2 * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include <openssl/core_names.h>
11 #include <openssl/bio.h>
12 #include <openssl/params.h>
13 #include <openssl/provider.h>
14 #include <openssl/evperr.h>
15 #include <openssl/ecerr.h>
16 #include <openssl/pkcs12err.h>
17 #include <openssl/x509err.h>
18 #include <openssl/trace.h>
19 #include "internal/passphrase.h"
20 #include "internal/bio.h"
21 #include "crypto/decoder.h"
22 #include "encoder_local.h"
25 struct decoder_process_data_st {
26 OSSL_DECODER_CTX *ctx;
31 /* Index of the current decoder instance to be processed */
32 size_t current_decoder_inst_index;
33 /* For tracing, count recursion level */
37 static int decoder_process(const OSSL_PARAM params[], void *arg);
39 int OSSL_DECODER_from_bio(OSSL_DECODER_CTX *ctx, BIO *in)
41 struct decoder_process_data_st data;
45 if (BIO_tell(in) < 0) {
46 new_bio = BIO_new(BIO_f_readbuffer());
49 in = BIO_push(new_bio, in);
51 memset(&data, 0, sizeof(data));
55 /* Enable passphrase caching */
56 (void)ossl_pw_enable_passphrase_caching(&ctx->pwdata);
58 ok = decoder_process(NULL, &data);
60 /* Clear any internally cached passphrase */
61 (void)ossl_pw_clear_passphrase_cache(&ctx->pwdata);
63 if (new_bio != NULL) {
70 #ifndef OPENSSL_NO_STDIO
71 static BIO *bio_from_file(FILE *fp)
75 if ((b = BIO_new(BIO_s_file())) == NULL) {
76 ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_BIO_LIB);
79 BIO_set_fp(b, fp, BIO_NOCLOSE);
83 int OSSL_DECODER_from_fp(OSSL_DECODER_CTX *ctx, FILE *fp)
85 BIO *b = bio_from_file(fp);
89 ret = OSSL_DECODER_from_bio(ctx, b);
96 int OSSL_DECODER_from_data(OSSL_DECODER_CTX *ctx, const unsigned char **pdata,
102 if (pdata == NULL || *pdata == NULL || pdata_len == NULL) {
103 ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER);
107 membio = BIO_new_mem_buf(*pdata, (int)*pdata_len);
108 if (OSSL_DECODER_from_bio(ctx, membio)) {
109 *pdata_len = (size_t)BIO_get_mem_data(membio, pdata);
117 int OSSL_DECODER_CTX_set_selection(OSSL_DECODER_CTX *ctx, int selection)
119 if (!ossl_assert(ctx != NULL)) {
120 ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER);
125 * 0 is a valid selection, and means that the caller leaves
126 * it to code to discover what the selection is.
128 ctx->selection = selection;
132 int OSSL_DECODER_CTX_set_input_type(OSSL_DECODER_CTX *ctx,
133 const char *input_type)
135 if (!ossl_assert(ctx != NULL)) {
136 ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER);
141 * NULL is a valid starting input type, and means that the caller leaves
142 * it to code to discover what the starting input type is.
144 ctx->start_input_type = input_type;
148 int OSSL_DECODER_CTX_set_input_structure(OSSL_DECODER_CTX *ctx,
149 const char *input_structure)
151 if (!ossl_assert(ctx != NULL)) {
152 ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER);
157 * NULL is a valid starting input type, and means that the caller leaves
158 * it to code to discover what the starting input type is.
