/*

 * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.

 *

 * Licensed under the Apache License 2.0 (the "License").  You may not use

 * this file except in compliance with the License.  You can obtain a copy

 * in the file LICENSE in the source distribution or at

 * https://www.openssl.org/source/license.html

 */

/*

 * low level APIs are deprecated for public use, but still ok for

 * internal use.

 */

#include "internal/deprecated.h"

#include <openssl/byteorder.h>

#include <openssl/core_dispatch.h>

#include <openssl/core_names.h>

#include <openssl/core_object.h>

#include <openssl/crypto.h>

#include <openssl/err.h>

#include <openssl/params.h>

#include <openssl/pem.h>         /* PEM_BUFSIZE and public PEM functions */

#include <openssl/pkcs12.h>

#include <openssl/provider.h>

#include <openssl/x509.h>

#include <openssl/proverr.h>

#include <openssl/asn1t.h>

#include "internal/cryptlib.h"   /* ossl_assert() */

#include "crypto/dh.h"

#include "crypto/dsa.h"

#include "crypto/ec.h"

#include "crypto/evp.h"

#include "crypto/ecx.h"

#include "crypto/rsa.h"

#include "crypto/ml_dsa.h"

#include "crypto/slh_dsa.h"

#include "crypto/x509.h"

#include "crypto/ml_kem.h"

#include "openssl/obj_mac.h"

#include "prov/bio.h"

#include "prov/implementations.h"

#include "prov/endecoder_local.h"

#include "internal/nelem.h"

#include "prov/ml_dsa_codecs.h"

#include "prov/ml_kem_codecs.h"

#ifndef OPENSSL_NO_SLH_DSA

typedef struct {

    ASN1_OBJECT *oid;

} BARE_ALGOR;

typedef struct {

    BARE_ALGOR algor;

    ASN1_BIT_STRING *pubkey;

} BARE_PUBKEY;

ASN1_SEQUENCE(BARE_ALGOR) = {

    ASN1_SIMPLE(BARE_ALGOR, oid, ASN1_OBJECT),

} static_ASN1_SEQUENCE_END(BARE_ALGOR)

ASN1_SEQUENCE(BARE_PUBKEY) = {

    ASN1_EMBED(BARE_PUBKEY, algor, BARE_ALGOR),

    ASN1_SIMPLE(BARE_PUBKEY, pubkey, ASN1_BIT_STRING)

} static_ASN1_SEQUENCE_END(BARE_PUBKEY)

#endif /* OPENSSL_NO_SLH_DSA */

struct der2key_ctx_st;           /* Forward declaration */

typedef int check_key_fn(void *, struct der2key_ctx_st *ctx);

typedef void adjust_key_fn(void *, struct der2key_ctx_st *ctx);

typedef void free_key_fn(void *);

typedef void *d2i_PKCS8_fn(const unsigned char **, long,

                           struct der2key_ctx_st *);

typedef void *d2i_PUBKEY_fn(const unsigned char **, long,

                            struct der2key_ctx_st *);

struct keytype_desc_st {

    const char *keytype_name;

    const OSSL_DISPATCH *fns; /* Keymgmt (to pilfer functions from) */

    /* The input structure name */

    const char *structure_name;

    /*

     * The EVP_PKEY_xxx type macro.  Should be zero for type specific

     * structures, non-zero when the outermost structure is PKCS#8 or

     * SubjectPublicKeyInfo.  This determines which of the function

     * pointers below will be used.

     */

    int evp_type;

    /* The selection mask for OSSL_FUNC_decoder_does_selection() */

    int selection_mask;

    /* For type specific decoders, we use the corresponding d2i */

    d2i_of_void *d2i_private_key; /* From type-specific DER */

    d2i_of_void *d2i_public_key;  /* From type-specific DER */

    d2i_of_void *d2i_key_params;  /* From type-specific DER */

    d2i_PKCS8_fn *d2i_PKCS8;      /* Wrapped in a PrivateKeyInfo */

    d2i_PUBKEY_fn *d2i_PUBKEY;    /* Wrapped in a SubjectPublicKeyInfo */

    /*

     * For any key, we may need to check that the key meets expectations.

