2 * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * low level APIs are deprecated for public use, but still ok for
14 #include "internal/deprecated.h"
16 #include <openssl/core_dispatch.h>
17 #include <openssl/core_names.h>
18 #include <openssl/core_object.h>
19 #include <openssl/crypto.h>
20 #include <openssl/err.h>
21 #include <openssl/params.h>
22 #include <openssl/pem.h> /* PEM_BUFSIZE and public PEM functions */
23 #include <openssl/pkcs12.h>
24 #include <openssl/x509.h>
25 #include <openssl/proverr.h>
26 #include "internal/cryptlib.h" /* ossl_assert() */
27 #include "internal/asn1.h"
28 #include "crypto/dh.h"
29 #include "crypto/dsa.h"
30 #include "crypto/ec.h"
31 #include "crypto/evp.h"
32 #include "crypto/ecx.h"
33 #include "crypto/rsa.h"
34 #include "crypto/x509.h"
36 #include "prov/implementations.h"
37 #include "endecoder_local.h"
38 #include "internal/nelem.h"
40 struct der2key_ctx_st; /* Forward declaration */
41 typedef int check_key_fn(void *, struct der2key_ctx_st *ctx);
42 typedef void adjust_key_fn(void *, struct der2key_ctx_st *ctx);
43 typedef void free_key_fn(void *);
44 typedef void *d2i_PKCS8_fn(void **, const unsigned char **, long,
45 struct der2key_ctx_st *);
46 struct keytype_desc_st {
47 const char *keytype_name;
48 const OSSL_DISPATCH *fns; /* Keymgmt (to pilfer functions from) */
50 /* The input structure name */
51 const char *structure_name;
54 * The EVP_PKEY_xxx type macro. Should be zero for type specific
55 * structures, non-zero when the outermost structure is PKCS#8 or
56 * SubjectPublicKeyInfo. This determines which of the function
57 * pointers below will be used.
61 /* The selection mask for OSSL_FUNC_decoder_does_selection() */
64 /* For type specific decoders, we use the corresponding d2i */
65 d2i_of_void *d2i_private_key; /* From type-specific DER */
66 d2i_of_void *d2i_public_key; /* From type-specific DER */
67 d2i_of_void *d2i_key_params; /* From type-specific DER */
68 d2i_PKCS8_fn *d2i_PKCS8; /* Wrapped in a PrivateKeyInfo */
69 d2i_of_void *d2i_PUBKEY; /* Wrapped in a SubjectPublicKeyInfo */
72 * For any key, we may need to check that the key meets expectations.
73 * This is useful when the same functions can decode several variants
76 check_key_fn *check_key;
79 * For any key, we may need to make provider specific adjustments, such
80 * as ensure the key carries the correct library context.
82 adjust_key_fn *adjust_key;
84 free_key_fn *free_key;
88 * Context used for DER to key decoding.
90 struct der2key_ctx_st {
92 const struct keytype_desc_st *desc;
93 /* The selection that is passed to der2key_decode() */
95 /* Flag used to signal that a failure is fatal */
96 unsigned int flag_fatal : 1;
99 typedef void *key_from_pkcs8_t(const PKCS8_PRIV_KEY_INFO *p8inf,
100 OSSL_LIB_CTX *libctx, const char *propq);
101 static void *der2key_decode_p8(const unsigned char **input_der,
102 long input_der_len, struct der2key_ctx_st *ctx,
103 key_from_pkcs8_t *key_from_pkcs8)
105 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
106 const X509_ALGOR *alg = NULL;
109 if ((p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, input_der, input_der_len)) != NULL
110 && PKCS8_pkey_get0(NULL, NULL, NULL, &alg, p8inf)
111 && OBJ_obj2nid(alg->algorithm) == ctx->desc->evp_type)
112 key = key_from_pkcs8(p8inf, PROV_LIBCTX_OF(ctx->provctx), NULL);
113 PKCS8_PRIV_KEY_INFO_free(p8inf);
118 /* ---------------------------------------------------------------------- */
120 static OSSL_FUNC_decoder_freectx_fn der2key_freectx;
121 static OSSL_FUNC_decoder_decode_fn der2key_decode;
122 static OSSL_FUNC_decoder_export_object_fn der2key_export_object;
124 static struct der2key_ctx_st *
125 der2key_newctx(void *provctx, const struct keytype_desc_st *desc)
127 struct der2key_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx));
130 ctx->provctx = provctx;
136 static void der2key_freectx(void *vctx)
138 struct der2key_ctx_st *ctx = vctx;
143 static int der2key_check_selection(int selection,
144 const struct keytype_desc_st *desc)
147 * The selections are kinda sorta "levels", i.e. each selection given
148 * here is assumed to include those following.
