2 * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * low level APIs are deprecated for public use, but still ok for
14 #include "internal/deprecated.h"
16 #include <openssl/core_dispatch.h>
17 #include <openssl/core_names.h>
18 #include <openssl/core_object.h>
19 #include <openssl/crypto.h>
20 #include <openssl/err.h>
21 #include <openssl/params.h>
22 #include <openssl/pem.h> /* PEM_BUFSIZE and public PEM functions */
23 #include <openssl/pkcs12.h>
24 #include <openssl/x509.h>
25 #include <openssl/proverr.h>
26 #include "internal/cryptlib.h" /* ossl_assert() */
27 #include "internal/asn1.h"
28 #include "crypto/dh.h"
29 #include "crypto/dsa.h"
30 #include "crypto/ec.h"
31 #include "crypto/ecx.h"
32 #include "crypto/rsa.h"
34 #include "prov/implementations.h"
35 #include "endecoder_local.h"
37 #define SET_ERR_MARK() ERR_set_mark()
38 #define CLEAR_ERR_MARK() \
40 int err = ERR_peek_last_error(); \
42 if (ERR_GET_LIB(err) == ERR_LIB_ASN1 \
43 && (ERR_GET_REASON(err) == ASN1_R_HEADER_TOO_LONG \
44 || ERR_GET_REASON(err) == ASN1_R_UNSUPPORTED_TYPE \
45 || ERR_GET_REASON(err) == ERR_R_NESTED_ASN1_ERROR)) \
48 ERR_clear_last_mark(); \
50 #define RESET_ERR_MARK() \
56 static int read_der(PROV_CTX
*provctx
, OSSL_CORE_BIO
*cin
,
57 unsigned char **data
, long *len
)
60 BIO
*in
= bio_new_from_core_bio(provctx
, cin
);
61 int ok
= (asn1_d2i_read_bio(in
, &mem
) >= 0);
64 *data
= (unsigned char *)mem
->data
;
65 *len
= (long)mem
->length
;
72 static int der_from_p8(unsigned char **new_der
, long *new_der_len
,
73 unsigned char *input_der
, long input_der_len
,
74 OSSL_PASSPHRASE_CALLBACK
*pw_cb
, void *pw_cbarg
)
76 const unsigned char *derp
;
80 if (!ossl_assert(new_der
!= NULL
&& *new_der
== NULL
)
81 || !ossl_assert(new_der_len
!= NULL
))
85 if ((p8
= d2i_X509_SIG(NULL
, &derp
, input_der_len
)) != NULL
) {
86 char pbuf
[PEM_BUFSIZE
];
89 if (!pw_cb(pbuf
, sizeof(pbuf
), &plen
, NULL
, pw_cbarg
)) {
90 ERR_raise(ERR_LIB_PROV
, PROV_R_UNABLE_TO_GET_PASSPHRASE
);
92 const X509_ALGOR
*alg
= NULL
;
93 const ASN1_OCTET_STRING
*oct
= NULL
;
96 X509_SIG_get0(p8
, &alg
, &oct
);
97 if (PKCS12_pbe_crypt(alg
, pbuf
, plen
, oct
->data
, oct
->length
,
98 new_der
, &len
, 0) != NULL
)
107 /* ---------------------------------------------------------------------- */
109 static OSSL_FUNC_decoder_freectx_fn der2key_freectx
;
110 static OSSL_FUNC_decoder_decode_fn der2key_decode
;
111 static OSSL_FUNC_decoder_export_object_fn der2key_export_object
;
113 struct der2key_ctx_st
; /* Forward declaration */
114 typedef void *(extract_key_fn
)(EVP_PKEY
*);
115 typedef void (adjust_key_fn
)(void *, struct der2key_ctx_st
*ctx
);
116 typedef void (free_key_fn
)(void *);
117 struct keytype_desc_st
{
118 const char *keytype_name
;
119 const OSSL_DISPATCH
*fns
; /* Keymgmt (to pilfer functions from) */
121 /* The input structure name */
122 const char *structure_name
;
125 * The EVP_PKEY_xxx type macro. Should be zero for type specific
126 * structures, non-zero when the outermost structure is PKCS#8 or
127 * SubjectPublicKeyInfo. This determines which of the function
128 * pointers below will be used.
