[thirdparty/openssl.git] / crypto / encode_decode / decoder_pkey.c

/*
 * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <openssl/core_names.h>
#include <openssl/core_object.h>
#include <openssl/evp.h>
#include <openssl/ui.h>
#include <openssl/decoder.h>
#include <openssl/safestack.h>
#include "crypto/evp.h"
#include "crypto/decoder.h"
#include "encoder_local.h"

int OSSL_DECODER_CTX_set_passphrase(OSSL_DECODER_CTX *ctx,
                                    const unsigned char *kstr,
                                    size_t klen)
{
    return ossl_pw_set_passphrase(&ctx->pwdata, kstr, klen);
}

int OSSL_DECODER_CTX_set_passphrase_ui(OSSL_DECODER_CTX *ctx,
                                       const UI_METHOD *ui_method,
                                       void *ui_data)
{
    return ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data);
}

int OSSL_DECODER_CTX_set_pem_password_cb(OSSL_DECODER_CTX *ctx,
                                         pem_password_cb *cb, void *cbarg)
{
    return ossl_pw_set_pem_password_cb(&ctx->pwdata, cb, cbarg);
}

int OSSL_DECODER_CTX_set_passphrase_cb(OSSL_DECODER_CTX *ctx,
                                       OSSL_PASSPHRASE_CALLBACK *cb,
                                       void *cbarg)
{
    return ossl_pw_set_ossl_passphrase_cb(&ctx->pwdata, cb, cbarg);
}

/*
 * Support for OSSL_DECODER_CTX_new_by_EVP_PKEY:
 * The construct data, and collecting keymgmt information for it
 */

DEFINE_STACK_OF(EVP_KEYMGMT)

struct decoder_EVP_PKEY_data_st {
    char *object_type;           /* recorded object data type, may be NULL */
    void **object;               /* Where the result should end up */
    STACK_OF(EVP_KEYMGMT) *keymgmts; /* The EVP_KEYMGMTs we handle */
};

static int decoder_construct_EVP_PKEY(OSSL_DECODER_INSTANCE *decoder_inst,
                                      const OSSL_PARAM *params,
                                      void *construct_data)
{
    struct decoder_EVP_PKEY_data_st *data = construct_data;
    OSSL_DECODER *decoder =
        OSSL_DECODER_INSTANCE_decoder(decoder_inst);
    void *decoderctx = OSSL_DECODER_INSTANCE_decoder_ctx(decoder_inst);
    size_t i, end_i;
    /*
     * |object_ref| points to a provider reference to an object, its exact
     * contents entirely opaque to us, but may be passed to any provider
     * function that expects this (such as OSSL_FUNC_keymgmt_load().
     *
     * This pointer is considered volatile, i.e. whatever it points at
     * is assumed to be freed as soon as this function returns.
     */
    void *object_ref = NULL;
    size_t object_ref_sz = 0;
    const OSSL_PARAM *p;

    p = OSSL_PARAM_locate_const(params, OSSL_OBJECT_PARAM_DATA_TYPE);
    if (p != NULL) {
        char *object_type = NULL;

        if (!OSSL_PARAM_get_utf8_string(p, &object_type, 0))
            return 0;
        OPENSSL_free(data->object_type);
        data->object_type = object_type;
    }

    /*
     * For stuff that should end up in an EVP_PKEY, we only accept an object
     * reference for the moment.  This enforces that the key data itself
     * remains with the provider.
     */
    p = OSSL_PARAM_locate_const(params, OSSL_OBJECT_PARAM_REFERENCE);
    if (p == NULL || p->data_type != OSSL_PARAM_OCTET_STRING)
        return 0;
    object_ref = p->data;
    object_ref_sz = p->data_size;

    /* We may have reached one of the goals, let's find out! */
    end_i = sk_EVP_KEYMGMT_num(data->keymgmts);
    for (i = 0; end_i; i++) {
        EVP_KEYMGMT *keymgmt = sk_EVP_KEYMGMT_value(data->keymgmts, i);