151 OSSL_KEYMGMT_SELECT_PRIVATE_KEY,
152 OSSL_KEYMGMT_SELECT_PUBLIC_KEY,
153 OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
157 /* The decoder implementations made here support guessing */
161 for (i = 0; i < OSSL_NELEM(checks); i++) {
162 int check1 = (selection & checks[i]) != 0;
163 int check2 = (desc->selection_mask & checks[i]) != 0;
166 * If the caller asked for the currently checked bit(s), return
167 * whether the decoder description says it's supported.
173 /* This should be dead code, but just to be safe... */
177 static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
178 OSSL_CALLBACK *data_cb, void *data_cbarg,
179 OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
181 struct der2key_ctx_st *ctx = vctx;
182 unsigned char *der = NULL;
183 const unsigned char *derp;
188 ctx->selection = selection;
190 * The caller is allowed to specify 0 as a selection mark, to have the
191 * structure and key type guessed. For type-specific structures, this
192 * is not recommended, as some structures are very similar.
193 * Note that 0 isn't the same as OSSL_KEYMGMT_SELECT_ALL, as the latter
194 * signifies a private key structure, where everything else is assumed
195 * to be present as well.
198 selection = ctx->desc->selection_mask;
199 if ((selection & ctx->desc->selection_mask) == 0) {
200 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
204 ok = ossl_read_der(ctx->provctx, cin, &der, &der_len);
208 ok = 0; /* Assume that we fail */
211 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
213 if (ctx->desc->d2i_PKCS8 != NULL) {
214 key = ctx->desc->d2i_PKCS8(NULL, &derp, der_len, ctx);
215 if (ctx->flag_fatal) {
216 ERR_clear_last_mark();
219 } else if (ctx->desc->d2i_private_key != NULL) {
220 key = ctx->desc->d2i_private_key(NULL, &derp, der_len);
222 if (key == NULL && ctx->selection != 0) {
223 ERR_clear_last_mark();
227 if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
229 if (ctx->desc->d2i_PUBKEY != NULL)
230 key = ctx->desc->d2i_PUBKEY(NULL, &derp, der_len);
231 else if (ctx->desc->d2i_public_key != NULL)
232 key = ctx->desc->d2i_public_key(NULL, &derp, der_len);
233 if (key == NULL && ctx->selection != 0) {
234 ERR_clear_last_mark();
238 if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) {
240 if (ctx->desc->d2i_key_params != NULL)
241 key = ctx->desc->d2i_key_params(NULL, &derp, der_len);
242 if (key == NULL && ctx->selection != 0) {
243 ERR_clear_last_mark();
248 ERR_clear_last_mark();
253 * Last minute check to see if this was the correct type of key. This
254 * should never lead to a fatal error, i.e. the decoding itself was
255 * correct, it was just an unexpected key type. This is generally for
256 * classes of key types that have subtle variants, like RSA-PSS keys as
257 * opposed to plain RSA keys.
260 && ctx->desc->check_key != NULL
261 && !ctx->desc->check_key(key, ctx)) {
262 ctx->desc->free_key(key);
266 if (key != NULL && ctx->desc->adjust_key != NULL)
267 ctx->desc->adjust_key(key, ctx);
271 * Indicated that we successfully decoded something, or not at all.