     * This is useful when the same functions can decode several variants

     * of a key.

     */

    check_key_fn *check_key;

    /*

     * For any key, we may need to make provider specific adjustments, such

     * as ensure the key carries the correct library context.

     */

    adjust_key_fn *adjust_key;

    /* {type}_free() */

    free_key_fn *free_key;

};

/*

 * Context used for DER to key decoding.

 */

struct der2key_ctx_st {

    PROV_CTX *provctx;

    char propq[OSSL_MAX_PROPQUERY_SIZE];

    const struct keytype_desc_st *desc;

    /* The selection that is passed to der2key_decode() */

    int selection;

    /* Flag used to signal that a failure is fatal */

    unsigned int flag_fatal : 1;

};

typedef void *key_from_pkcs8_t(const PKCS8_PRIV_KEY_INFO *p8inf,

                               OSSL_LIB_CTX *libctx, const char *propq);

static void *der2key_decode_p8(const unsigned char **input_der,

                               long input_der_len, struct der2key_ctx_st *ctx,

                               key_from_pkcs8_t *key_from_pkcs8)

{

    PKCS8_PRIV_KEY_INFO *p8inf = NULL;

    const X509_ALGOR *alg = NULL;

    void *key = NULL;

    if ((p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, input_der, input_der_len)) != NULL

        && PKCS8_pkey_get0(NULL, NULL, NULL, &alg, p8inf)

        && (OBJ_obj2nid(alg->algorithm) == ctx->desc->evp_type

            /* Allow decoding sm2 private key with id_ecPublicKey */

            || (OBJ_obj2nid(alg->algorithm) == NID_X9_62_id_ecPublicKey

                && ctx->desc->evp_type == NID_sm2)))

        key = key_from_pkcs8(p8inf, PROV_LIBCTX_OF(ctx->provctx), ctx->propq);

    PKCS8_PRIV_KEY_INFO_free(p8inf);

    return key;

}

/* ---------------------------------------------------------------------- */

static OSSL_FUNC_decoder_freectx_fn der2key_freectx;

static OSSL_FUNC_decoder_decode_fn der2key_decode;

static OSSL_FUNC_decoder_export_object_fn der2key_export_object;

static OSSL_FUNC_decoder_settable_ctx_params_fn der2key_settable_ctx_params;

static OSSL_FUNC_decoder_set_ctx_params_fn der2key_set_ctx_params;

static struct der2key_ctx_st *

der2key_newctx(void *provctx, const struct keytype_desc_st *desc)

{

    struct der2key_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx));

    if (ctx != NULL) {

        ctx->provctx = provctx;

        ctx->desc = desc;

    }

    return ctx;

}

/* Machine generated by util/perl/OpenSSL/paramnames.pm */

#ifndef der2key_set_ctx_params_list

static const OSSL_PARAM der2key_set_ctx_params_list[] = {

    OSSL_PARAM_utf8_string(OSSL_DECODER_PARAM_PROPERTIES, NULL, 0),

    OSSL_PARAM_END

};

#endif

#ifndef der2key_set_ctx_params_st

struct der2key_set_ctx_params_st {

    OSSL_PARAM *propq;

};

#endif

#ifndef der2key_set_ctx_params_decoder

static int der2key_set_ctx_params_decoder

    (const OSSL_PARAM *p, struct der2key_set_ctx_params_st *r)

{

    const char *s;

    memset(r, 0, sizeof(*r));

    if (p != NULL)

        for (; (s = p->key) != NULL; p++)

            if (ossl_likely(strcmp("properties", s + 0) == 0)) {

                /* DECODER_PARAM_PROPERTIES */

                if (ossl_unlikely(r->propq != NULL)) {

                    ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER,

                                   "param %s is repeated", s);

                    return 0;

                }

                r->propq = (OSSL_PARAM *)p;

            }

    return 1;

}

#endif

/* End of machine generated */

static const OSSL_PARAM *der2key_settable_ctx_params(ossl_unused void *provctx)

{

    return der2key_set_ctx_params_list;

}

static int der2key_set_ctx_params(void *vctx, const OSSL_PARAM params[])