132 /* The selection mask for OSSL_FUNC_decoder_does_selection() */
135 /* For type specific decoders, we use the corresponding d2i */
136 d2i_of_void
*d2i_private_key
;
137 d2i_of_void
*d2i_public_key
;
138 d2i_of_void
*d2i_key_params
;
141 * For PKCS#8 decoders, we use EVP_PKEY extractors, EVP_PKEY_get1_{TYPE}()
143 extract_key_fn
*extract_key
;
145 * For any key, we may need to make provider specific adjustments, such
146 * as ensure the key carries the correct library context.
148 adjust_key_fn
*adjust_key
;
150 free_key_fn
*free_key
;
154 * Context used for DER to key decoding.
156 struct der2key_ctx_st
{
158 const struct keytype_desc_st
*desc
;
161 static struct der2key_ctx_st
*
162 der2key_newctx(void *provctx
, const struct keytype_desc_st
*desc
)
164 struct der2key_ctx_st
*ctx
= OPENSSL_zalloc(sizeof(*ctx
));
167 ctx
->provctx
= provctx
;
173 static void der2key_freectx(void *vctx
)
175 struct der2key_ctx_st
*ctx
= vctx
;
180 static const OSSL_PARAM
*
181 der2key_gettable_params(void *provctx
, const struct keytype_desc_st
*desc
)
183 static const OSSL_PARAM gettables
[] = {
184 { OSSL_DECODER_PARAM_INPUT_TYPE
, OSSL_PARAM_UTF8_PTR
, NULL
, 0, 0 },
187 static const OSSL_PARAM gettables_w_structure
[] = {
188 { OSSL_DECODER_PARAM_INPUT_TYPE
, OSSL_PARAM_UTF8_PTR
, NULL
, 0, 0 },
189 { OSSL_DECODER_PARAM_INPUT_STRUCTURE
, OSSL_PARAM_UTF8_PTR
, NULL
, 0, 0 },
193 return desc
->structure_name
!= NULL
? gettables_w_structure
: gettables
;
196 static int der2key_get_params(OSSL_PARAM params
[],
197 const struct keytype_desc_st
*desc
)
201 p
= OSSL_PARAM_locate(params
, OSSL_DECODER_PARAM_INPUT_TYPE
);
202 if (p
!= NULL
&& !OSSL_PARAM_set_utf8_ptr(p
, "DER"))
204 if (desc
->structure_name
!= NULL
) {
205 p
= OSSL_PARAM_locate(params
, OSSL_DECODER_PARAM_INPUT_STRUCTURE
);
206 if (p
!= NULL
&& !OSSL_PARAM_set_utf8_ptr(p
, desc
->structure_name
))
213 static int der2key_check_selection(int selection
,
214 const struct keytype_desc_st
*desc
)
217 * The selections are kinda sorta "levels", i.e. each selection given
218 * here is assumed to include those following.
221 OSSL_KEYMGMT_SELECT_PRIVATE_KEY
,
222 OSSL_KEYMGMT_SELECT_PUBLIC_KEY
,
223 OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
227 /* The decoder implementations made here support guessing */
231 for (i
= 0; i
< OSSL_NELEM(checks
); i
++) {
232 int check1
= (selection
& checks
[i
]) != 0;
233 int check2
= (desc
->selection_mask
& checks
[i
]) != 0;
236 * If the caller asked for the currently checked bit(s), return
237 * whether the decoder description says it's supported.