160 ctx->input_structure = input_structure;
164 OSSL_DECODER_INSTANCE *ossl_decoder_instance_new(OSSL_DECODER *decoder,
167 OSSL_DECODER_INSTANCE *decoder_inst = NULL;
168 OSSL_PARAM params[3];
170 if (!ossl_assert(decoder != NULL)) {
171 ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER);
175 if (decoder->get_params == NULL) {
176 ERR_raise(ERR_LIB_OSSL_DECODER,
177 OSSL_DECODER_R_MISSING_GET_PARAMS);
181 if ((decoder_inst = OPENSSL_zalloc(sizeof(*decoder_inst))) == NULL) {
182 ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_MALLOC_FAILURE);
185 if (!OSSL_DECODER_up_ref(decoder)) {
186 ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_INTERNAL_ERROR);
190 /* Cache the input type for this decoder */
192 OSSL_PARAM_construct_utf8_ptr(OSSL_DECODER_PARAM_INPUT_TYPE,
193 (char **)&decoder_inst->input_type, 0);
195 OSSL_PARAM_construct_utf8_ptr(OSSL_DECODER_PARAM_INPUT_STRUCTURE,
196 (char **)&decoder_inst->input_structure,
198 params[2] = OSSL_PARAM_construct_end();
200 if (!decoder->get_params(params)
201 || !OSSL_PARAM_modified(¶ms[0]))
204 decoder_inst->flag_input_structure_was_set =
205 OSSL_PARAM_modified(¶ms[1]);
206 decoder_inst->decoder = decoder;
207 decoder_inst->decoderctx = decoderctx;
210 ossl_decoder_instance_free(decoder_inst);
214 void ossl_decoder_instance_free(OSSL_DECODER_INSTANCE *decoder_inst)
216 if (decoder_inst != NULL) {
217 if (decoder_inst->decoder != NULL)
218 decoder_inst->decoder->freectx(decoder_inst->decoderctx);
219 decoder_inst->decoderctx = NULL;
220 OSSL_DECODER_free(decoder_inst->decoder);
221 decoder_inst->decoder = NULL;
222 OPENSSL_free(decoder_inst);
226 int ossl_decoder_ctx_add_decoder_inst(OSSL_DECODER_CTX *ctx,
227 OSSL_DECODER_INSTANCE *di)
231 if (ctx->decoder_insts == NULL
232 && (ctx->decoder_insts =
233 sk_OSSL_DECODER_INSTANCE_new_null()) == NULL) {
234 ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_MALLOC_FAILURE);
238 ok = (sk_OSSL_DECODER_INSTANCE_push(ctx->decoder_insts, di) > 0);
240 OSSL_TRACE_BEGIN(DECODER) {
242 "(ctx %p) Added decoder instance %p (decoder %p) with:\n",
243 (void *)ctx, (void *)di, (void *)di->decoder);
245 " input type: %s, input structure: %s\n",
246 di->input_type, di->input_structure);
247 } OSSL_TRACE_END(DECODER);
252 int OSSL_DECODER_CTX_add_decoder(OSSL_DECODER_CTX *ctx, OSSL_DECODER *decoder)
254 OSSL_DECODER_INSTANCE *decoder_inst = NULL;
255 const OSSL_PROVIDER *prov = NULL;
256 void *decoderctx = NULL;
257 void *provctx = NULL;
259 if (!ossl_assert(ctx != NULL) || !ossl_assert(decoder != NULL)) {
260 ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER);
264 prov = OSSL_DECODER_provider(decoder);
265 provctx = OSSL_PROVIDER_get0_provider_ctx(prov);
267 if ((decoderctx = decoder->newctx(provctx)) == NULL
269 ossl_decoder_instance_new(decoder, decoderctx)) == NULL)
271 /* Avoid double free of decoderctx on further errors */
274 if (!ossl_decoder_ctx_add_decoder_inst(ctx, decoder_inst))
279 ossl_decoder_instance_free(decoder_inst);
280 if (decoderctx != NULL)
281 decoder->freectx(decoderctx);
285 int OSSL_DECODER_CTX_add_extra(OSSL_DECODER_CTX *ctx,
286 OSSL_LIB_CTX *libctx, const char *propq)
289 * This function goes through existing decoder methods in
290 * |ctx->decoder_insts|, and tries to fetch new decoders that produce
291 * what the existing ones want as input, and push those newly fetched
292 * decoders on top of the same stack.
293 * Then it does the same again, but looping over the newly fetched
294 * decoders, until there are no more decoders to be fetched, or
295 * when we have done this 10 times.