{

    struct der2key_ctx_st *ctx = vctx;

    struct der2key_set_ctx_params_st p;

    char *str;

    if (ctx == NULL || !der2key_set_ctx_params_decoder(params, &p))

        return 0;

    str = ctx->propq;

    if (p.propq != NULL

            && !OSSL_PARAM_get_utf8_string(p.propq, &str, sizeof(ctx->propq)))

        return 0;

    return 1;

}

static void der2key_freectx(void *vctx)

{

    struct der2key_ctx_st *ctx = vctx;

    OPENSSL_free(ctx);

}

static int der2key_check_selection(int selection,

                                   const struct keytype_desc_st *desc)

{

    /*

     * The selections are kinda sorta "levels", i.e. each selection given

     * here is assumed to include those following.

     */

    int checks[] = {

        OSSL_KEYMGMT_SELECT_PRIVATE_KEY,

        OSSL_KEYMGMT_SELECT_PUBLIC_KEY,

        OSSL_KEYMGMT_SELECT_ALL_PARAMETERS

    };

    size_t i;

    /* The decoder implementations made here support guessing */

    if (selection == 0)

        return 1;

    for (i = 0; i < OSSL_NELEM(checks); i++) {

        int check1 = (selection & checks[i]) != 0;

        int check2 = (desc->selection_mask & checks[i]) != 0;

        /*

         * If the caller asked for the currently checked bit(s), return

         * whether the decoder description says it's supported.

         */

        if (check1)

            return check2;

    }

    /* This should be dead code, but just to be safe... */

    return 0;

}

static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,

                          OSSL_CALLBACK *data_cb, void *data_cbarg,

                          OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)

{

    struct der2key_ctx_st *ctx = vctx;

    unsigned char *der = NULL;

    const unsigned char *derp;

    long der_len = 0;

    void *key = NULL;

    int ok = 0;

    ctx->selection = selection;

    /*

     * The caller is allowed to specify 0 as a selection mask, to have the

     * structure and key type guessed.  For type-specific structures, this

     * is not recommended, as some structures are very similar.

     * Note that 0 isn't the same as OSSL_KEYMGMT_SELECT_ALL, as the latter

     * signifies a private key structure, where everything else is assumed

     * to be present as well.

     */

    if (selection == 0)

        selection = ctx->desc->selection_mask;

    if ((selection & ctx->desc->selection_mask) == 0) {

        ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);

        return 0;

    }

    ok = ossl_read_der(ctx->provctx, cin, &der, &der_len);

    if (!ok)

        goto next;

    ok = 0; /* Assume that we fail */

    ERR_set_mark();

    if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {

        derp = der;

        if (ctx->desc->d2i_PKCS8 != NULL) {

            key = ctx->desc->d2i_PKCS8(&derp, der_len, ctx);

            if (ctx->flag_fatal) {

                ERR_clear_last_mark();

                goto end;

            }

        } else if (ctx->desc->d2i_private_key != NULL) {

            key = ctx->desc->d2i_private_key(NULL, &derp, der_len);

        }

        if (key == NULL && ctx->selection != 0) {

            ERR_clear_last_mark();

            goto next;

        }

    }

    if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {

        derp = der;

        if (ctx->desc->d2i_PUBKEY != NULL)

            key = ctx->desc->d2i_PUBKEY(&derp, der_len, ctx);

        else if (ctx->desc->d2i_public_key != NULL)

            key = ctx->desc->d2i_public_key(NULL, &derp, der_len);

        if (key == NULL && ctx->selection != 0) {

            ERR_clear_last_mark();

            goto next;

        }

    }

    if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) {

        derp = der;

        if (ctx->desc->d2i_key_params != NULL)

            key = ctx->desc->d2i_key_params(NULL, &derp, der_len);

        if (key == NULL && ctx->selection != 0) {

            ERR_clear_last_mark();

            goto next;

        }

    }

    if (key == NULL)

        ERR_clear_last_mark();

    else

        ERR_pop_to_mark();

    /*

     * Last minute check to see if this was the correct type of key.  This

     * should never lead to a fatal error, i.e. the decoding itself was

     * correct, it was just an unexpected key type.  This is generally for

     * classes of key types that have subtle variants, like RSA-PSS keys as

     * opposed to plain RSA keys.