243 /* This should be dead code, but just to be safe... */
247 static int der2key_decode(void *vctx
, OSSL_CORE_BIO
*cin
, int selection
,
248 OSSL_CALLBACK
*data_cb
, void *data_cbarg
,
249 OSSL_PASSPHRASE_CALLBACK
*pw_cb
, void *pw_cbarg
)
251 struct der2key_ctx_st
*ctx
= vctx
;
252 void *libctx
= PROV_LIBCTX_OF(ctx
->provctx
);
253 unsigned char *der
= NULL
;
254 const unsigned char *derp
;
256 unsigned char *new_der
= NULL
;
258 EVP_PKEY
*pkey
= NULL
;
260 int orig_selection
= selection
;
264 * The caller is allowed to specify 0 as a selection mark, to have the
265 * structure and key type guessed. For type-specific structures, this
266 * is not recommended, as some structures are very similar.
267 * Note that 0 isn't the same as OSSL_KEYMGMT_SELECT_ALL, as the latter
268 * signifies a private key structure, where everything else is assumed
269 * to be present as well.
272 selection
= ctx
->desc
->selection_mask
;
273 if ((selection
& ctx
->desc
->selection_mask
) == 0) {
274 ERR_raise(ERR_LIB_PROV
, ERR_R_PASSED_INVALID_ARGUMENT
);
279 if (!read_der(ctx
->provctx
, cin
, &der
, &der_len
))
282 if (ctx
->desc
->extract_key
== NULL
) {
284 * There's no EVP_PKEY extractor, so we use the type specific
288 if ((selection
& OSSL_KEYMGMT_SELECT_PRIVATE_KEY
) != 0) {
289 key
= ctx
->desc
->d2i_private_key(NULL
, &derp
, der_len
);
290 if (key
== NULL
&& orig_selection
!= 0)
294 && (selection
& OSSL_KEYMGMT_SELECT_PUBLIC_KEY
) != 0) {
295 key
= ctx
->desc
->d2i_public_key(NULL
, &derp
, der_len
);
296 if (key
== NULL
&& orig_selection
!= 0)
300 && (selection
& OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
) != 0) {
301 key
= ctx
->desc
->d2i_key_params(NULL
, &derp
, der_len
);
305 * There is a EVP_PKEY extractor, so we use the more generic
306 * EVP_PKEY functions, since they know how to unpack PKCS#8 and
307 * SubjectPublicKeyInfo.
311 * Opportunistic attempt to decrypt. If it doesn't work, we try
312 * to decode our input unencrypted.
314 if (der_from_p8(&new_der
, &new_der_len
, der
, der_len
,
318 der_len
= new_der_len
;
322 if ((selection
& OSSL_KEYMGMT_SELECT_PRIVATE_KEY
) != 0) {
324 pkey
= d2i_PrivateKey_ex(ctx
->desc
->evp_type
, NULL
, &derp
, der_len
,
329 && (selection
& OSSL_KEYMGMT_SELECT_PUBLIC_KEY
) != 0) {
332 pkey
= d2i_PUBKEY_ex(NULL
, &derp
, der_len
, libctx
, NULL
);
337 * Tear out the low-level key pointer from the pkey,
338 * but only if it matches the expected key type.
340 * TODO: The check should be done with EVP_PKEY_is_a(), but
341 * as long as we still have #legacy internal keys, it's safer
342 * to use the type numbers inside the provider.