272 * Ending up "empty handed" is not an error.
277 * We free memory here so it's not held up during the callback, because
278 * we know the process is recursive and the allocated chunks of memory
285 OSSL_PARAM params[4];
286 int object_type = OSSL_OBJECT_PKEY;
289 OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &object_type);
291 OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE,
292 (char *)ctx->desc->keytype_name,
294 /* The address of the key becomes the octet string */
296 OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE,
298 params[3] = OSSL_PARAM_construct_end();
300 ok = data_cb(params, data_cbarg);
304 ctx->desc->free_key(key);
310 static int der2key_export_object(void *vctx,
311 const void *reference, size_t reference_sz,
312 OSSL_CALLBACK *export_cb, void *export_cbarg)
314 struct der2key_ctx_st *ctx = vctx;
315 OSSL_FUNC_keymgmt_export_fn *export =
316 ossl_prov_get_keymgmt_export(ctx->desc->fns);
319 if (reference_sz == sizeof(keydata) && export != NULL) {
320 int selection = ctx->selection;
323 selection = OSSL_KEYMGMT_SELECT_ALL;
324 /* The contents of the reference is the address to our object */
325 keydata = *(void **)reference;
327 return export(keydata, selection, export_cb, export_cbarg);
332 /* ---------------------------------------------------------------------- */
334 #ifndef OPENSSL_NO_DH
335 # define dh_evp_type EVP_PKEY_DH
336 # define dh_d2i_private_key NULL
337 # define dh_d2i_public_key NULL
338 # define dh_d2i_key_params (d2i_of_void *)d2i_DHparams
340 static void *dh_d2i_PKCS8(void **key, const unsigned char **der, long der_len,
341 struct der2key_ctx_st *ctx)
343 return der2key_decode_p8(der, der_len, ctx,
344 (key_from_pkcs8_t *)ossl_dh_key_from_pkcs8);
347 # define dh_d2i_PUBKEY (d2i_of_void *)ossl_d2i_DH_PUBKEY
348 # define dh_free (free_key_fn *)DH_free
349 # define dh_check NULL
351 static void dh_adjust(void *key, struct der2key_ctx_st *ctx)
353 ossl_dh_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
356 # define dhx_evp_type EVP_PKEY_DHX
357 # define dhx_d2i_private_key NULL
358 # define dhx_d2i_public_key NULL
359 # define dhx_d2i_key_params (d2i_of_void *)d2i_DHxparams
360 # define dhx_d2i_PKCS8 dh_d2i_PKCS8
361 # define dhx_d2i_PUBKEY (d2i_of_void *)ossl_d2i_DHx_PUBKEY
362 # define dhx_free (free_key_fn *)DH_free
363 # define dhx_check NULL
364 # define dhx_adjust dh_adjust
367 /* ---------------------------------------------------------------------- */
369 #ifndef OPENSSL_NO_DSA
370 # define dsa_evp_type EVP_PKEY_DSA
371 # define dsa_d2i_private_key (d2i_of_void *)d2i_DSAPrivateKey
372 # define dsa_d2i_public_key (d2i_of_void *)d2i_DSAPublicKey
373 # define dsa_d2i_key_params (d2i_of_void *)d2i_DSAparams
375 static void *dsa_d2i_PKCS8(void **key, const unsigned char **der, long der_len,
376 struct der2key_ctx_st *ctx)
378 return der2key_decode_p8(der, der_len, ctx,
