evp_type,                          \

1121
        ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ),         \

1122
        NULL,                                           \

1123
        NULL,                                           \

1124
        keytype##_d2i_key_params,                       \

1125
        NULL,                                           \

1126
        NULL,                                           \

1127
        keytype##_check,                                \

1128
        keytype##_adjust,                               \

1129
        keytype##_free

1130


1131
#define DO_DSA(keytype)                                 \

1132
    "DSA", keytype##_evp_type,                          \

1133
        ( OSSL_KEYMGMT_SELECT_ALL ),                    \

1134
        keytype##_d2i_private_key,                      \

1135
        keytype##_d2i_public_key,                       \

1136
        keytype##_d2i_key_params,                       \

1137
        NULL,                                           \

1138
        NULL,                                           \

1139
        keytype##_check,                                \

1140
        keytype##_adjust,                               \

1141
        keytype##_free

1142


1143
#define DO_EC(keytype)                                  \

1144
    "EC", keytype##_evp_type,                           \

1145
        ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY               \

1146
          | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ),       \

1147
        keytype##_d2i_private_key,                      \

1148
        NULL,                                           \

1149
        keytype##_d2i_key_params,                       \

1150
        NULL,                                           \

1151
        NULL,                                           \

1152
        keytype##_check,                                \

1153
        keytype##_adjust,                               \

1154
        keytype##_free

1155


1156
#define DO_RSA(keytype)                                 \

1157
    "RSA", keytype##_evp_type,                          \

1158
        ( OSSL_KEYMGMT_SELECT_KEYPAIR ),                \

1159
        keytype##_d2i_private_key,                      \

1160
        keytype##_d2i_public_key,                       \

1161
        NULL,                                           \

1162
        NULL,                                           \

1163
        NULL,                                           \

1164
        keytype##_check,                                \

1165
        keytype##_adjust,                               \

1166
        keytype##_free

1167


1168
/*

1169
 * MAKE_DECODER is the single driver for creating OSSL_DISPATCH tables.

1170
 * It takes the following arguments:

1171
 *

1172
 * keytype_name The implementation key type as a string.

1173
 * keytype      The implementation key type.  This must correspond exactly

1174
 *              to our existing keymgmt keytype names...  in other words,

1175
 *              there must exist an ossl_##keytype##_keymgmt_functions.

1176
 * type         The type name for the set of functions that implement the

1177
 *              decoder for the key type.  This isn't necessarily the same

1178
 *              as keytype.  For example, the key types ed25519, ed448,

1179
 *              x25519 and x448 are all handled by the same functions with

1180
 *              the common type name ecx.

1181
 * kind         The kind of support to implement.  This translates into

1182
 *              the DO_##kind macros above, to populate the keytype_desc_st

1183
 *              structure.

