2 * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * low level APIs are deprecated for public use, but still ok for
14 #include "internal/deprecated.h"
16 #include <openssl/core_dispatch.h>
17 #include <openssl/core_names.h>
18 #include <openssl/core_object.h>
19 #include <openssl/crypto.h>
20 #include <openssl/err.h>
21 #include <openssl/params.h>
22 #include <openssl/pem.h> /* PEM_BUFSIZE and public PEM functions */
23 #include <openssl/pkcs12.h>
24 #include <openssl/x509.h>
25 #include <openssl/proverr.h>
26 #include "internal/cryptlib.h" /* ossl_assert() */
27 #include "internal/asn1.h"
28 #include "crypto/dh.h"
29 #include "crypto/dsa.h"
30 #include "crypto/ec.h"
31 #include "crypto/evp.h"
32 #include "crypto/ecx.h"
33 #include "crypto/rsa.h"
34 #include "crypto/x509.h"
36 #include "prov/implementations.h"
37 #include "endecoder_local.h"
39 #define SET_ERR_MARK() ERR_set_mark()
40 #define CLEAR_ERR_MARK() \
42 int err = ERR_peek_last_error(); \
44 if (ERR_GET_LIB(err) == ERR_LIB_ASN1 \
45 && (ERR_GET_REASON(err) == ASN1_R_HEADER_TOO_LONG \
46 || ERR_GET_REASON(err) == ASN1_R_UNSUPPORTED_TYPE \
47 || ERR_GET_REASON(err) == ERR_R_NESTED_ASN1_ERROR)) \
50 ERR_clear_last_mark(); \
52 #define RESET_ERR_MARK() \
58 static int read_der(PROV_CTX *provctx, OSSL_CORE_BIO *cin,
59 unsigned char **data, long *len)
62 BIO *in = ossl_bio_new_from_core_bio(provctx, cin);
63 int ok = (asn1_d2i_read_bio(in, &mem) >= 0);
66 *data = (unsigned char *)mem->data;
67 *len = (long)mem->length;
74 static int der_from_p8(unsigned char **new_der, long *new_der_len,
75 unsigned char *input_der, long input_der_len,
76 OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
78 const unsigned char *derp;
82 if (!ossl_assert(new_der != NULL && *new_der == NULL)
83 || !ossl_assert(new_der_len != NULL))
87 if ((p8 = d2i_X509_SIG(NULL, &derp, input_der_len)) != NULL) {
88 char pbuf[PEM_BUFSIZE];
91 if (!pw_cb(pbuf, sizeof(pbuf), &plen, NULL, pw_cbarg)) {
92 ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PASSPHRASE);
94 const X509_ALGOR *alg = NULL;
95 const ASN1_OCTET_STRING *oct = NULL;
98 X509_SIG_get0(p8, &alg, &oct);
99 if (PKCS12_pbe_crypt(alg, pbuf, plen, oct->data, oct->length,
100 new_der, &len, 0) != NULL)
109 /* ---------------------------------------------------------------------- */
111 static OSSL_FUNC_decoder_freectx_fn der2key_freectx;
112 static OSSL_FUNC_decoder_decode_fn der2key_decode;
113 static OSSL_FUNC_decoder_export_object_fn der2key_export_object;
115 struct der2key_ctx_st; /* Forward declaration */
116 typedef void *(extract_key_fn)(EVP_PKEY *);
117 typedef void (adjust_key_fn)(void *, struct der2key_ctx_st *ctx);
118 typedef void (free_key_fn)(void *);
119 struct keytype_desc_st {
120 const char *keytype_name;
121 const OSSL_DISPATCH *fns; /* Keymgmt (to pilfer functions from) */
123 /* The input structure name */
124 const char *structure_name;
127 * The EVP_PKEY_xxx type macro. Should be zero for type specific
128 * structures, non-zero when the outermost structure is PKCS#8 or
129 * SubjectPublicKeyInfo. This determines which of the function
130 * pointers below will be used.
134 /* The selection mask for OSSL_FUNC_decoder_does_selection() */
137 /* For type specific decoders, we use the corresponding d2i */
138 d2i_of_void *d2i_private_key;
139 d2i_of_void *d2i_public_key;
140 d2i_of_void *d2i_key_params;
143 * For PKCS#8 decoders, we use EVP_PKEY extractors, EVP_PKEY_get1_{TYPE}()
145 extract_key_fn *extract_key;
147 * For any key, we may need to make provider specific adjustments, such
148 * as ensure the key carries the correct library context.