379 (key_from_pkcs8_t *)ossl_dsa_key_from_pkcs8);
382 # define dsa_d2i_PUBKEY (d2i_of_void *)ossl_d2i_DSA_PUBKEY
383 # define dsa_free (free_key_fn *)DSA_free
384 # define dsa_check NULL
386 static void dsa_adjust(void *key, struct der2key_ctx_st *ctx)
388 ossl_dsa_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
392 /* ---------------------------------------------------------------------- */
394 #ifndef OPENSSL_NO_EC
395 # define ec_evp_type EVP_PKEY_EC
396 # define ec_d2i_private_key (d2i_of_void *)d2i_ECPrivateKey
397 # define ec_d2i_public_key NULL
398 # define ec_d2i_key_params (d2i_of_void *)d2i_ECParameters
400 static void *ec_d2i_PKCS8(void **key, const unsigned char **der, long der_len,
401 struct der2key_ctx_st *ctx)
403 return der2key_decode_p8(der, der_len, ctx,
404 (key_from_pkcs8_t *)ossl_ec_key_from_pkcs8);
407 # define ec_d2i_PUBKEY (d2i_of_void *)d2i_EC_PUBKEY
408 # define ec_free (free_key_fn *)EC_KEY_free
410 static int ec_check(void *key, struct der2key_ctx_st *ctx)
412 /* We're trying to be clever by comparing two truths */
414 int sm2 = (EC_KEY_get_flags(key) & EC_FLAG_SM2_RANGE) != 0;
416 return sm2 == (ctx->desc->evp_type == EVP_PKEY_SM2);
419 static void ec_adjust(void *key, struct der2key_ctx_st *ctx)
421 ossl_ec_key_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
424 # ifndef OPENSSL_NO_ECX
426 * ED25519, ED448, X25519, X448 only implement PKCS#8 and SubjectPublicKeyInfo,
427 * so no d2i functions to be had.
430 static void *ecx_d2i_PKCS8(void **key, const unsigned char **der, long der_len,
431 struct der2key_ctx_st *ctx)
433 return der2key_decode_p8(der, der_len, ctx,
434 (key_from_pkcs8_t *)ossl_ecx_key_from_pkcs8);
437 static void ecx_key_adjust(void *key, struct der2key_ctx_st *ctx)
439 ossl_ecx_key_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
442 # define ed25519_evp_type EVP_PKEY_ED25519
443 # define ed25519_d2i_private_key NULL
444 # define ed25519_d2i_public_key NULL
445 # define ed25519_d2i_key_params NULL
446 # define ed25519_d2i_PKCS8 ecx_d2i_PKCS8
447 # define ed25519_d2i_PUBKEY (d2i_of_void *)ossl_d2i_ED25519_PUBKEY
448 # define ed25519_free (free_key_fn *)ossl_ecx_key_free
449 # define ed25519_check NULL
450 # define ed25519_adjust ecx_key_adjust
452 # define ed448_evp_type EVP_PKEY_ED448
453 # define ed448_d2i_private_key NULL
454 # define ed448_d2i_public_key NULL
455 # define ed448_d2i_key_params NULL
456 # define ed448_d2i_PKCS8 ecx_d2i_PKCS8
457 # define ed448_d2i_PUBKEY (d2i_of_void *)ossl_d2i_ED448_PUBKEY
458 # define ed448_free (free_key_fn *)ossl_ecx_key_free
459 # define ed448_check NULL
460 # define ed448_adjust ecx_key_adjust
462 # define x25519_evp_type EVP_PKEY_X25519
463 # define x25519_d2i_private_key NULL
464 # define x25519_d2i_public_key NULL
465 # define x25519_d2i_key_params NULL
466 # define x25519_d2i_PKCS8 ecx_d2i_PKCS8
467 # define x25519_d2i_PUBKEY (d2i_of_void *)ossl_d2i_X25519_PUBKEY