297 * we do this with sliding windows on the stack by keeping track of indexes
301 * | DER to RSA | <--- w_prev_start
307 * | PEM to DER | <--- w_prev_end, w_new_start
311 size_t w_prev_start, w_prev_end; /* "previous" decoders */
312 size_t w_new_start, w_new_end; /* "new" decoders */
313 size_t count = 0; /* Calculates how many were added in each iteration */
314 size_t depth = 0; /* Counts the number of iterations */
316 if (!ossl_assert(ctx != NULL)) {
317 ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER);
322 * If there is no stack of OSSL_DECODER_INSTANCE, we have nothing
323 * more to add. That's fine.
325 if (ctx->decoder_insts == NULL)
329 w_prev_end = sk_OSSL_DECODER_INSTANCE_num(ctx->decoder_insts);
333 w_new_start = w_new_end = w_prev_end;
335 for (i = w_prev_start; i < w_prev_end; i++) {
336 OSSL_DECODER_INSTANCE *decoder_inst =
337 sk_OSSL_DECODER_INSTANCE_value(ctx->decoder_insts, i);
338 const char *input_type =
339 OSSL_DECODER_INSTANCE_get_input_type(decoder_inst);
340 OSSL_DECODER *decoder = NULL;
343 * If the caller has specified what the initial input should be,
344 * and the decoder implementation we're looking at has that
345 * input type, there's no point adding on more implementations
346 * on top of this one, so we don't.
348 if (ctx->start_input_type != NULL
349 && strcasecmp(ctx->start_input_type, input_type) == 0)
353 decoder = OSSL_DECODER_fetch(libctx, input_type, propq);
356 if (decoder != NULL) {
360 * Check that we don't already have this decoder in our
361 * stack We only need to check among the newly added ones.
363 for (j = w_new_start; j < w_new_end; j++) {
364 OSSL_DECODER_INSTANCE *check_inst =
365 sk_OSSL_DECODER_INSTANCE_value(ctx->decoder_insts, j);
367 if (decoder == check_inst->decoder) {
368 /* We found it, so drop the new fetch */
369 OSSL_DECODER_free(decoder);
380 * Apart from keeping w_new_end up to date, We don't care about
381 * errors here. If it doesn't collect, then it doesn't...
383 if (OSSL_DECODER_CTX_add_decoder(ctx, decoder)) /* ref++ */
385 OSSL_DECODER_free(decoder); /* ref-- */
387 /* How many were added in this iteration */
388 count = w_new_end - w_new_start;
390 /* Slide the "previous decoder" windows */
391 w_prev_start = w_new_start;
392 w_prev_end = w_new_end;
395 } while (count != 0 && depth <= 10);
400 int OSSL_DECODER_CTX_get_num_decoders(OSSL_DECODER_CTX *ctx)
402 if (ctx == NULL || ctx->decoder_insts == NULL)
404 return sk_OSSL_DECODER_INSTANCE_num(ctx->decoder_insts);
407 int OSSL_DECODER_CTX_set_construct(OSSL_DECODER_CTX *ctx,
408 OSSL_DECODER_CONSTRUCT *construct)
410 if (!ossl_assert(ctx != NULL)) {
411 ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER);
414 ctx->construct = construct;
418 int OSSL_DECODER_CTX_set_construct_data(OSSL_DECODER_CTX *ctx,
419 void *construct_data)
421 if (!ossl_assert(ctx != NULL)) {
422 ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER);
425 ctx->construct_data = construct_data;
429 int OSSL_DECODER_CTX_set_cleanup(OSSL_DECODER_CTX *ctx,
430 OSSL_DECODER_CLEANUP *cleanup)
432 if (!ossl_assert(ctx != NULL)) {
433 ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER);
436 ctx->cleanup = cleanup;