150 adjust_key_fn *adjust_key;
152 free_key_fn *free_key;
156 * Context used for DER to key decoding.
158 struct der2key_ctx_st {
160 const struct keytype_desc_st *desc;
163 static struct der2key_ctx_st *
164 der2key_newctx(void *provctx, const struct keytype_desc_st *desc)
166 struct der2key_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx));
169 ctx->provctx = provctx;
175 static void der2key_freectx(void *vctx)
177 struct der2key_ctx_st *ctx = vctx;
182 static const OSSL_PARAM *
183 der2key_gettable_params(void *provctx, const struct keytype_desc_st *desc)
185 static const OSSL_PARAM gettables[] = {
186 { OSSL_DECODER_PARAM_INPUT_TYPE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 },
189 static const OSSL_PARAM gettables_w_structure[] = {
190 { OSSL_DECODER_PARAM_INPUT_TYPE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 },
191 { OSSL_DECODER_PARAM_INPUT_STRUCTURE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 },
195 return desc->structure_name != NULL ? gettables_w_structure : gettables;
198 static int der2key_get_params(OSSL_PARAM params[],
199 const struct keytype_desc_st *desc)
203 p = OSSL_PARAM_locate(params, OSSL_DECODER_PARAM_INPUT_TYPE);
204 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "DER"))
206 if (desc->structure_name != NULL) {
207 p = OSSL_PARAM_locate(params, OSSL_DECODER_PARAM_INPUT_STRUCTURE);
208 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, desc->structure_name))
215 static int der2key_check_selection(int selection,
216 const struct keytype_desc_st *desc)
219 * The selections are kinda sorta "levels", i.e. each selection given
220 * here is assumed to include those following.
223 OSSL_KEYMGMT_SELECT_PRIVATE_KEY,
224 OSSL_KEYMGMT_SELECT_PUBLIC_KEY,
225 OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
229 /* The decoder implementations made here support guessing */
233 for (i = 0; i < OSSL_NELEM(checks); i++) {
234 int check1 = (selection & checks[i]) != 0;
235 int check2 = (desc->selection_mask & checks[i]) != 0;
238 * If the caller asked for the currently checked bit(s), return
239 * whether the decoder description says it's supported.
245 /* This should be dead code, but just to be safe... */
249 static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
250 OSSL_CALLBACK *data_cb, void *data_cbarg,
251 OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
253 struct der2key_ctx_st *ctx = vctx;
254 void *libctx = PROV_LIBCTX_OF(ctx->provctx);
255 unsigned char *der = NULL;
256 const unsigned char *derp;
258 unsigned char *new_der = NULL;
260 EVP_PKEY *pkey = NULL;
262 int orig_selection = selection;
267 * The caller is allowed to specify 0 as a selection mark, to have the
268 * structure and key type guessed. For type-specific structures, this
269 * is not recommended, as some structures are very similar.
270 * Note that 0 isn't the same as OSSL_KEYMGMT_SELECT_ALL, as the latter
271 * signifies a private key structure, where everything else is assumed
272 * to be present as well.
275 selection = ctx->desc->selection_mask;
276 if ((selection & ctx->desc->selection_mask) == 0) {
277 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
282 if (!read_der(ctx->provctx, cin, &der, &der_len))
285 if (ctx->desc->extract_key == NULL) {
287 * There's no EVP_PKEY extractor, so we use the type specific
291 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
292 key = ctx->desc->d2i_private_key(NULL, &derp, der_len);
293 if (key == NULL && orig_selection != 0)
297 && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
298 key = ctx->desc->d2i_public_key(NULL, &derp, der_len);
299 if (key == NULL && orig_selection != 0)
303 && (selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) {
304 key = ctx->desc->d2i_key_params(NULL, &derp, der_len);
308 * There is a EVP_PKEY extractor, so we use the more generic
309 * EVP_PKEY functions, since they know how to unpack PKCS#8 and
310 * SubjectPublicKeyInfo.
314 * Opportunistic attempt to decrypt. If it doesn't work, we try
315 * to decode our input unencrypted.