344 if (EVP_PKEY_id(pkey
) == ctx
->desc
->evp_type
)
345 key
= ctx
->desc
->extract_key(pkey
);
348 * ctx->desc->extract_key() is expected to have incremented
349 * |key|'s reference count, so it should be safe to free |pkey|
356 if (key
!= NULL
&& ctx
->desc
->adjust_key
!= NULL
)
357 ctx
->desc
->adjust_key(key
, ctx
);
361 * Prune low-level ASN.1 parse errors from error queue, assuming
362 * that this is called by decoder_process() in a loop trying several
370 OSSL_PARAM params
[4];
371 int object_type
= OSSL_OBJECT_PKEY
;
374 OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE
, &object_type
);
376 OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE
,
377 (char *)ctx
->desc
->keytype_name
,
379 /* The address of the key becomes the octet string */
381 OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE
,
383 params
[3] = OSSL_PARAM_construct_end();
385 ok
= data_cb(params
, data_cbarg
);
387 ctx
->desc
->free_key(key
);
392 static int der2key_export_object(void *vctx
,
393 const void *reference
, size_t reference_sz
,
394 OSSL_CALLBACK
*export_cb
, void *export_cbarg
)
396 struct der2key_ctx_st
*ctx
= vctx
;
397 OSSL_FUNC_keymgmt_export_fn
*export
=
398 ossl_prov_get_keymgmt_export(ctx
->desc
->fns
);
401 if (reference_sz
== sizeof(keydata
) && export
!= NULL
) {
402 /* The contents of the reference is the address to our object */
403 keydata
= *(void **)reference
;
405 return export(keydata
, OSSL_KEYMGMT_SELECT_ALL
,
406 export_cb
, export_cbarg
);
411 /* ---------------------------------------------------------------------- */
413 #ifndef OPENSSL_NO_DH
414 # define dh_evp_type EVP_PKEY_DH
415 # define dh_evp_extract (extract_key_fn *)EVP_PKEY_get1_DH
416 # define dh_d2i_private_key NULL
417 # define dh_d2i_public_key NULL
418 # define dh_d2i_key_params (d2i_of_void *)d2i_DHparams
419 # define dh_free (free_key_fn *)DH_free
421 static void dh_adjust(void *key
, struct der2key_ctx_st
*ctx
)
423 ossl_dh_set0_libctx(key
, PROV_LIBCTX_OF(ctx
->provctx
));
426 # define dhx_evp_type EVP_PKEY_DHX
427 # define dhx_evp_extract (extract_key_fn *)EVP_PKEY_get1_DH
428 # define dhx_d2i_private_key NULL
429 # define dhx_d2i_public_key NULL
430 # define dhx_d2i_key_params (d2i_of_void *)d2i_DHxparams
431 # define dhx_free (free_key_fn *)DH_free
432 # define dhx_adjust dh_adjust
435 /* ---------------------------------------------------------------------- */
437 #ifndef OPENSSL_NO_DSA
438 # define dsa_evp_type EVP_PKEY_DSA
439 # define dsa_evp_extract (extract_key_fn *)EVP_PKEY_get1_DSA
440 # define dsa_d2i_private_key (d2i_of_void *)d2i_DSAPrivateKey
441 # define dsa_d2i_public_key (d2i_of_void *)d2i_DSAPublicKey
442 # define dsa_d2i_key_params (d2i_of_void *)d2i_DSAparams
443 # define dsa_free (free_key_fn *)DSA_free
445 static void dsa_adjust(void *key
, struct der2key_ctx_st
*ctx
)
447 ossl_dsa_set0_libctx(key
, PROV_LIBCTX_OF(ctx
->provctx
));
451 /* ---------------------------------------------------------------------- */
453 #ifndef OPENSSL_NO_EC
454 # define ec_evp_type EVP_PKEY_EC
455 # define ec_evp_extract (extract_key_fn *)EVP_PKEY_get1_EC_KEY
456 # define ec_d2i_private_key (d2i_of_void *)d2i_ECPrivateKey
457 # define ec_d2i_public_key NULL
458 # define ec_d2i_key_params (d2i_of_void *)d2i_ECParameters
459 # define ec_free (free_key_fn *)EC_KEY_free
461 static void ec_adjust(void *key
, struct der2key_ctx_st
*ctx
)
463 ec_key_set0_libctx(key
, PROV_LIBCTX_OF(ctx
->provctx
));
467 * ED25519, ED448, X25519, X448 only implement PKCS#8 and SubjectPublicKeyInfo,
468 * so no d2i functions to be had.