        /*
         * There are two ways to find a matching KEYMGMT:
         *
         * 1.  If the object data type (recorded in |data->object_type|)
         *     is defined, by checking it using EVP_KEYMGMT_is_a().
         * 2.  If the object data type is NOT defined, by comparing the
         *     EVP_KEYMGMT and OSSL_DECODER method numbers.  Since
         *     EVP_KEYMGMT and OSSL_DECODE operate with the same
         *     namemap, we know that the method numbers must match.
         *
         * This allows individual decoders to specify variants of keys,
         * such as a DER to RSA decoder finding a RSA-PSS key, without
         * having to decode the exact same DER blob into the exact same
         * internal structure twice.  This is, of course, entirely at the
         * discretion of the decoder implementations.
         */
        if (data->object_type != NULL
            ? EVP_KEYMGMT_is_a(keymgmt, data->object_type)
            : EVP_KEYMGMT_number(keymgmt) == OSSL_DECODER_number(decoder)) {
            EVP_PKEY *pkey = NULL;
            void *keydata = NULL;
            const OSSL_PROVIDER *keymgmt_prov =
                EVP_KEYMGMT_provider(keymgmt);
            const OSSL_PROVIDER *decoder_prov =
                OSSL_DECODER_provider(decoder);

            /*
             * If the EVP_KEYMGMT and the OSSL_DECODER are from the
             * same provider, we assume that the KEYMGMT has a key loading
             * function that can handle the provider reference we hold.
             *
             * Otherwise, we export from the decoder and import the
             * result in the keymgmt.
             */
            if (keymgmt_prov == decoder_prov) {
                keydata = evp_keymgmt_load(keymgmt, object_ref, object_ref_sz);
            } else {
                struct evp_keymgmt_util_try_import_data_st import_data;

                import_data.keymgmt = keymgmt;
                import_data.keydata = NULL;
                import_data.selection = OSSL_KEYMGMT_SELECT_ALL;

                /*
                 * No need to check for errors here, the value of
                 * |import_data.keydata| is as much an indicator.
                 */
                (void)decoder->export_object(decoderctx,
                                             object_ref, object_ref_sz,
                                             &evp_keymgmt_util_try_import,
                                             &import_data);
                keydata = import_data.keydata;
                import_data.keydata = NULL;
            }

            if (keydata != NULL
                && (pkey =
                    evp_keymgmt_util_make_pkey(keymgmt, keydata)) == NULL)
                evp_keymgmt_freedata(keymgmt, keydata);

            *data->object = pkey;

            break;
        }
    }
    /*
     * We successfully looked through, |*ctx->object| determines if we
     * actually found something.
     */
    return (*data->object != NULL);
}

static void decoder_clean_EVP_PKEY_construct_arg(void *construct_data)
{
    struct decoder_EVP_PKEY_data_st *data = construct_data;

    if (data != NULL) {
        sk_EVP_KEYMGMT_pop_free(data->keymgmts, EVP_KEYMGMT_free);
        OPENSSL_free(data->object_type);
        OPENSSL_free(data);
    }
}

struct collected_data_st {
    struct decoder_EVP_PKEY_data_st *process_data;
    STACK_OF(OPENSSL_CSTRING) *names;
    OSSL_DECODER_CTX *ctx;

    unsigned int error_occured:1;
};

static void collect_keymgmt(EVP_KEYMGMT *keymgmt, void *arg)
{
    struct collected_data_st *data = arg;

    if (data->error_occured)
        return;

    data->error_occured = 1;         /* Assume the worst */

    if (!EVP_KEYMGMT_up_ref(keymgmt) /* ref++ */)
        return;
    if (sk_EVP_KEYMGMT_push(data->process_data->keymgmts, keymgmt) <= 0) {
        EVP_KEYMGMT_free(keymgmt); /* ref-- */
        return;
    }

    data->error_occured = 0;         /* All is good now */
}

static void collect_name(const char *name, void *arg)
{
    struct collected_data_st *data = arg;

    if (data->error_occured)
        return;

    data->error_occured = 1;         /* Assume the worst */

    if (sk_OPENSSL_CSTRING_push(data->names, name) <= 0)
        return;