     */

    if (key != NULL

        && ctx->desc->check_key != NULL

        && !ctx->desc->check_key(key, ctx)) {

        ctx->desc->free_key(key);

        key = NULL;

    }

    if (key != NULL && ctx->desc->adjust_key != NULL)

        ctx->desc->adjust_key(key, ctx);

 next:

    /*

     * Indicated that we successfully decoded something, or not at all.

     * Ending up "empty handed" is not an error.

     */

    ok = 1;

    /*

     * We free memory here so it's not held up during the callback, because

     * we know the process is recursive and the allocated chunks of memory

     * add up.

     */

    OPENSSL_free(der);

    der = NULL;

    if (key != NULL) {

        OSSL_PARAM params[4];

        int object_type = OSSL_OBJECT_PKEY;

        params[0] =

            OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &object_type);

#ifndef OPENSSL_NO_SM2

        if (strcmp(ctx->desc->keytype_name, "EC") == 0

            && (EC_KEY_get_flags(key) & EC_FLAG_SM2_RANGE) != 0)

            params[1] =

                OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE,

                                                 "SM2", 0);

        else

#endif

            params[1] =

                OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE,

                                                 (char *)ctx->desc->keytype_name,

                                                 0);

        /* The address of the key becomes the octet string */

        params[2] =

            OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE,

                                              &key, sizeof(key));

        params[3] = OSSL_PARAM_construct_end();

        ok = data_cb(params, data_cbarg);

    }

 end:

    ctx->desc->free_key(key);

    OPENSSL_free(der);

    return ok;

}

static int der2key_export_object(void *vctx,

                                 const void *reference, size_t reference_sz,

                                 OSSL_CALLBACK *export_cb, void *export_cbarg)

{

    struct der2key_ctx_st *ctx = vctx;

    OSSL_FUNC_keymgmt_export_fn *export =

        ossl_prov_get_keymgmt_export(ctx->desc->fns);

    void *keydata;

    if (reference_sz == sizeof(keydata) && export != NULL) {

        int selection = ctx->selection;

        if (selection == 0)

            selection = OSSL_KEYMGMT_SELECT_ALL;

        /* The contents of the reference is the address to our object */

        keydata = *(void **)reference;

        return export(keydata, selection, export_cb, export_cbarg);

    }

    return 0;

}

#define D2I_PUBKEY_NOCTX(n, f)                              \

    static void *                                           \

    n##_d2i_PUBKEY(const unsigned char **der, long der_len, \

                   ossl_unused struct der2key_ctx_st *ctx)  \

    {                                                       \

        return f(NULL, der, der_len);                       \

    }

Unexecuted instantiation: decode_der2key.c:dh_d2i_PUBKEY

Unexecuted instantiation: decode_der2key.c:dhx_d2i_PUBKEY

Unexecuted instantiation: decode_der2key.c:dsa_d2i_PUBKEY

Unexecuted instantiation: decode_der2key.c:ec_d2i_PUBKEY

Unexecuted instantiation: decode_der2key.c:x25519_d2i_PUBKEY

Unexecuted instantiation: decode_der2key.c:x448_d2i_PUBKEY

Unexecuted instantiation: decode_der2key.c:ed25519_d2i_PUBKEY

Unexecuted instantiation: decode_der2key.c:ed448_d2i_PUBKEY

/* ---------------------------------------------------------------------- */

#ifndef OPENSSL_NO_DH

# define dh_evp_type                    EVP_PKEY_DH

# define dh_d2i_private_key             NULL

# define dh_d2i_public_key              NULL

# define dh_d2i_key_params              (d2i_of_void *)d2i_DHparams

# define dh_free                        (free_key_fn *)DH_free

# define dh_check                       NULL

static void *dh_d2i_PKCS8(const unsigned char **der, long der_len,

                          struct der2key_ctx_st *ctx)

{

    return der2key_decode_p8(der, der_len, ctx,

                             (key_from_pkcs8_t *)ossl_dh_key_from_pkcs8);

}

D2I_PUBKEY_NOCTX(dh, ossl_d2i_DH_PUBKEY)