468 # define x25519_free (free_key_fn *)ossl_ecx_key_free
469 # define x25519_check NULL
470 # define x25519_adjust ecx_key_adjust
472 # define x448_evp_type EVP_PKEY_X448
473 # define x448_d2i_private_key NULL
474 # define x448_d2i_public_key NULL
475 # define x448_d2i_key_params NULL
476 # define x448_d2i_PKCS8 ecx_d2i_PKCS8
477 # define x448_d2i_PUBKEY (d2i_of_void *)ossl_d2i_X448_PUBKEY
478 # define x448_free (free_key_fn *)ossl_ecx_key_free
479 # define x448_check NULL
480 # define x448_adjust ecx_key_adjust
481 # endif /* OPENSSL_NO_ECX */
483 # ifndef OPENSSL_NO_SM2
484 # define sm2_evp_type EVP_PKEY_SM2
485 # define sm2_d2i_private_key (d2i_of_void *)d2i_ECPrivateKey
486 # define sm2_d2i_public_key NULL
487 # define sm2_d2i_key_params (d2i_of_void *)d2i_ECParameters
489 static void *sm2_d2i_PKCS8(void **key, const unsigned char **der, long der_len,
490 struct der2key_ctx_st *ctx)
492 return der2key_decode_p8(der, der_len, ctx,
493 (key_from_pkcs8_t *)ossl_ec_key_from_pkcs8);
496 # define sm2_d2i_PUBKEY (d2i_of_void *)d2i_EC_PUBKEY
497 # define sm2_free (free_key_fn *)EC_KEY_free
498 # define sm2_check ec_check
499 # define sm2_adjust ec_adjust
503 /* ---------------------------------------------------------------------- */
505 #define rsa_evp_type EVP_PKEY_RSA
506 #define rsa_d2i_private_key (d2i_of_void *)d2i_RSAPrivateKey
507 #define rsa_d2i_public_key (d2i_of_void *)d2i_RSAPublicKey
508 #define rsa_d2i_key_params NULL
510 static void *rsa_d2i_PKCS8(void **key, const unsigned char **der, long der_len,
511 struct der2key_ctx_st *ctx)
513 return der2key_decode_p8(der, der_len, ctx,
514 (key_from_pkcs8_t *)ossl_rsa_key_from_pkcs8);
517 #define rsa_d2i_PUBKEY (d2i_of_void *)d2i_RSA_PUBKEY
518 #define rsa_free (free_key_fn *)RSA_free
520 static int rsa_check(void *key, struct der2key_ctx_st *ctx)
522 switch (RSA_test_flags(key, RSA_FLAG_TYPE_MASK)) {
523 case RSA_FLAG_TYPE_RSA:
524 return ctx->desc->evp_type == EVP_PKEY_RSA;
525 case RSA_FLAG_TYPE_RSASSAPSS:
526 return ctx->desc->evp_type == EVP_PKEY_RSA_PSS;
529 /* Currently unsupported RSA key type */
533 static void rsa_adjust(void *key, struct der2key_ctx_st *ctx)
535 ossl_rsa_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
538 #define rsapss_evp_type EVP_PKEY_RSA_PSS
539 #define rsapss_d2i_private_key (d2i_of_void *)d2i_RSAPrivateKey
540 #define rsapss_d2i_public_key (d2i_of_void *)d2i_RSAPublicKey
541 #define rsapss_d2i_key_params NULL
542 #define rsapss_d2i_PKCS8 rsa_d2i_PKCS8
543 #define rsapss_d2i_PUBKEY (d2i_of_void *)d2i_RSA_PUBKEY
544 #define rsapss_free (free_key_fn *)RSA_free
545 #define rsapss_check rsa_check
546 #define rsapss_adjust rsa_adjust
548 /* ---------------------------------------------------------------------- */
551 * The DO_ macros help define the selection mask and the method functions
552 * for each kind of object we want to decode.