317 if (der_from_p8(&new_der, &new_der_len, der, der_len,
321 der_len = new_der_len;
323 /* decryption errors are fatal and should be reported */
324 dec_err = ERR_peek_last_error();
325 if (ERR_GET_LIB(dec_err) == ERR_LIB_PROV
326 && ERR_GET_REASON(dec_err) == PROV_R_BAD_DECRYPT)
330 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
332 pkey = evp_privatekey_from_binary(ctx->desc->evp_type, NULL,
333 &derp, der_len, libctx, NULL);
337 && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
340 pkey = ossl_d2i_PUBKEY_legacy(NULL, &derp, der_len);
345 * Tear out the low-level key pointer from the pkey,
346 * but only if it matches the expected key type.
348 * The check should be done with EVP_PKEY_is_a(), but
349 * as long as we still have #legacy internal keys, it's safer
350 * to use the type numbers inside the provider.
352 if (EVP_PKEY_id(pkey) == ctx->desc->evp_type)
353 key = ctx->desc->extract_key(pkey);
356 * ctx->desc->extract_key() is expected to have incremented
357 * |key|'s reference count, so it should be safe to free |pkey|
364 if (key != NULL && ctx->desc->adjust_key != NULL)
365 ctx->desc->adjust_key(key, ctx);
369 * Prune low-level ASN.1 parse errors from error queue, assuming
370 * that this is called by decoder_process() in a loop trying several
378 OSSL_PARAM params[4];
379 int object_type = OSSL_OBJECT_PKEY;
382 OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &object_type);
384 OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE,
385 (char *)ctx->desc->keytype_name,
387 /* The address of the key becomes the octet string */
389 OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE,
391 params[3] = OSSL_PARAM_construct_end();
393 ok = data_cb(params, data_cbarg);
395 ctx->desc->free_key(key);
400 static int der2key_export_object(void *vctx,
401 const void *reference, size_t reference_sz,
402 OSSL_CALLBACK *export_cb, void *export_cbarg)
404 struct der2key_ctx_st *ctx = vctx;
405 OSSL_FUNC_keymgmt_export_fn *export =
406 ossl_prov_get_keymgmt_export(ctx->desc->fns);
409 if (reference_sz == sizeof(keydata) && export != NULL) {
410 /* The contents of the reference is the address to our object */
411 keydata = *(void **)reference;
413 return export(keydata, OSSL_KEYMGMT_SELECT_ALL,
414 export_cb, export_cbarg);
419 /* ---------------------------------------------------------------------- */
421 #ifndef OPENSSL_NO_DH
422 # define dh_evp_type EVP_PKEY_DH
423 # define dh_evp_extract (extract_key_fn *)EVP_PKEY_get1_DH
424 # define dh_d2i_private_key NULL
425 # define dh_d2i_public_key NULL
426 # define dh_d2i_key_params (d2i_of_void *)d2i_DHparams
427 # define dh_free (free_key_fn *)DH_free
429 static void dh_adjust(void *key, struct der2key_ctx_st *ctx)
431 ossl_dh_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
434 # define dhx_evp_type EVP_PKEY_DHX
435 # define dhx_evp_extract (extract_key_fn *)EVP_PKEY_get1_DH
436 # define dhx_d2i_private_key NULL
437 # define dhx_d2i_public_key NULL
438 # define dhx_d2i_key_params (d2i_of_void *)d2i_DHxparams
439 # define dhx_free (free_key_fn *)DH_free
440 # define dhx_adjust dh_adjust
443 /* ---------------------------------------------------------------------- */
445 #ifndef OPENSSL_NO_DSA
446 # define dsa_evp_type EVP_PKEY_DSA
447 # define dsa_evp_extract (extract_key_fn *)EVP_PKEY_get1_DSA
448 # define dsa_d2i_private_key (d2i_of_void *)d2i_DSAPrivateKey
449 # define dsa_d2i_public_key (d2i_of_void *)d2i_DSAPublicKey
450 # define dsa_d2i_key_params (d2i_of_void *)d2i_DSAparams
451 # define dsa_free (free_key_fn *)DSA_free
453 static void dsa_adjust(void *key, struct der2key_ctx_st *ctx)
455 ossl_dsa_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
459 /* ---------------------------------------------------------------------- */
461 #ifndef OPENSSL_NO_EC
462 # define ec_evp_type EVP_PKEY_EC
463 # define ec_evp_extract (extract_key_fn *)EVP_PKEY_get1_EC_KEY
464 # define ec_d2i_private_key (d2i_of_void *)d2i_ECPrivateKey
465 # define ec_d2i_public_key NULL
466 # define ec_d2i_key_params (d2i_of_void *)d2i_ECParameters
467 # define ec_free (free_key_fn *)EC_KEY_free
469 static void ec_adjust(void *key, struct der2key_ctx_st *ctx)
471 ossl_ec_key_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
475 * ED25519, ED448, X25519, X448 only implement PKCS#8 and SubjectPublicKeyInfo,
476 * so no d2i functions to be had.