D2I_PUBKEY_NOCTX(dhx, ossl_d2i_DHx_PUBKEY)

static void dh_adjust(void *key, struct der2key_ctx_st *ctx)

{

    ossl_dh_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));

}

# define dhx_evp_type                   EVP_PKEY_DHX

# define dhx_d2i_private_key            NULL

# define dhx_d2i_public_key             NULL

# define dhx_d2i_key_params             (d2i_of_void *)d2i_DHxparams

# define dhx_d2i_PKCS8                  dh_d2i_PKCS8

# define dhx_free                       (free_key_fn *)DH_free

# define dhx_check                      NULL

# define dhx_adjust                     dh_adjust

#endif

/* ---------------------------------------------------------------------- */

#ifndef OPENSSL_NO_DSA

# define dsa_evp_type                   EVP_PKEY_DSA

# define dsa_d2i_private_key            (d2i_of_void *)d2i_DSAPrivateKey

# define dsa_d2i_public_key             (d2i_of_void *)d2i_DSAPublicKey

# define dsa_d2i_key_params             (d2i_of_void *)d2i_DSAparams

# define dsa_free                       (free_key_fn *)DSA_free

# define dsa_check                      NULL

static void *dsa_d2i_PKCS8(const unsigned char **der, long der_len,

                           struct der2key_ctx_st *ctx)

{

    return der2key_decode_p8(der, der_len, ctx,

                             (key_from_pkcs8_t *)ossl_dsa_key_from_pkcs8);

}

D2I_PUBKEY_NOCTX(dsa, ossl_d2i_DSA_PUBKEY)

static void dsa_adjust(void *key, struct der2key_ctx_st *ctx)

{

    ossl_dsa_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));

}

#endif

/* ---------------------------------------------------------------------- */

#ifndef OPENSSL_NO_EC

# define ec_evp_type                    EVP_PKEY_EC

# define ec_d2i_private_key             (d2i_of_void *)d2i_ECPrivateKey

# define ec_d2i_public_key              NULL

# define ec_d2i_key_params              (d2i_of_void *)d2i_ECParameters

# define ec_free                        (free_key_fn *)EC_KEY_free

static void *ec_d2i_PKCS8(const unsigned char **der, long der_len,

                          struct der2key_ctx_st *ctx)

{

    return der2key_decode_p8(der, der_len, ctx,

                             (key_from_pkcs8_t *)ossl_ec_key_from_pkcs8);

}

D2I_PUBKEY_NOCTX(ec, d2i_EC_PUBKEY)

static int ec_check(void *key, struct der2key_ctx_st *ctx)

{

    /* We're trying to be clever by comparing two truths */

    int ret = 0;

    int sm2 = (EC_KEY_get_flags(key) & EC_FLAG_SM2_RANGE) != 0;

    if (sm2)

        ret = ctx->desc->evp_type == EVP_PKEY_SM2

            || ctx->desc->evp_type == NID_X9_62_id_ecPublicKey;

    else

        ret = ctx->desc->evp_type != EVP_PKEY_SM2;

    return ret;

}

static void ec_adjust(void *key, struct der2key_ctx_st *ctx)

{

    ossl_ec_key_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));

}

# ifndef OPENSSL_NO_ECX

/*

 * ED25519, ED448, X25519, X448 only implement PKCS#8 and SubjectPublicKeyInfo,

 * so no d2i functions to be had.

 */

static void *ecx_d2i_PKCS8(const unsigned char **der, long der_len,

                           struct der2key_ctx_st *ctx)

{

    return der2key_decode_p8(der, der_len, ctx,

                             (key_from_pkcs8_t *)ossl_ecx_key_from_pkcs8);

}

D2I_PUBKEY_NOCTX(ed25519, ossl_d2i_ED25519_PUBKEY)

D2I_PUBKEY_NOCTX(ed448, ossl_d2i_ED448_PUBKEY)

D2I_PUBKEY_NOCTX(x25519, ossl_d2i_X25519_PUBKEY)

D2I_PUBKEY_NOCTX(x448, ossl_d2i_X448_PUBKEY)

static void ecx_key_adjust(void *key, struct der2key_ctx_st *ctx)