471 static void ecx_key_adjust(void *key
, struct der2key_ctx_st
*ctx
)
473 ecx_key_set0_libctx(key
, PROV_LIBCTX_OF(ctx
->provctx
));
476 # define ed25519_evp_type EVP_PKEY_ED25519
477 # define ed25519_evp_extract (extract_key_fn *)evp_pkey_get1_ED25519
478 # define ed25519_d2i_private_key NULL
479 # define ed25519_d2i_public_key NULL
480 # define ed25519_d2i_key_params NULL
481 # define ed25519_free (free_key_fn *)ecx_key_free
482 # define ed25519_adjust ecx_key_adjust
484 # define ed448_evp_type EVP_PKEY_ED448
485 # define ed448_evp_extract (extract_key_fn *)evp_pkey_get1_ED448
486 # define ed448_d2i_private_key NULL
487 # define ed448_d2i_public_key NULL
488 # define ed448_d2i_key_params NULL
489 # define ed448_free (free_key_fn *)ecx_key_free
490 # define ed448_adjust ecx_key_adjust
492 # define x25519_evp_type EVP_PKEY_X25519
493 # define x25519_evp_extract (extract_key_fn *)evp_pkey_get1_X25519
494 # define x25519_d2i_private_key NULL
495 # define x25519_d2i_public_key NULL
496 # define x25519_d2i_key_params NULL
497 # define x25519_free (free_key_fn *)ecx_key_free
498 # define x25519_adjust ecx_key_adjust
500 # define x448_evp_type EVP_PKEY_X448
501 # define x448_evp_extract (extract_key_fn *)evp_pkey_get1_X448
502 # define x448_d2i_private_key NULL
503 # define x448_d2i_public_key NULL
504 # define x448_d2i_key_params NULL
505 # define x448_free (free_key_fn *)ecx_key_free
506 # define x448_adjust ecx_key_adjust
508 # ifndef OPENSSL_NO_SM2
509 # define sm2_evp_type EVP_PKEY_SM2
510 # define sm2_evp_extract (extract_key_fn *)EVP_PKEY_get1_EC_KEY
511 # define sm2_d2i_private_key (d2i_of_void *)d2i_ECPrivateKey
512 # define sm2_d2i_public_key NULL
513 # define sm2_d2i_key_params (d2i_of_void *)d2i_ECParameters
514 # define sm2_free (free_key_fn *)EC_KEY_free
515 # define sm2_adjust ec_adjust
519 /* ---------------------------------------------------------------------- */
521 #define rsa_evp_type EVP_PKEY_RSA
522 #define rsa_evp_extract (extract_key_fn *)EVP_PKEY_get1_RSA
523 #define rsa_d2i_private_key (d2i_of_void *)d2i_RSAPrivateKey
524 #define rsa_d2i_public_key (d2i_of_void *)d2i_RSAPublicKey
525 #define rsa_d2i_key_params NULL
526 #define rsa_free (free_key_fn *)RSA_free
528 static void rsa_adjust(void *key
, struct der2key_ctx_st
*ctx
)
530 ossl_rsa_set0_libctx(key
, PROV_LIBCTX_OF(ctx
->provctx
));
533 #define rsapss_evp_type EVP_PKEY_RSA_PSS
534 #define rsapss_evp_extract (extract_key_fn *)EVP_PKEY_get1_RSA
535 #define rsapss_d2i_private_key (d2i_of_void *)d2i_RSAPrivateKey
536 #define rsapss_d2i_public_key (d2i_of_void *)d2i_RSAPublicKey
537 #define rsapss_d2i_key_params NULL
538 #define rsapss_free (free_key_fn *)RSA_free
539 #define rsapss_adjust rsa_adjust
541 /* ---------------------------------------------------------------------- */
544 * The DO_ macros help define the selection mask and the method functions
545 * for each kind of object we want to decode.