    data->error_occured = 0;         /* All is good now */
}

static void collect_decoder(OSSL_DECODER *decoder, void *arg)
{
    struct collected_data_st *data = arg;
    size_t i, end_i;

    if (data->error_occured)
        return;

    data->error_occured = 1;         /* Assume the worst */
    if (data->names == NULL)
        return;

    end_i = sk_OPENSSL_CSTRING_num(data->names);
    for (i = 0; i < end_i; i++) {
        const char *name = sk_OPENSSL_CSTRING_value(data->names, i);

        if (!OSSL_DECODER_is_a(decoder, name))
            continue;
        (void)OSSL_DECODER_CTX_add_decoder(data->ctx, decoder);
    }

    data->error_occured = 0;         /* All is good now */
}

int ossl_decoder_ctx_setup_for_EVP_PKEY(OSSL_DECODER_CTX *ctx,
                                        EVP_PKEY **pkey,
                                        OPENSSL_CTX *libctx,
                                        const char *propquery)
{
    struct collected_data_st *data = NULL;
    size_t i, end_i;
    int ok = 0;

    if ((data = OPENSSL_zalloc(sizeof(*data))) == NULL
        || (data->process_data =
            OPENSSL_zalloc(sizeof(*data->process_data))) == NULL
        || (data->process_data->keymgmts
            = sk_EVP_KEYMGMT_new_null()) == NULL
        || (data->names = sk_OPENSSL_CSTRING_new_null()) == NULL) {
        ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_MALLOC_FAILURE);
        goto err;
    }
    data->process_data->object = (void **)pkey;
    data->ctx = ctx;

    /* First, find all keymgmts to form goals */
    EVP_KEYMGMT_do_all_provided(libctx, collect_keymgmt, data);

    if (data->error_occured)
        goto err;

    /* Then, we collect all the keymgmt names */
    end_i = sk_EVP_KEYMGMT_num(data->process_data->keymgmts);
    for (i = 0; i < end_i; i++) {
        EVP_KEYMGMT *keymgmt =
            sk_EVP_KEYMGMT_value(data->process_data->keymgmts, i);

        EVP_KEYMGMT_names_do_all(keymgmt, collect_name, data);

        if (data->error_occured)
            goto err;
    }

    /*
     * Finally, find all decoders that have any keymgmt of the collected
     * keymgmt names
     */
    OSSL_DECODER_do_all_provided(libctx, collect_decoder, data);

    if (data->error_occured)
        goto err;

    /* If we found no decoders to match the keymgmts, we err */
    if (OSSL_DECODER_CTX_num_decoders(ctx) == 0)
        goto err;

    if (!OSSL_DECODER_CTX_set_construct(ctx, decoder_construct_EVP_PKEY)
        || !OSSL_DECODER_CTX_set_construct_data(ctx, data->process_data)
        || !OSSL_DECODER_CTX_set_cleanup(ctx,
                                         decoder_clean_EVP_PKEY_construct_arg))
        goto err;

    data->process_data = NULL;
    ok = 1;
 err:
    if (data != NULL) {
        decoder_clean_EVP_PKEY_construct_arg(data->process_data);
        sk_OPENSSL_CSTRING_free(data->names);
        OPENSSL_free(data);
    }
    return ok;
}

OSSL_DECODER_CTX *OSSL_DECODER_CTX_new_by_EVP_PKEY(EVP_PKEY **pkey,
                                                   const char *input_type,
                                                   OPENSSL_CTX *libctx,
                                                   const char *propquery)
{
    OSSL_DECODER_CTX *ctx = NULL;

    if ((ctx = OSSL_DECODER_CTX_new()) == NULL) {
        ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_MALLOC_FAILURE);
        return NULL;
    }
    if (OSSL_DECODER_CTX_set_input_type(ctx, input_type)
        && ossl_decoder_ctx_setup_for_EVP_PKEY(ctx, pkey, libctx, propquery)
        && OSSL_DECODER_CTX_add_extra(ctx, libctx, propquery))
        return ctx;