{

    ossl_ecx_key_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));

}

#  define ed25519_evp_type               EVP_PKEY_ED25519

#  define ed25519_d2i_private_key        NULL

#  define ed25519_d2i_public_key         NULL

#  define ed25519_d2i_key_params         NULL

#  define ed25519_d2i_PKCS8              ecx_d2i_PKCS8

#  define ed25519_free                   (free_key_fn *)ossl_ecx_key_free

#  define ed25519_check                  NULL

#  define ed25519_adjust                 ecx_key_adjust

#  define ed448_evp_type                 EVP_PKEY_ED448

#  define ed448_d2i_private_key          NULL

#  define ed448_d2i_public_key           NULL

#  define ed448_d2i_key_params           NULL

#  define ed448_d2i_PKCS8                ecx_d2i_PKCS8

#  define ed448_free                     (free_key_fn *)ossl_ecx_key_free

#  define ed448_check                    NULL

#  define ed448_adjust                   ecx_key_adjust

#  define x25519_evp_type                EVP_PKEY_X25519

#  define x25519_d2i_private_key         NULL

#  define x25519_d2i_public_key          NULL

#  define x25519_d2i_key_params          NULL

#  define x25519_d2i_PKCS8               ecx_d2i_PKCS8

#  define x25519_free                    (free_key_fn *)ossl_ecx_key_free

#  define x25519_check                   NULL

#  define x25519_adjust                  ecx_key_adjust

#  define x448_evp_type                  EVP_PKEY_X448

#  define x448_d2i_private_key           NULL

#  define x448_d2i_public_key            NULL

#  define x448_d2i_key_params            NULL

#  define x448_d2i_PKCS8                 ecx_d2i_PKCS8

#  define x448_free                      (free_key_fn *)ossl_ecx_key_free

#  define x448_check                     NULL

#  define x448_adjust                    ecx_key_adjust

# endif /* OPENSSL_NO_ECX */

# ifndef OPENSSL_NO_SM2

#  define sm2_evp_type                  EVP_PKEY_SM2

#  define sm2_d2i_private_key           (d2i_of_void *)d2i_ECPrivateKey

#  define sm2_d2i_public_key            NULL

#  define sm2_d2i_key_params            (d2i_of_void *)d2i_ECParameters

#  define sm2_d2i_PUBKEY                ec_d2i_PUBKEY

#  define sm2_free                      (free_key_fn *)EC_KEY_free

#  define sm2_check                     ec_check

#  define sm2_adjust                    ec_adjust

static void *sm2_d2i_PKCS8(const unsigned char **der, long der_len,

                           struct der2key_ctx_st *ctx)

{

    return der2key_decode_p8(der, der_len, ctx,

                             (key_from_pkcs8_t *)ossl_ec_key_from_pkcs8);

}

# endif

#endif

/* ---------------------------------------------------------------------- */

#ifndef OPENSSL_NO_ML_KEM

static void *

ml_kem_d2i_PKCS8(const uint8_t **der, long der_len, struct der2key_ctx_st *ctx)

{

    ML_KEM_KEY *key;

    key = ossl_ml_kem_d2i_PKCS8(*der, der_len, ctx->desc->evp_type,

                                ctx->provctx, ctx->propq);

    if (key != NULL)

        *der += der_len;

    return key;

}

static ossl_inline void *

ml_kem_d2i_PUBKEY(const uint8_t **der, long der_len,

                  struct der2key_ctx_st *ctx)

{

    ML_KEM_KEY *key;

    key = ossl_ml_kem_d2i_PUBKEY(*der, der_len, ctx->desc->evp_type,

                                 ctx->provctx, ctx->propq);

    if (key != NULL)

        *der += der_len;

    return key;