547 #define DO_type_specific_keypair(keytype) \
548 "type-specific", 0, \
549 ( OSSL_KEYMGMT_SELECT_KEYPAIR ), \
550 keytype##_d2i_private_key, \
551 keytype##_d2i_public_key, \
557 #define DO_type_specific_pub(keytype) \
558 "type-specific", 0, \
559 ( OSSL_KEYMGMT_SELECT_PUBLIC_KEY ), \
561 keytype##_d2i_public_key, \
567 #define DO_type_specific_priv(keytype) \
568 "type-specific", 0, \
569 ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY ), \
570 keytype##_d2i_private_key, \
577 #define DO_type_specific_params(keytype) \
578 "type-specific", 0, \
579 ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
582 keytype##_d2i_key_params, \
587 #define DO_type_specific(keytype) \
588 "type-specific", 0, \
589 ( OSSL_KEYMGMT_SELECT_ALL ), \
590 keytype##_d2i_private_key, \
591 keytype##_d2i_public_key, \
592 keytype##_d2i_key_params, \
597 #define DO_type_specific_no_pub(keytype) \
598 "type-specific", 0, \
599 ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY \
600 | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
601 keytype##_d2i_private_key, \
603 keytype##_d2i_key_params, \
608 #define DO_PKCS8(keytype) \
609 "pkcs8", keytype##_evp_type, \
610 ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY ), \
614 keytype##_evp_extract, \
618 #define DO_SubjectPublicKeyInfo(keytype) \
619 "SubjectPublicKeyInfo", keytype##_evp_type, \
620 ( OSSL_KEYMGMT_SELECT_PUBLIC_KEY ), \
624 keytype##_evp_extract, \
628 #define DO_DH(keytype) \
630 ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
633 keytype##_d2i_key_params, \
638 #define DO_DHX(keytype) \
640 ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
643 keytype##_d2i_key_params, \
648 #define DO_DSA(keytype) \
650 ( OSSL_KEYMGMT_SELECT_ALL ), \
651 keytype##_d2i_private_key, \
652 keytype##_d2i_public_key, \
653 keytype##_d2i_key_params, \
658 #define DO_EC(keytype) \
660 ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY \
661 | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
662 keytype##_d2i_private_key, \
664 keytype##_d2i_key_params, \
669 #define DO_RSA(keytype) \
671 ( OSSL_KEYMGMT_SELECT_KEYPAIR ), \
672 keytype##_d2i_private_key, \
673 keytype##_d2i_public_key, \
680 * MAKE_DECODER is the single driver for creating OSSL_DISPATCH tables.
681 * It takes the following arguments:
683 * keytype_name The implementation key type as a string.
684 * keytype The implementation key type. This must correspond exactly
685 * to our existing keymgmt keytype names... in other words,
686 * there must exist an ossl_##keytype##_keymgmt_functions.
687 * type The type name for the set of functions that implement the
688 * decoder for the key type. This isn't necessarily the same
689 * as keytype. For example, the key types ed25519, ed448,
690 * x25519 and x448 are all handled by the same functions with
691 * the common type name ecx.
692 * kind The kind of support to implement. This translates into
693 * the DO_##kind macros above, to populate the keytype_desc_st
696 #define MAKE_DECODER(keytype_name, keytype, type, kind) \
697 static const struct keytype_desc_st kind##_##keytype##_desc = \
698 { keytype_name, ossl_##keytype##_keymgmt_functions, \
699 DO_##kind(keytype) }; \
701 static OSSL_FUNC_decoder_newctx_fn kind##_der2##keytype##_newctx; \