440 OSSL_DECODER_CONSTRUCT *
441 OSSL_DECODER_CTX_get_construct(OSSL_DECODER_CTX *ctx)
445 return ctx->construct;
448 void *OSSL_DECODER_CTX_get_construct_data(OSSL_DECODER_CTX *ctx)
452 return ctx->construct_data;
455 OSSL_DECODER_CLEANUP *
456 OSSL_DECODER_CTX_get_cleanup(OSSL_DECODER_CTX *ctx)
463 int OSSL_DECODER_export(OSSL_DECODER_INSTANCE *decoder_inst,
464 void *reference, size_t reference_sz,
465 OSSL_CALLBACK *export_cb, void *export_cbarg)
467 OSSL_DECODER *decoder = NULL;
468 void *decoderctx = NULL;
470 if (!(ossl_assert(decoder_inst != NULL)
471 && ossl_assert(reference != NULL)
472 && ossl_assert(export_cb != NULL)
473 && ossl_assert(export_cbarg != NULL))) {
474 ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER);
478 decoder = OSSL_DECODER_INSTANCE_get_decoder(decoder_inst);
479 decoderctx = OSSL_DECODER_INSTANCE_get_decoder_ctx(decoder_inst);
480 return decoder->export_object(decoderctx, reference, reference_sz,
481 export_cb, export_cbarg);
485 OSSL_DECODER_INSTANCE_get_decoder(OSSL_DECODER_INSTANCE *decoder_inst)
487 if (decoder_inst == NULL)
489 return decoder_inst->decoder;
493 OSSL_DECODER_INSTANCE_get_decoder_ctx(OSSL_DECODER_INSTANCE *decoder_inst)
495 if (decoder_inst == NULL)
497 return decoder_inst->decoderctx;
501 OSSL_DECODER_INSTANCE_get_input_type(OSSL_DECODER_INSTANCE *decoder_inst)
503 if (decoder_inst == NULL)
505 return decoder_inst->input_type;
509 OSSL_DECODER_INSTANCE_get_input_structure(OSSL_DECODER_INSTANCE *decoder_inst,
512 if (decoder_inst == NULL)
514 *was_set = decoder_inst->flag_input_structure_was_set;
515 return decoder_inst->input_structure;
518 static int decoder_process(const OSSL_PARAM params[], void *arg)
520 struct decoder_process_data_st *data = arg;
521 OSSL_DECODER_CTX *ctx = data->ctx;
522 OSSL_DECODER_INSTANCE *decoder_inst = NULL;
523 OSSL_DECODER *decoder = NULL;
524 OSSL_CORE_BIO *cbio = NULL;
525 BIO *bio = data->bio;
528 int err, lib, reason, ok = 0;
530 struct decoder_process_data_st new_data;
531 const char *data_type = NULL;
532 const char *data_structure = NULL;
534 memset(&new_data, 0, sizeof(new_data));
535 new_data.ctx = data->ctx;
536 new_data.recursion = data->recursion + 1;
538 #define LEVEL_STR ">>>>>>>>>>>>>>>>"
539 #define LEVEL (new_data.recursion < sizeof(LEVEL_STR) \
540 ? &LEVEL_STR[sizeof(LEVEL_STR) - new_data.recursion - 1] \
543 if (params == NULL) {
544 /* First iteration, where we prepare for what is to come */
546 OSSL_TRACE_BEGIN(DECODER) {
548 "(ctx %p) starting to walk the decoder chain\n",
549 (void *)new_data.ctx);
550 } OSSL_TRACE_END(DECODER);
552 data->current_decoder_inst_index =
553 OSSL_DECODER_CTX_get_num_decoders(ctx);
558 const char *trace_data_structure;
561 sk_OSSL_DECODER_INSTANCE_value(ctx->decoder_insts,
562 data->current_decoder_inst_index);
563 decoder = OSSL_DECODER_INSTANCE_get_decoder(decoder_inst);
565 if (ctx->construct != NULL
566 && ctx->construct(decoder_inst, params, ctx->construct_data)) {
571 /* The constructor didn't return success */
574 * so we try to use the object we got and feed it to any next
575 * decoder that will take it. Object references are not
577 * If this data isn't present, decoding has failed.