1184
 */

1185
#define MAKE_DECODER(keytype_name, keytype, type, kind)                 \

1186
    static const struct keytype_desc_st kind##_##keytype##_desc =       \

1187
        { keytype_name, ossl_##keytype##_keymgmt_functions,             \

1188
          DO_##kind(keytype) };                                         \

1189
                                                                        \

1190
    static OSSL_FUNC_decoder_newctx_fn kind##_der2##keytype##_newctx;   \

1191
                                                                        \

1192
    static void *kind##_der2##keytype##_newctx(void *provctx)           \

1193
    {                                                                   \

1194
        return der2key_newctx(provctx, &kind##_##keytype##_desc);       \

1195
    }                                                                   \

1196
    static int kind##_der2##keytype##_does_selection(void *provctx,     \

1197
                                                     int selection)     \

1198
    {                                                                   \

1199
        return der2key_check_selection(selection,                       \

1200
                                       &kind##_##keytype##_desc);       \

1201
    }                                                                   \

1202
    const OSSL_DISPATCH                                                 \

1203
    ossl_##kind##_der_to_##keytype##_decoder_functions[] = {            \

1204
        { OSSL_FUNC_DECODER_NEWCTX,                                     \

1205
          (void (*)(void))kind##_der2##keytype##_newctx },              \

1206
        { OSSL_FUNC_DECODER_FREECTX,                                    \

1207
          (void (*)(void))der2key_freectx },                            \

1208
        { OSSL_FUNC_DECODER_DOES_SELECTION,                             \

1209
          (void (*)(void))kind##_der2##keytype##_does_selection },      \

1210
        { OSSL_FUNC_DECODER_DECODE,                                     \

1211
          (void (*)(void))der2key_decode },                             \

1212
        { OSSL_FUNC_DECODER_EXPORT_OBJECT,                              \

1213
          (void (*)(void))der2key_export_object },                      \

1214
        { OSSL_FUNC_DECODER_SETTABLE_CTX_PARAMS,                        \

1215
          (void (*)(void))der2key_settable_ctx_params },                \

1216
        { OSSL_FUNC_DECODER_SET_CTX_PARAMS,                             \

1217
          (void (*)(void))der2key_set_ctx_params },                     \

1218
        OSSL_DISPATCH_END                                               \

1219
    }

1220


1221
#ifndef OPENSSL_NO_DH

1222
MAKE_DECODER("DH", dh, dh, PrivateKeyInfo);

1223
MAKE_DECODER("DH", dh, dh, SubjectPublicKeyInfo);

1224
MAKE_DECODER("DH", dh, dh, type_specific_params);

1225
MAKE_DECODER("DH", dh, dh, DH);

1226
MAKE_DECODER("DHX", dhx, dhx, PrivateKeyInfo);

1227
MAKE_DECODER("DHX", dhx, dhx, SubjectPublicKeyInfo);

1228
MAKE_DECODER("DHX", dhx, dhx, type_specific_params);

1229
MAKE_DECODER("DHX", dhx, dhx, DHX);

1230
#endif

1231
#ifndef OPENSSL_NO_DSA

1232
MAKE_DECODER("DSA", dsa, dsa, PrivateKeyInfo);

1233
MAKE_DECODER("DSA", dsa, dsa, SubjectPublicKeyInfo);

1234
MAKE_DECODER("DSA", dsa, dsa, type_specific);

1235
MAKE_DECODER("DSA", dsa, dsa, DSA);

1236
#endif

1237
#ifndef OPENSSL_NO_EC

1238
MAKE_DECODER("EC", ec, ec, PrivateKeyInfo);

1239
MAKE_DECODER("EC", ec, ec, SubjectPublicKeyInfo);

1240
MAKE_DECODER("EC", ec, ec, type_specific_no_pub);

1241
MAKE_DECODER("EC", ec, ec, EC);

1242
# ifndef OPENSSL_NO_ECX

1243
MAKE_DECODER("X25519", x25519, ecx, PrivateKeyInfo);

1244
MAKE_DECODER("X25519", x25519, ecx, SubjectPublicKeyInfo);

1245
MAKE_DECODER("X448", x448, ecx, PrivateKeyInfo);

1246
MAKE_DECODER("X448", x448, ecx, SubjectPublicKeyInfo);

1247
MAKE_DECODER("ED25519", ed25519, ecx, PrivateKeyInfo);