702 static OSSL_FUNC_decoder_gettable_params_fn \
703 kind##_der2##keytype##_gettable_params; \
704 static OSSL_FUNC_decoder_get_params_fn \
705 kind##_der2##keytype##_get_params; \
707 static void *kind##_der2##keytype##_newctx(void *provctx) \
709 return der2key_newctx(provctx, &kind##_##keytype##_desc); \
711 static const OSSL_PARAM * \
712 kind##_der2##keytype##_gettable_params(void *provctx) \
715 der2key_gettable_params(provctx, &kind##_##keytype##_desc); \
717 static int kind##_der2##keytype##_get_params(OSSL_PARAM params[]) \
719 return der2key_get_params(params, &kind##_##keytype##_desc); \
721 static int kind##_der2##keytype##_does_selection(void *provctx, \
724 return der2key_check_selection(selection, \
725 &kind##_##keytype##_desc); \
727 const OSSL_DISPATCH \
728 ossl_##kind##_der_to_##keytype##_decoder_functions[] = { \
729 { OSSL_FUNC_DECODER_NEWCTX, \
730 (void (*)(void))kind##_der2##keytype##_newctx }, \
731 { OSSL_FUNC_DECODER_FREECTX, \
732 (void (*)(void))der2key_freectx }, \
733 { OSSL_FUNC_DECODER_GETTABLE_PARAMS, \
734 (void (*)(void))kind##_der2##keytype##_gettable_params }, \
735 { OSSL_FUNC_DECODER_GET_PARAMS, \
736 (void (*)(void))kind##_der2##keytype##_get_params }, \
737 { OSSL_FUNC_DECODER_DOES_SELECTION, \
738 (void (*)(void))kind##_der2##keytype##_does_selection }, \
739 { OSSL_FUNC_DECODER_DECODE, \
740 (void (*)(void))der2key_decode }, \
741 { OSSL_FUNC_DECODER_EXPORT_OBJECT, \
742 (void (*)(void))der2key_export_object }, \
746 #ifndef OPENSSL_NO_DH
747 MAKE_DECODER("DH", dh
, dh
, PKCS8
);
748 MAKE_DECODER("DH", dh
, dh
, SubjectPublicKeyInfo
);
749 MAKE_DECODER("DH", dh
, dh
, type_specific_params
);
750 MAKE_DECODER("DH", dh
, dh
, DH
);
751 MAKE_DECODER("DHX", dhx
, dhx
, PKCS8
);
752 MAKE_DECODER("DHX", dhx
, dhx
, SubjectPublicKeyInfo
);
753 MAKE_DECODER("DHX", dhx
, dhx
, type_specific_params
);
754 MAKE_DECODER("DHX", dhx
, dhx
, DHX
);
756 #ifndef OPENSSL_NO_DSA
757 MAKE_DECODER("DSA", dsa
, dsa
, PKCS8
);
758 MAKE_DECODER("DSA", dsa
, dsa
, SubjectPublicKeyInfo
);
759 MAKE_DECODER("DSA", dsa
, dsa
, type_specific
);
760 MAKE_DECODER("DSA", dsa
, dsa
, DSA
);
762 #ifndef OPENSSL_NO_EC
763 MAKE_DECODER("EC", ec
, ec
, PKCS8
);
764 MAKE_DECODER("EC", ec
, ec
, SubjectPublicKeyInfo
);
765 MAKE_DECODER("EC", ec
, ec
, type_specific_no_pub
);
766 MAKE_DECODER("EC", ec
, ec
, EC
);
767 MAKE_DECODER("X25519", x25519
, ecx
, PKCS8
);
768 MAKE_DECODER("X25519", x25519
, ecx
, SubjectPublicKeyInfo
);
769 MAKE_DECODER("X448", x448
, ecx
, PKCS8
);
770 MAKE_DECODER("X448", x448
, ecx
, SubjectPublicKeyInfo
);
771 MAKE_DECODER("ED25519", ed25519
, ecx
, PKCS8
);
772 MAKE_DECODER("ED25519", ed25519
, ecx
, SubjectPublicKeyInfo
);
773 MAKE_DECODER("ED448", ed448
, ecx
, PKCS8
);
774 MAKE_DECODER("ED448", ed448
, ecx
, SubjectPublicKeyInfo
);
775 # ifndef OPENSSL_NO_SM2
776 MAKE_DECODER("SM2", sm2
, ec
, PKCS8
);
777 MAKE_DECODER("SM2", sm2
, ec
, SubjectPublicKeyInfo
);
780 MAKE_DECODER("RSA", rsa
, rsa
, PKCS8
);
781 MAKE_DECODER("RSA", rsa
, rsa
, SubjectPublicKeyInfo
);
782 MAKE_DECODER("RSA", rsa
, rsa
, type_specific_keypair
);
783 MAKE_DECODER("RSA", rsa
, rsa
, RSA
);
784 MAKE_DECODER("RSA-PSS", rsapss
, rsapss
, PKCS8
);
785 MAKE_DECODER("RSA-PSS", rsapss
, rsapss
, SubjectPublicKeyInfo
);