479 static void ecx_key_adjust(void *key, struct der2key_ctx_st *ctx)
481 ossl_ecx_key_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
484 # define ed25519_evp_type EVP_PKEY_ED25519
485 # define ed25519_evp_extract (extract_key_fn *)ossl_evp_pkey_get1_ED25519
486 # define ed25519_d2i_private_key NULL
487 # define ed25519_d2i_public_key NULL
488 # define ed25519_d2i_key_params NULL
489 # define ed25519_free (free_key_fn *)ossl_ecx_key_free
490 # define ed25519_adjust ecx_key_adjust
492 # define ed448_evp_type EVP_PKEY_ED448
493 # define ed448_evp_extract (extract_key_fn *)ossl_evp_pkey_get1_ED448
494 # define ed448_d2i_private_key NULL
495 # define ed448_d2i_public_key NULL
496 # define ed448_d2i_key_params NULL
497 # define ed448_free (free_key_fn *)ossl_ecx_key_free
498 # define ed448_adjust ecx_key_adjust
500 # define x25519_evp_type EVP_PKEY_X25519
501 # define x25519_evp_extract (extract_key_fn *)ossl_evp_pkey_get1_X25519
502 # define x25519_d2i_private_key NULL
503 # define x25519_d2i_public_key NULL
504 # define x25519_d2i_key_params NULL
505 # define x25519_free (free_key_fn *)ossl_ecx_key_free
506 # define x25519_adjust ecx_key_adjust
508 # define x448_evp_type EVP_PKEY_X448
509 # define x448_evp_extract (extract_key_fn *)ossl_evp_pkey_get1_X448
510 # define x448_d2i_private_key NULL
511 # define x448_d2i_public_key NULL
512 # define x448_d2i_key_params NULL
513 # define x448_free (free_key_fn *)ossl_ecx_key_free
514 # define x448_adjust ecx_key_adjust
516 # ifndef OPENSSL_NO_SM2
517 # define sm2_evp_type EVP_PKEY_SM2
518 # define sm2_evp_extract (extract_key_fn *)EVP_PKEY_get1_EC_KEY
519 # define sm2_d2i_private_key (d2i_of_void *)d2i_ECPrivateKey
520 # define sm2_d2i_public_key NULL
521 # define sm2_d2i_key_params (d2i_of_void *)d2i_ECParameters
522 # define sm2_free (free_key_fn *)EC_KEY_free
523 # define sm2_adjust ec_adjust
527 /* ---------------------------------------------------------------------- */
529 #define rsa_evp_type EVP_PKEY_RSA
530 #define rsa_evp_extract (extract_key_fn *)EVP_PKEY_get1_RSA
531 #define rsa_d2i_private_key (d2i_of_void *)d2i_RSAPrivateKey
532 #define rsa_d2i_public_key (d2i_of_void *)d2i_RSAPublicKey
533 #define rsa_d2i_key_params NULL
534 #define rsa_free (free_key_fn *)RSA_free
536 static void rsa_adjust(void *key, struct der2key_ctx_st *ctx)
538 ossl_rsa_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
541 #define rsapss_evp_type EVP_PKEY_RSA_PSS
542 #define rsapss_evp_extract (extract_key_fn *)EVP_PKEY_get1_RSA
543 #define rsapss_d2i_private_key (d2i_of_void *)d2i_RSAPrivateKey
544 #define rsapss_d2i_public_key (d2i_of_void *)d2i_RSAPublicKey
545 #define rsapss_d2i_key_params NULL
546 #define rsapss_free (free_key_fn *)RSA_free
547 #define rsapss_adjust rsa_adjust
549 /* ---------------------------------------------------------------------- */
552 * The DO_ macros help define the selection mask and the method functions
553 * for each kind of object we want to decode.