554 #define DO_type_specific_keypair(keytype) \
555 "type-specific", keytype##_evp_type, \
556 ( OSSL_KEYMGMT_SELECT_KEYPAIR ), \
557 keytype##_d2i_private_key, \
558 keytype##_d2i_public_key, \
566 #define DO_type_specific_pub(keytype) \
567 "type-specific", keytype##_evp_type, \
568 ( OSSL_KEYMGMT_SELECT_PUBLIC_KEY ), \
570 keytype##_d2i_public_key, \
578 #define DO_type_specific_priv(keytype) \
579 "type-specific", keytype##_evp_type, \
580 ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY ), \
581 keytype##_d2i_private_key, \
590 #define DO_type_specific_params(keytype) \
591 "type-specific", keytype##_evp_type, \
592 ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
595 keytype##_d2i_key_params, \
602 #define DO_type_specific(keytype) \
603 "type-specific", keytype##_evp_type, \
604 ( OSSL_KEYMGMT_SELECT_ALL ), \
605 keytype##_d2i_private_key, \
606 keytype##_d2i_public_key, \
607 keytype##_d2i_key_params, \
614 #define DO_type_specific_no_pub(keytype) \
615 "type-specific", keytype##_evp_type, \
616 ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY \
617 | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
618 keytype##_d2i_private_key, \
620 keytype##_d2i_key_params, \
627 #define DO_PrivateKeyInfo(keytype) \
628 "PrivateKeyInfo", keytype##_evp_type, \
629 ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY ), \
633 keytype##_d2i_PKCS8, \
639 #define DO_SubjectPublicKeyInfo(keytype) \
640 "SubjectPublicKeyInfo", keytype##_evp_type, \
641 ( OSSL_KEYMGMT_SELECT_PUBLIC_KEY ), \
646 keytype##_d2i_PUBKEY, \
651 #define DO_DH(keytype) \
652 "DH", keytype##_evp_type, \
653 ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
656 keytype##_d2i_key_params, \
663 #define DO_DHX(keytype) \
664 "DHX", keytype##_evp_type, \
665 ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
668 keytype##_d2i_key_params, \
675 #define DO_DSA(keytype) \
676 "DSA", keytype##_evp_type, \
677 ( OSSL_KEYMGMT_SELECT_ALL ), \
678 keytype##_d2i_private_key, \
679 keytype##_d2i_public_key, \
680 keytype##_d2i_key_params, \
687 #define DO_EC(keytype) \
688 "EC", keytype##_evp_type, \
689 ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY \
690 | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
691 keytype##_d2i_private_key, \
693 keytype##_d2i_key_params, \
700 #define DO_RSA(keytype) \
701 "RSA", keytype##_evp_type, \
702 ( OSSL_KEYMGMT_SELECT_KEYPAIR ), \
703 keytype##_d2i_private_key, \
704 keytype##_d2i_public_key, \
713 * MAKE_DECODER is the single driver for creating OSSL_DISPATCH tables.
714 * It takes the following arguments:
716 * keytype_name The implementation key type as a string.
717 * keytype The implementation key type. This must correspond exactly
718 * to our existing keymgmt keytype names... in other words,
719 * there must exist an ossl_##keytype##_keymgmt_functions.
720 * type The type name for the set of functions that implement the
721 * decoder for the key type. This isn't necessarily the same
722 * as keytype. For example, the key types ed25519, ed448,
723 * x25519 and x448 are all handled by the same functions with
724 * the common type name ecx.