580 p = OSSL_PARAM_locate_const(params, OSSL_OBJECT_PARAM_DATA);
581 if (p == NULL || p->data_type != OSSL_PARAM_OCTET_STRING)
583 new_data.bio = BIO_new_mem_buf(p->data, (int)p->data_size);
584 if (new_data.bio == NULL)
588 /* Get the data type if there is one */
589 p = OSSL_PARAM_locate_const(params, OSSL_OBJECT_PARAM_DATA_TYPE);
590 if (p != NULL && !OSSL_PARAM_get_utf8_string_ptr(p, &data_type))
593 /* Get the data structure if there is one */
594 p = OSSL_PARAM_locate_const(params, OSSL_OBJECT_PARAM_DATA_STRUCTURE);
595 if (p != NULL && !OSSL_PARAM_get_utf8_string_ptr(p, &data_structure))
599 * If the data structure is "type-specific" and the data type is
600 * given, we drop the data structure. The reasoning is that the
601 * data type is already enough to find the applicable next decoder,
602 * so an additional "type-specific" data structure is extraneous.
604 * Furthermore, if the OSSL_DECODER caller asked for a type specific
605 * structure under another name, such as "DH", we get a mismatch
606 * if the data structure we just received is "type-specific".
607 * There's only so much you can do without infusing this code with
608 * too special knowledge.
610 trace_data_structure = data_structure;
611 if (data_type != NULL && data_structure != NULL
612 && strcasecmp(data_structure, "type-specific") == 0)
613 data_structure = NULL;
615 OSSL_TRACE_BEGIN(DECODER) {
617 "(ctx %p) %s incoming from previous decoder (%p):\n"
618 " data type: %s, data structure: %s%s\n",
619 (void *)new_data.ctx, LEVEL, (void *)decoder,
620 data_type, trace_data_structure,
621 (trace_data_structure == data_structure
622 ? "" : " (dropped)"));
623 } OSSL_TRACE_END(DECODER);
627 * If we have no more decoders to look through at this point,
630 if (data->current_decoder_inst_index == 0)
633 if ((loc = BIO_tell(bio)) < 0) {
634 ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_BIO_LIB);
638 if ((cbio = ossl_core_bio_new_from_bio(bio)) == NULL) {
639 ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_MALLOC_FAILURE);
643 for (i = data->current_decoder_inst_index; i-- > 0;) {
644 OSSL_DECODER_INSTANCE *new_decoder_inst =
645 sk_OSSL_DECODER_INSTANCE_value(ctx->decoder_insts, i);
646 OSSL_DECODER *new_decoder =
647 OSSL_DECODER_INSTANCE_get_decoder(new_decoder_inst);
648 void *new_decoderctx =
649 OSSL_DECODER_INSTANCE_get_decoder_ctx(new_decoder_inst);
650 const char *new_input_type =
651 OSSL_DECODER_INSTANCE_get_input_type(new_decoder_inst);
652 int n_i_s_was_set = 0; /* We don't care here */
653 const char *new_input_structure =
654 OSSL_DECODER_INSTANCE_get_input_structure(new_decoder_inst,
657 OSSL_TRACE_BEGIN(DECODER) {
659 "(ctx %p) %s [%u] Considering decoder instance %p, which has:\n"
660 " input type: %s, input structure: %s, decoder: %p\n",
661 (void *)new_data.ctx, LEVEL, (unsigned int)i,
662 (void *)new_decoder_inst, new_input_type,
663 new_input_structure, (void *)new_decoder);
664 } OSSL_TRACE_END(DECODER);
667 * If |decoder| is NULL, it means we've just started, and the caller
668 * may have specified what it expects the initial input to be. If
669 * that's the case, we do this extra check.
671 if (decoder == NULL && ctx->start_input_type != NULL
672 && strcasecmp(ctx->start_input_type, new_input_type) != 0) {
673 OSSL_TRACE_BEGIN(DECODER) {
675 "(ctx %p) %s [%u] the start input type '%s' doesn't match the input type of the considered decoder, skipping...\n",
676 (void *)new_data.ctx, LEVEL, (unsigned int)i,
677 ctx->start_input_type);
678 } OSSL_TRACE_END(DECODER);
683 * If we have a previous decoder, we check that the input type
684 * of the next to be used matches the type of this previous one.