555 #define DO_type_specific_keypair(keytype) \
556 "type-specific", 0, \
557 ( OSSL_KEYMGMT_SELECT_KEYPAIR ), \
558 keytype##_d2i_private_key, \
559 keytype##_d2i_public_key, \
565 #define DO_type_specific_pub(keytype) \
566 "type-specific", 0, \
567 ( OSSL_KEYMGMT_SELECT_PUBLIC_KEY ), \
569 keytype##_d2i_public_key, \
575 #define DO_type_specific_priv(keytype) \
576 "type-specific", 0, \
577 ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY ), \
578 keytype##_d2i_private_key, \
585 #define DO_type_specific_params(keytype) \
586 "type-specific", 0, \
587 ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
590 keytype##_d2i_key_params, \
595 #define DO_type_specific(keytype) \
596 "type-specific", 0, \
597 ( OSSL_KEYMGMT_SELECT_ALL ), \
598 keytype##_d2i_private_key, \
599 keytype##_d2i_public_key, \
600 keytype##_d2i_key_params, \
605 #define DO_type_specific_no_pub(keytype) \
606 "type-specific", 0, \
607 ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY \
608 | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
609 keytype##_d2i_private_key, \
611 keytype##_d2i_key_params, \
616 #define DO_PKCS8(keytype) \
617 "pkcs8", keytype##_evp_type, \
618 ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY ), \
622 keytype##_evp_extract, \
626 #define DO_SubjectPublicKeyInfo(keytype) \
627 "SubjectPublicKeyInfo", keytype##_evp_type, \
628 ( OSSL_KEYMGMT_SELECT_PUBLIC_KEY ), \
632 keytype##_evp_extract, \
636 #define DO_DH(keytype) \
638 ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
641 keytype##_d2i_key_params, \
646 #define DO_DHX(keytype) \
648 ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
651 keytype##_d2i_key_params, \
656 #define DO_DSA(keytype) \
658 ( OSSL_KEYMGMT_SELECT_ALL ), \
659 keytype##_d2i_private_key, \
660 keytype##_d2i_public_key, \
661 keytype##_d2i_key_params, \
666 #define DO_EC(keytype) \
668 ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY \
669 | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
670 keytype##_d2i_private_key, \
672 keytype##_d2i_key_params, \
677 #define DO_RSA(keytype) \
679 ( OSSL_KEYMGMT_SELECT_KEYPAIR ), \
680 keytype##_d2i_private_key, \
681 keytype##_d2i_public_key, \
688 * MAKE_DECODER is the single driver for creating OSSL_DISPATCH tables.
689 * It takes the following arguments:
691 * keytype_name The implementation key type as a string.
692 * keytype The implementation key type. This must correspond exactly
693 * to our existing keymgmt keytype names... in other words,
694 * there must exist an ossl_##keytype##_keymgmt_functions.
695 * type The type name for the set of functions that implement the
696 * decoder for the key type. This isn't necessarily the same
697 * as keytype. For example, the key types ed25519, ed448,
698 * x25519 and x448 are all handled by the same functions with
699 * the common type name ecx.