1248
MAKE_DECODER("ED25519", ed25519, ecx, SubjectPublicKeyInfo);

1249
MAKE_DECODER("ED448", ed448, ecx, PrivateKeyInfo);

1250
MAKE_DECODER("ED448", ed448, ecx, SubjectPublicKeyInfo);

1251
# endif

1252
# ifndef OPENSSL_NO_SM2

1253
MAKE_DECODER("SM2", sm2, ec, PrivateKeyInfo);

1254
MAKE_DECODER("SM2", sm2, ec, SubjectPublicKeyInfo);

1255
MAKE_DECODER("SM2", sm2, sm2, type_specific_no_pub);

1256
# endif

1257
#endif

1258
#ifndef OPENSSL_NO_ML_KEM

1259
MAKE_DECODER("ML-KEM-512", ml_kem_512, ml_kem_512, PrivateKeyInfo);

1260
MAKE_DECODER("ML-KEM-512", ml_kem_512, ml_kem_512, SubjectPublicKeyInfo);

1261
MAKE_DECODER("ML-KEM-768", ml_kem_768, ml_kem_768, PrivateKeyInfo);

1262
MAKE_DECODER("ML-KEM-768", ml_kem_768, ml_kem_768, SubjectPublicKeyInfo);

1263
MAKE_DECODER("ML-KEM-1024", ml_kem_1024, ml_kem_1024, PrivateKeyInfo);

1264
MAKE_DECODER("ML-KEM-1024", ml_kem_1024, ml_kem_1024, SubjectPublicKeyInfo);

1265
#endif

1266
#ifndef OPENSSL_NO_SLH_DSA

1267
MAKE_DECODER("SLH-DSA-SHA2-128s", slh_dsa_sha2_128s, slh_dsa, PrivateKeyInfo);

1268
MAKE_DECODER("SLH-DSA-SHA2-128f", slh_dsa_sha2_128f, slh_dsa, PrivateKeyInfo);

1269
MAKE_DECODER("SLH-DSA-SHA2-192s", slh_dsa_sha2_192s, slh_dsa, PrivateKeyInfo);

1270
MAKE_DECODER("SLH-DSA-SHA2-192f", slh_dsa_sha2_192f, slh_dsa, PrivateKeyInfo);

1271
MAKE_DECODER("SLH-DSA-SHA2-256s", slh_dsa_sha2_256s, slh_dsa, PrivateKeyInfo);

1272
MAKE_DECODER("SLH-DSA-SHA2-256f", slh_dsa_sha2_256f, slh_dsa, PrivateKeyInfo);

1273
MAKE_DECODER("SLH-DSA-SHAKE-128s", slh_dsa_shake_128s, slh_dsa, PrivateKeyInfo);

1274
MAKE_DECODER("SLH-DSA-SHAKE-128f", slh_dsa_shake_128f, slh_dsa, PrivateKeyInfo);

1275
MAKE_DECODER("SLH-DSA-SHAKE-192s", slh_dsa_shake_192s, slh_dsa, PrivateKeyInfo);

1276
MAKE_DECODER("SLH-DSA-SHAKE-192f", slh_dsa_shake_192f, slh_dsa, PrivateKeyInfo);

1277
MAKE_DECODER("SLH-DSA-SHAKE-256s", slh_dsa_shake_256s, slh_dsa, PrivateKeyInfo);

1278
MAKE_DECODER("SLH-DSA-SHAKE-256f", slh_dsa_shake_256f, slh_dsa, PrivateKeyInfo);

1279


1280
MAKE_DECODER("SLH-DSA-SHA2-128s", slh_dsa_sha2_128s, slh_dsa, SubjectPublicKeyInfo);

1281
MAKE_DECODER("SLH-DSA-SHA2-128f", slh_dsa_sha2_128f, slh_dsa, SubjectPublicKeyInfo);

1282
MAKE_DECODER("SLH-DSA-SHA2-192s", slh_dsa_sha2_192s, slh_dsa, SubjectPublicKeyInfo);

1283
MAKE_DECODER("SLH-DSA-SHA2-192f", slh_dsa_sha2_192f, slh_dsa, SubjectPublicKeyInfo);

1284
MAKE_DECODER("SLH-DSA-SHA2-256s", slh_dsa_sha2_256s, slh_dsa, SubjectPublicKeyInfo);

1285
MAKE_DECODER("SLH-DSA-SHA2-256f", slh_dsa_sha2_256f, slh_dsa, SubjectPublicKeyInfo);

1286
MAKE_DECODER("SLH-DSA-SHAKE-128s", slh_dsa_shake_128s, slh_dsa, SubjectPublicKeyInfo);

1287
MAKE_DECODER("SLH-DSA-SHAKE-128f", slh_dsa_shake_128f, slh_dsa, SubjectPublicKeyInfo);

1288
MAKE_DECODER("SLH-DSA-SHAKE-192s", slh_dsa_shake_192s, slh_dsa, SubjectPublicKeyInfo);

1289
MAKE_DECODER("SLH-DSA-SHAKE-192f", slh_dsa_shake_192f, slh_dsa, SubjectPublicKeyInfo);

1290
MAKE_DECODER("SLH-DSA-SHAKE-256s", slh_dsa_shake_256s, slh_dsa, SubjectPublicKeyInfo);

1291
MAKE_DECODER("SLH-DSA-SHAKE-256f", slh_dsa_shake_256f, slh_dsa, SubjectPublicKeyInfo);

1292
#endif /* OPENSSL_NO_SLH_DSA */

1293
MAKE_DECODER("RSA", rsa, rsa, PrivateKeyInfo);

1294
MAKE_DECODER("RSA", rsa, rsa, SubjectPublicKeyInfo);

1295
MAKE_DECODER("RSA", rsa, rsa, type_specific_keypair);

1296
MAKE_DECODER("RSA", rsa, rsa, RSA);

1297
MAKE_DECODER("RSA-PSS", rsapss, rsapss, PrivateKeyInfo);

1298
MAKE_DECODER("RSA-PSS", rsapss, rsapss, SubjectPublicKeyInfo);

1299


1300
#ifndef OPENSSL_NO_ML_DSA

1301
MAKE_DECODER("ML-DSA-44", ml_dsa_44, ml_dsa_44, PrivateKeyInfo);

1302
MAKE_DECODER("ML-DSA-44", ml_dsa_44, ml_dsa_44, SubjectPublicKeyInfo);

1303
MAKE_DECODER("ML-DSA-65", ml_dsa_65, ml_dsa_65, PrivateKeyInfo);

1304
MAKE_DECODER("ML-DSA-65", ml_dsa_65, ml_dsa_65, SubjectPublicKeyInfo);

1305
MAKE_DECODER("ML-DSA-87", ml_dsa_87, ml_dsa_87, PrivateKeyInfo);

1306
MAKE_DECODER("ML-DSA-87", ml_dsa_87, ml_dsa_87, SubjectPublicKeyInfo);

1307
#endif

1308


1309