725 * kind The kind of support to implement. This translates into
726 * the DO_##kind macros above, to populate the keytype_desc_st
729 #define MAKE_DECODER(keytype_name, keytype, type, kind) \
730 static const struct keytype_desc_st kind##_##keytype##_desc = \
731 { keytype_name, ossl_##keytype##_keymgmt_functions, \
732 DO_##kind(keytype) }; \
734 static OSSL_FUNC_decoder_newctx_fn kind##_der2##keytype##_newctx; \
736 static void *kind##_der2##keytype##_newctx(void *provctx) \
738 return der2key_newctx(provctx, &kind##_##keytype##_desc); \
740 static int kind##_der2##keytype##_does_selection(void *provctx, \
743 return der2key_check_selection(selection, \
744 &kind##_##keytype##_desc); \
746 const OSSL_DISPATCH \
747 ossl_##kind##_der_to_##keytype##_decoder_functions[] = { \
748 { OSSL_FUNC_DECODER_NEWCTX, \
749 (void (*)(void))kind##_der2##keytype##_newctx }, \
750 { OSSL_FUNC_DECODER_FREECTX, \
751 (void (*)(void))der2key_freectx }, \
752 { OSSL_FUNC_DECODER_DOES_SELECTION, \
753 (void (*)(void))kind##_der2##keytype##_does_selection }, \
754 { OSSL_FUNC_DECODER_DECODE, \
755 (void (*)(void))der2key_decode }, \
756 { OSSL_FUNC_DECODER_EXPORT_OBJECT, \
757 (void (*)(void))der2key_export_object }, \
761 #ifndef OPENSSL_NO_DH
762 MAKE_DECODER("DH", dh, dh, PrivateKeyInfo);
763 MAKE_DECODER("DH", dh, dh, SubjectPublicKeyInfo);
764 MAKE_DECODER("DH", dh, dh, type_specific_params);
765 MAKE_DECODER("DH", dh, dh, DH);
766 MAKE_DECODER("DHX", dhx, dhx, PrivateKeyInfo);
767 MAKE_DECODER("DHX", dhx, dhx, SubjectPublicKeyInfo);
768 MAKE_DECODER("DHX", dhx, dhx, type_specific_params);
769 MAKE_DECODER("DHX", dhx, dhx, DHX);
771 #ifndef OPENSSL_NO_DSA
772 MAKE_DECODER("DSA", dsa, dsa, PrivateKeyInfo);
773 MAKE_DECODER("DSA", dsa, dsa, SubjectPublicKeyInfo);
774 MAKE_DECODER("DSA", dsa, dsa, type_specific);
775 MAKE_DECODER("DSA", dsa, dsa, DSA);
777 #ifndef OPENSSL_NO_EC
778 MAKE_DECODER("EC", ec, ec, PrivateKeyInfo);
779 MAKE_DECODER("EC", ec, ec, SubjectPublicKeyInfo);
780 MAKE_DECODER("EC", ec, ec, type_specific_no_pub);
781 MAKE_DECODER("EC", ec, ec, EC);
782 # ifndef OPENSSL_NO_ECX
783 MAKE_DECODER("X25519", x25519, ecx, PrivateKeyInfo);
784 MAKE_DECODER("X25519", x25519, ecx, SubjectPublicKeyInfo);
785 MAKE_DECODER("X448", x448, ecx, PrivateKeyInfo);
786 MAKE_DECODER("X448", x448, ecx, SubjectPublicKeyInfo);
787 MAKE_DECODER("ED25519", ed25519, ecx, PrivateKeyInfo);
788 MAKE_DECODER("ED25519", ed25519, ecx, SubjectPublicKeyInfo);
789 MAKE_DECODER("ED448", ed448, ecx, PrivateKeyInfo);
790 MAKE_DECODER("ED448", ed448, ecx, SubjectPublicKeyInfo);
792 # ifndef OPENSSL_NO_SM2
793 MAKE_DECODER("SM2", sm2, ec, PrivateKeyInfo);
794 MAKE_DECODER("SM2", sm2, ec, SubjectPublicKeyInfo);
795 MAKE_DECODER("SM2", sm2, sm2, type_specific_no_pub);
798 MAKE_DECODER("RSA", rsa, rsa, PrivateKeyInfo);
799 MAKE_DECODER("RSA", rsa, rsa, SubjectPublicKeyInfo);
800 MAKE_DECODER("RSA", rsa, rsa, type_specific_keypair);
801 MAKE_DECODER("RSA", rsa, rsa, RSA);
802 MAKE_DECODER("RSA-PSS", rsapss, rsapss, PrivateKeyInfo);
803 MAKE_DECODER("RSA-PSS", rsapss, rsapss, SubjectPublicKeyInfo);