    OSSL_DECODER_CTX_free(ctx);
    return NULL;
}
Commit	Line	Data
072a9fde RL	1	/*
	2	* Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
	3	*
	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
	9
	10	#include <openssl/core_names.h>
14c8a3d1	11	#include <openssl/core_object.h>
072a9fde	12	#include <openssl/evp.h>
7524b7b7	13	#include <openssl/ui.h>
ece9304c	14	#include <openssl/decoder.h>
072a9fde RL	15	#include <openssl/safestack.h>
072a9fde RL	16	#include "crypto/evp.h"
63f187cf	17	#include "crypto/decoder.h"
ece9304c	18	#include "encoder_local.h"
072a9fde	19
ece9304c RL	20	int OSSL_DECODER_CTX_set_passphrase(OSSL_DECODER_CTX *ctx,
	21	const unsigned char *kstr,
	22	size_t klen)
7524b7b7	23	{
a517edec	24	return ossl_pw_set_passphrase(&ctx->pwdata, kstr, klen);
7524b7b7 RL	25	}
7524b7b7 RL	26
ece9304c RL	27	int OSSL_DECODER_CTX_set_passphrase_ui(OSSL_DECODER_CTX *ctx,
	28	const UI_METHOD *ui_method,
	29	void *ui_data)
7524b7b7	30	{
a517edec	31	return ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data);
7524b7b7 RL	32	}
7524b7b7 RL	33
ece9304c RL	34	int OSSL_DECODER_CTX_set_pem_password_cb(OSSL_DECODER_CTX *ctx,
ece9304c RL	35	pem_password_cb cb, void cbarg)
7524b7b7	36	{
a517edec	37	return ossl_pw_set_pem_password_cb(&ctx->pwdata, cb, cbarg);
7524b7b7 RL	38	}
7524b7b7 RL	39
4fd39782 RL	40	int OSSL_DECODER_CTX_set_passphrase_cb(OSSL_DECODER_CTX *ctx,
	41	OSSL_PASSPHRASE_CALLBACK *cb,
	42	void *cbarg)
	43	{
	44	return ossl_pw_set_ossl_passphrase_cb(&ctx->pwdata, cb, cbarg);
	45	}
	46
072a9fde	47	/*
ece9304c	48	* Support for OSSL_DECODER_CTX_new_by_EVP_PKEY:
4701f0a9	49	* The construct data, and collecting keymgmt information for it
072a9fde RL	50	*/
	51
	52	DEFINE_STACK_OF(EVP_KEYMGMT)
	53
ece9304c	54	struct decoder_EVP_PKEY_data_st {
072a9fde RL	55	char object_type; / recorded object data type, may be NULL */
	56	void *object; / Where the result should end up */
	57	STACK_OF(EVP_KEYMGMT) keymgmts; / The EVP_KEYMGMTs we handle */
	58	};
	59
ece9304c RL	60	static int decoder_construct_EVP_PKEY(OSSL_DECODER_INSTANCE *decoder_inst,
	61	const OSSL_PARAM *params,
	62	void *construct_data)
072a9fde	63	{
ece9304c RL	64	struct decoder_EVP_PKEY_data_st *data = construct_data;
	65	OSSL_DECODER *decoder =
	66	OSSL_DECODER_INSTANCE_decoder(decoder_inst);
bd7a6f16	67	void *decoderctx = OSSL_DECODER_INSTANCE_decoder_ctx(decoder_inst);
072a9fde RL	68	size_t i, end_i;
	69	/*
	70	* \|object_ref\| points to a provider reference to an object, its exact
	71	* contents entirely opaque to us, but may be passed to any provider
	72	* function that expects this (such as OSSL_FUNC_keymgmt_load().
	73	*
	74	* This pointer is considered volatile, i.e. whatever it points at
	75	* is assumed to be freed as soon as this function returns.
	76	*/
	77	void *object_ref = NULL;
	78	size_t object_ref_sz = 0;
	79	const OSSL_PARAM *p;
	80
14c8a3d1	81	p = OSSL_PARAM_locate_const(params, OSSL_OBJECT_PARAM_DATA_TYPE);
072a9fde RL	82	if (p != NULL) {