685 * |new_input_type| holds the value of the "input-type" parameter
686 * for the decoder we're currently considering.
688 if (decoder != NULL && !OSSL_DECODER_is_a(decoder, new_input_type)) {
689 OSSL_TRACE_BEGIN(DECODER) {
691 "(ctx %p) %s [%u] the input type doesn't match the name of the previous decoder (%p), skipping...\n",
692 (void *)new_data.ctx, LEVEL, (unsigned int)i,
694 } OSSL_TRACE_END(DECODER);
699 * If the previous decoder gave us a data type, we check to see
700 * if that matches the decoder we're currently considering.
702 if (data_type != NULL && !OSSL_DECODER_is_a(new_decoder, data_type)) {
703 OSSL_TRACE_BEGIN(DECODER) {
705 "(ctx %p) %s [%u] the previous decoder's data type doesn't match the name of the considered decoder, skipping...\n",
706 (void *)new_data.ctx, LEVEL, (unsigned int)i);
707 } OSSL_TRACE_END(DECODER);
712 * If the previous decoder gave us a data structure name, we check
713 * to see that it matches the input data structure of the decoder
714 * we're currently considering.
716 if (data_structure != NULL
717 && (new_input_structure == NULL
718 || strcasecmp(data_structure, new_input_structure) != 0)) {
719 OSSL_TRACE_BEGIN(DECODER) {
721 "(ctx %p) %s [%u] the previous decoder's data structure doesn't match the input structure of the considered decoder, skipping...\n",
722 (void *)new_data.ctx, LEVEL, (unsigned int)i);
723 } OSSL_TRACE_END(DECODER);
728 * Checking the return value of BIO_reset() or BIO_seek() is unsafe.
729 * Furthermore, BIO_reset() is unsafe to use if the source BIO happens
730 * to be a BIO_s_mem(), because the earlier BIO_tell() gives us zero
731 * no matter where we are in the underlying buffer we're reading from.
733 * So, we simply do a BIO_seek(), and use BIO_tell() that we're back
734 * at the same position. This is a best effort attempt, but BIO_seek()
735 * and BIO_tell() should come as a pair...
737 (void)BIO_seek(bio, loc);
738 if (BIO_tell(bio) != loc)
742 OSSL_TRACE_BEGIN(DECODER) {
744 "(ctx %p) %s [%u] Running decoder instance %p\n",
745 (void *)new_data.ctx, LEVEL, (unsigned int)i,
746 (void *)new_decoder_inst);
747 } OSSL_TRACE_END(DECODER);
749 new_data.current_decoder_inst_index = i;
750 ok = new_decoder->decode(new_decoderctx, cbio,
751 new_data.ctx->selection,
752 decoder_process, &new_data,
753 ossl_pw_passphrase_callback_dec,
754 &new_data.ctx->pwdata);
756 OSSL_TRACE_BEGIN(DECODER) {
758 "(ctx %p) %s [%u] Running decoder instance %p => %d\n",
759 (void *)new_data.ctx, LEVEL, (unsigned int)i,
760 (void *)new_decoder_inst, ok);
761 } OSSL_TRACE_END(DECODER);
767 * These errors are assumed to come from ossl_store_handle_load_result()
768 * in crypto/store/store_result.c. They are currently considered fatal
769 * errors, so we preserve them in the error queue and stop.
771 err = ERR_peek_last_error();
772 lib = ERR_GET_LIB(err);
773 reason = ERR_GET_REASON(err);
774 if ((lib == ERR_LIB_EVP
775 && reason == EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM)
776 #ifndef OPENSSL_NO_EC
777 || (lib == ERR_LIB_EC && reason == EC_R_UNKNOWN_GROUP)
779 || (lib == ERR_LIB_X509 && reason == X509_R_UNSUPPORTED_ALGORITHM)
780 || (lib == ERR_LIB_PKCS12
781 && reason == PKCS12_R_PKCS12_CIPHERFINAL_ERROR))
786 ossl_core_bio_free(cbio);
787 BIO_free(new_data.bio);