700 * kind The kind of support to implement. This translates into
701 * the DO_##kind macros above, to populate the keytype_desc_st
704 #define MAKE_DECODER(keytype_name, keytype, type, kind) \
705 static const struct keytype_desc_st kind##_##keytype##_desc = \
706 { keytype_name, ossl_##keytype##_keymgmt_functions, \
707 DO_##kind(keytype) }; \
709 static OSSL_FUNC_decoder_newctx_fn kind##_der2##keytype##_newctx; \
710 static OSSL_FUNC_decoder_gettable_params_fn \
711 kind##_der2##keytype##_gettable_params; \
712 static OSSL_FUNC_decoder_get_params_fn \
713 kind##_der2##keytype##_get_params; \
715 static void *kind##_der2##keytype##_newctx(void *provctx) \
717 return der2key_newctx(provctx, &kind##_##keytype##_desc); \
719 static const OSSL_PARAM * \
720 kind##_der2##keytype##_gettable_params(void *provctx) \
723 der2key_gettable_params(provctx, &kind##_##keytype##_desc); \
725 static int kind##_der2##keytype##_get_params(OSSL_PARAM params[]) \
727 return der2key_get_params(params, &kind##_##keytype##_desc); \
729 static int kind##_der2##keytype##_does_selection(void *provctx, \
732 return der2key_check_selection(selection, \
733 &kind##_##keytype##_desc); \
735 const OSSL_DISPATCH \
736 ossl_##kind##_der_to_##keytype##_decoder_functions[] = { \
737 { OSSL_FUNC_DECODER_NEWCTX, \
738 (void (*)(void))kind##_der2##keytype##_newctx }, \
739 { OSSL_FUNC_DECODER_FREECTX, \
740 (void (*)(void))der2key_freectx }, \
741 { OSSL_FUNC_DECODER_GETTABLE_PARAMS, \
742 (void (*)(void))kind##_der2##keytype##_gettable_params }, \
743 { OSSL_FUNC_DECODER_GET_PARAMS, \
744 (void (*)(void))kind##_der2##keytype##_get_params }, \
745 { OSSL_FUNC_DECODER_DOES_SELECTION, \
746 (void (*)(void))kind##_der2##keytype##_does_selection }, \
747 { OSSL_FUNC_DECODER_DECODE, \
748 (void (*)(void))der2key_decode }, \
749 { OSSL_FUNC_DECODER_EXPORT_OBJECT, \
750 (void (*)(void))der2key_export_object }, \
754 #ifndef OPENSSL_NO_DH
755 MAKE_DECODER("DH", dh, dh, PKCS8);
756 MAKE_DECODER("DH", dh, dh, SubjectPublicKeyInfo);
757 MAKE_DECODER("DH", dh, dh, type_specific_params);
758 MAKE_DECODER("DH", dh, dh, DH);
759 MAKE_DECODER("DHX", dhx, dhx, PKCS8);
760 MAKE_DECODER("DHX", dhx, dhx, SubjectPublicKeyInfo);
761 MAKE_DECODER("DHX", dhx, dhx, type_specific_params);
762 MAKE_DECODER("DHX", dhx, dhx, DHX);
764 #ifndef OPENSSL_NO_DSA
765 MAKE_DECODER("DSA", dsa, dsa, PKCS8);
766 MAKE_DECODER("DSA", dsa, dsa, SubjectPublicKeyInfo);
767 MAKE_DECODER("DSA", dsa, dsa, type_specific);
768 MAKE_DECODER("DSA", dsa, dsa, DSA);
770 #ifndef OPENSSL_NO_EC
771 MAKE_DECODER("EC", ec, ec, PKCS8);
772 MAKE_DECODER("EC", ec, ec, SubjectPublicKeyInfo);
773 MAKE_DECODER("EC", ec, ec, type_specific_no_pub);
774 MAKE_DECODER("EC", ec, ec, EC);
775 MAKE_DECODER("X25519", x25519, ecx, PKCS8);
776 MAKE_DECODER("X25519", x25519, ecx, SubjectPublicKeyInfo);
777 MAKE_DECODER("X448", x448, ecx, PKCS8);
778 MAKE_DECODER("X448", x448, ecx, SubjectPublicKeyInfo);
779 MAKE_DECODER("ED25519", ed25519, ecx, PKCS8);
780 MAKE_DECODER("ED25519", ed25519, ecx, SubjectPublicKeyInfo);
781 MAKE_DECODER("ED448", ed448, ecx, PKCS8);
782 MAKE_DECODER("ED448", ed448, ecx, SubjectPublicKeyInfo);
783 # ifndef OPENSSL_NO_SM2
784 MAKE_DECODER("SM2", sm2, ec, PKCS8);
785 MAKE_DECODER("SM2", sm2, ec, SubjectPublicKeyInfo);
788 MAKE_DECODER("RSA", rsa, rsa, PKCS8);
789 MAKE_DECODER("RSA", rsa, rsa, SubjectPublicKeyInfo);
790 MAKE_DECODER("RSA", rsa, rsa, type_specific_keypair);
791 MAKE_DECODER("RSA", rsa, rsa, RSA);
792 MAKE_DECODER("RSA-PSS", rsapss, rsapss, PKCS8);
793 MAKE_DECODER("RSA-PSS", rsapss, rsapss, SubjectPublicKeyInfo);