	83	char *object_type = NULL;
	84
	85	if (!OSSL_PARAM_get_utf8_string(p, &object_type, 0))
	86	return 0;
	87	OPENSSL_free(data->object_type);
	88	data->object_type = object_type;
	89	}
	90
	91	/*
	92	* For stuff that should end up in an EVP_PKEY, we only accept an object
	93	* reference for the moment. This enforces that the key data itself
	94	* remains with the provider.
	95	*/
14c8a3d1	96	p = OSSL_PARAM_locate_const(params, OSSL_OBJECT_PARAM_REFERENCE);
072a9fde RL	97	if (p == NULL \|\| p->data_type != OSSL_PARAM_OCTET_STRING)
	98	return 0;
	99	object_ref = p->data;
	100	object_ref_sz = p->data_size;
	101
	102	/* We may have reached one of the goals, let's find out! */
	103	end_i = sk_EVP_KEYMGMT_num(data->keymgmts);
	104	for (i = 0; end_i; i++) {
	105	EVP_KEYMGMT *keymgmt = sk_EVP_KEYMGMT_value(data->keymgmts, i);
	106
	107	/*
	108	* There are two ways to find a matching KEYMGMT:
	109	*
	110	* 1. If the object data type (recorded in \|data->object_type\|)
	111	* is defined, by checking it using EVP_KEYMGMT_is_a().
	112	* 2. If the object data type is NOT defined, by comparing the
ece9304c RL	113	* EVP_KEYMGMT and OSSL_DECODER method numbers. Since
ece9304c RL	114	* EVP_KEYMGMT and OSSL_DECODE operate with the same
072a9fde RL	115	* namemap, we know that the method numbers must match.
072a9fde RL	116	*
ece9304c RL	117	* This allows individual decoders to specify variants of keys,
	118	* such as a DER to RSA decoder finding a RSA-PSS key, without
	119	* having to decode the exact same DER blob into the exact same
072a9fde	120	* internal structure twice. This is, of course, entirely at the
ece9304c	121	* discretion of the decoder implementations.
072a9fde RL	122	*/
	123	if (data->object_type != NULL
	124	? EVP_KEYMGMT_is_a(keymgmt, data->object_type)
ece9304c	125	: EVP_KEYMGMT_number(keymgmt) == OSSL_DECODER_number(decoder)) {
072a9fde RL	126	EVP_PKEY *pkey = NULL;
	127	void *keydata = NULL;
	128	const OSSL_PROVIDER *keymgmt_prov =
	129	EVP_KEYMGMT_provider(keymgmt);
ece9304c RL	130	const OSSL_PROVIDER *decoder_prov =
ece9304c RL	131	OSSL_DECODER_provider(decoder);
072a9fde RL	132
072a9fde RL	133	/*
ece9304c	134	* If the EVP_KEYMGMT and the OSSL_DECODER are from the
072a9fde RL	135	* same provider, we assume that the KEYMGMT has a key loading
	136	* function that can handle the provider reference we hold.
	137	*
ece9304c	138	* Otherwise, we export from the decoder and import the
072a9fde RL	139	* result in the keymgmt.
072a9fde RL	140	*/
ece9304c	141	if (keymgmt_prov == decoder_prov) {
072a9fde RL	142	keydata = evp_keymgmt_load(keymgmt, object_ref, object_ref_sz);
	143	} else {
	144	struct evp_keymgmt_util_try_import_data_st import_data;
	145
	146	import_data.keymgmt = keymgmt;
	147	import_data.keydata = NULL;
4c525cb5	148	import_data.selection = OSSL_KEYMGMT_SELECT_ALL;
072a9fde RL	149
	150	/*
	151	* No need to check for errors here, the value of
	152	* \|import_data.keydata\| is as much an indicator.
	153	*/
bd7a6f16 RL	154	(void)decoder->export_object(decoderctx,
bd7a6f16 RL	155	object_ref, object_ref_sz,
ece9304c RL	156	&evp_keymgmt_util_try_import,
ece9304c RL	157	&import_data);
072a9fde RL	158	keydata = import_data.keydata;
	159	import_data.keydata = NULL;
	160	}
	161
	162	if (keydata != NULL
	163	&& (pkey =
	164	evp_keymgmt_util_make_pkey(keymgmt, keydata)) == NULL)
	165	evp_keymgmt_freedata(keymgmt, keydata);
	166
	167	*data->object = pkey;
	168
	169	break;
	170	}
	171	}
	172	/*
	173	* We successfully looked through, \|*ctx->object\| determines if we
	174	* actually found something.
	175	*/
	176	return (*data->object != NULL);
	177	}
	178
ece9304c	179	static void decoder_clean_EVP_PKEY_construct_arg(void *construct_data)
072a9fde	180	{
ece9304c	181	struct decoder_EVP_PKEY_data_st *data = construct_data;
072a9fde	182
3c033c5b RL	183	if (data != NULL) {
	184	sk_EVP_KEYMGMT_pop_free(data->keymgmts, EVP_KEYMGMT_free);
	185	OPENSSL_free(data->object_type);
	186	OPENSSL_free(data);
	187	}
072a9fde RL	188	}
072a9fde RL	189
072a9fde	190	struct collected_data_st {
ece9304c	191	struct decoder_EVP_PKEY_data_st *process_data;
072a9fde	192	STACK_OF(OPENSSL_CSTRING) *names;
ece9304c	193	OSSL_DECODER_CTX *ctx;
072a9fde RL	194
	195	unsigned int error_occured:1;
	196	};
	197
	198	static void collect_keymgmt(EVP_KEYMGMT keymgmt, void arg)
	199	{
	200	struct collected_data_st *data = arg;
	201
	202	if (data->error_occured)
	203	return;
	204
	205	data->error_occured = 1; /* Assume the worst */
	206
	207	if (!EVP_KEYMGMT_up_ref(keymgmt) /* ref++ */)
	208	return;
	209	if (sk_EVP_KEYMGMT_push(data->process_data->keymgmts, keymgmt) <= 0) {
	210	EVP_KEYMGMT_free(keymgmt); /* ref-- */
	211	return;
	212	}
	213
	214	data->error_occured = 0; /* All is good now */
	215	}
	216
	217	static void collect_name(const char name, void arg)
	218	{
	219	struct collected_data_st *data = arg;
	220
	221	if (data->error_occured)
	222	return;
	223
	224	data->error_occured = 1; /* Assume the worst */
	225
	226	if (sk_OPENSSL_CSTRING_push(data->names, name) <= 0)
	227	return;
	228
	229	data->error_occured = 0; /* All is good now */
	230	}
	231
ece9304c	232	static void collect_decoder(OSSL_DECODER decoder, void arg)
fb890008 RL	233	{
	234	struct collected_data_st *data = arg;
	235	size_t i, end_i;
	236
	237	if (data->error_occured)
	238	return;
	239
	240	data->error_occured = 1; /* Assume the worst */
90e0e0d8 SL	241	if (data->names == NULL)
90e0e0d8 SL	242	return;
fb890008 RL	243
	244	end_i = sk_OPENSSL_CSTRING_num(data->names);
	245	for (i = 0; i < end_i; i++) {
	246	const char *name = sk_OPENSSL_CSTRING_value(data->names, i);
	247
ece9304c	248	if (!OSSL_DECODER_is_a(decoder, name))
fb890008	249	continue;
ece9304c	250	(void)OSSL_DECODER_CTX_add_decoder(data->ctx, decoder);
fb890008 RL	251	}
	252
	253	data->error_occured = 0; /* All is good now */
	254	}
	255
63f187cf RL	256	int ossl_decoder_ctx_setup_for_EVP_PKEY(OSSL_DECODER_CTX *ctx,
	257	EVP_PKEY **pkey,
	258	OPENSSL_CTX *libctx,
	259	const char *propquery)
072a9fde	260	{
072a9fde RL	261	struct collected_data_st *data = NULL;
072a9fde RL	262	size_t i, end_i;
63f187cf	263	int ok = 0;
072a9fde	264
63f187cf	265	if ((data = OPENSSL_zalloc(sizeof(*data))) == NULL
072a9fde RL	266	\|\| (data->process_data =
	267	OPENSSL_zalloc(sizeof(*data->process_data))) == NULL
	268	\|\| (data->process_data->keymgmts
	269	= sk_EVP_KEYMGMT_new_null()) == NULL
	270	\|\| (data->names = sk_OPENSSL_CSTRING_new_null()) == NULL) {
ece9304c	271	ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_MALLOC_FAILURE);
072a9fde RL	272	goto err;
	273	}
	274	data->process_data->object = (void **)pkey;
fb890008	275	data->ctx = ctx;
072a9fde RL	276
	277	/* First, find all keymgmts to form goals */
	278	EVP_KEYMGMT_do_all_provided(libctx, collect_keymgmt, data);
	279
	280	if (data->error_occured)
	281	goto err;
	282
fb890008	283	/* Then, we collect all the keymgmt names */
072a9fde RL	284	end_i = sk_EVP_KEYMGMT_num(data->process_data->keymgmts);
	285	for (i = 0; i < end_i; i++) {
	286	EVP_KEYMGMT *keymgmt =
	287	sk_EVP_KEYMGMT_value(data->process_data->keymgmts, i);
072a9fde RL	288
	289	EVP_KEYMGMT_names_do_all(keymgmt, collect_name, data);
	290
fb890008 RL	291	if (data->error_occured)
	292	goto err;
	293	}
072a9fde	294
fb890008	295	/*
ece9304c	296	* Finally, find all decoders that have any keymgmt of the collected
fb890008 RL	297	* keymgmt names
fb890008 RL	298	*/
ece9304c	299	OSSL_DECODER_do_all_provided(libctx, collect_decoder, data);
072a9fde	300
fb890008 RL	301	if (data->error_occured)
fb890008 RL	302	goto err;
072a9fde	303
ece9304c RL	304	/* If we found no decoders to match the keymgmts, we err */
ece9304c RL	305	if (OSSL_DECODER_CTX_num_decoders(ctx) == 0)
072a9fde	306	goto err;
072a9fde	307
ece9304c RL	308	if (!OSSL_DECODER_CTX_set_construct(ctx, decoder_construct_EVP_PKEY)
	309	\|\| !OSSL_DECODER_CTX_set_construct_data(ctx, data->process_data)
	310	\|\| !OSSL_DECODER_CTX_set_cleanup(ctx,
	311	decoder_clean_EVP_PKEY_construct_arg))
072a9fde RL	312	goto err;
	313
	314	data->process_data = NULL;
63f187cf	315	ok = 1;
072a9fde	316	err:
75348bb2 SL	317	if (data != NULL) {
	318	decoder_clean_EVP_PKEY_construct_arg(data->process_data);
	319	sk_OPENSSL_CSTRING_free(data->names);
	320	OPENSSL_free(data);
	321	}
63f187cf RL	322	return ok;
	323	}
	324
	325	OSSL_DECODER_CTX OSSL_DECODER_CTX_new_by_EVP_PKEY(EVP_PKEY *pkey,
	326	const char *input_type,
	327	OPENSSL_CTX *libctx,
	328	const char *propquery)
	329	{
	330	OSSL_DECODER_CTX *ctx = NULL;
	331
	332	if ((ctx = OSSL_DECODER_CTX_new()) == NULL) {
	333	ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_MALLOC_FAILURE);
	334	return NULL;
	335	}
	336	if (OSSL_DECODER_CTX_set_input_type(ctx, input_type)
	337	&& ossl_decoder_ctx_setup_for_EVP_PKEY(ctx, pkey, libctx, propquery)
	338	&& OSSL_DECODER_CTX_add_extra(ctx, libctx, propquery))
	339	return ctx;
	340
	341	OSSL_DECODER_CTX_free(ctx);
	342	return NULL;
072a9fde	343	}