}

# define ml_kem_512_evp_type                EVP_PKEY_ML_KEM_512

# define ml_kem_512_d2i_private_key         NULL

# define ml_kem_512_d2i_public_key          NULL

# define ml_kem_512_d2i_key_params          NULL

# define ml_kem_512_d2i_PUBKEY              ml_kem_d2i_PUBKEY

# define ml_kem_512_d2i_PKCS8               ml_kem_d2i_PKCS8

# define ml_kem_512_free                    (free_key_fn *)ossl_ml_kem_key_free

# define ml_kem_512_check                   NULL

# define ml_kem_512_adjust                  NULL

# define ml_kem_768_evp_type                EVP_PKEY_ML_KEM_768

# define ml_kem_768_d2i_private_key         NULL

# define ml_kem_768_d2i_public_key          NULL

# define ml_kem_768_d2i_key_params          NULL

# define ml_kem_768_d2i_PUBKEY              ml_kem_d2i_PUBKEY

# define ml_kem_768_d2i_PKCS8               ml_kem_d2i_PKCS8

# define ml_kem_768_free                    (free_key_fn *)ossl_ml_kem_key_free

# define ml_kem_768_check                   NULL

# define ml_kem_768_adjust                  NULL

# define ml_kem_1024_evp_type               EVP_PKEY_ML_KEM_1024

# define ml_kem_1024_d2i_private_key        NULL

# define ml_kem_1024_d2i_public_key         NULL

# define ml_kem_1024_d2i_PUBKEY             ml_kem_d2i_PUBKEY

# define ml_kem_1024_d2i_PKCS8              ml_kem_d2i_PKCS8

# define ml_kem_1024_d2i_key_params         NULL

# define ml_kem_1024_free                   (free_key_fn *)ossl_ml_kem_key_free

# define ml_kem_1024_check                  NULL

# define ml_kem_1024_adjust                 NULL

#endif

#ifndef OPENSSL_NO_SLH_DSA

static void *

slh_dsa_d2i_PKCS8(const uint8_t **der, long der_len, struct der2key_ctx_st *ctx)

{

    SLH_DSA_KEY *key = NULL, *ret = NULL;

    OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);

    PKCS8_PRIV_KEY_INFO *p8inf = NULL;

    const unsigned char *p;

    const X509_ALGOR *alg = NULL;

    int plen, ptype;

    if ((p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, der, der_len)) == NULL

        || !PKCS8_pkey_get0(NULL, &p, &plen, &alg, p8inf))

        goto end;

    /* Algorithm parameters must be absent. */

    if ((X509_ALGOR_get0(NULL, &ptype, NULL, alg), ptype != V_ASN1_UNDEF)) {

        ERR_raise_data(ERR_LIB_PROV, PROV_R_UNEXPECTED_KEY_PARAMETERS,

                       "unexpected parameters with a PKCS#8 %s private key",

                       ctx->desc->keytype_name);

        goto end;

    }

    if (OBJ_obj2nid(alg->algorithm) != ctx->desc->evp_type)

        goto end;

    if ((key = ossl_slh_dsa_key_new(libctx, ctx->propq,

                                    ctx->desc->keytype_name)) == NULL)

        goto end;

    if (!ossl_slh_dsa_set_priv(key, p, plen))

        goto end;

    ret = key;

 end:

    PKCS8_PRIV_KEY_INFO_free(p8inf);

    if (ret == NULL)

        ossl_slh_dsa_key_free(key);

    return ret;

}

static ossl_inline void *slh_dsa_d2i_PUBKEY(const uint8_t **der, long der_len,

                                            struct der2key_ctx_st *ctx)

{

    int ok = 0;

    OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);

    SLH_DSA_KEY *ret = NULL;

    BARE_PUBKEY *spki = NULL;

    const uint8_t *end = *der;

    size_t len;

    ret = ossl_slh_dsa_key_new(libctx, ctx->propq, ctx->desc->keytype_name);

    if (ret == NULL)

        return NULL;

    len = ossl_slh_dsa_key_get_pub_len(ret);

    /*-

     * The DER ASN.1 encoding of SLH-DSA public keys prepends 18 bytes to the

     * encoded public key (since the largest public key size is 64 bytes):

     *

     * - 2 byte outer sequence tag and length

     * -  2 byte algorithm sequence tag and length

     * -    2 byte algorithm OID tag and length

     * -      9 byte algorithm OID

     * -  2 byte bit string tag and length

     * -    1 bitstring lead byte

     *

     * Check that we have the right OID, the bit string has no "bits left" and

     * that we consume all the input exactly.

     */

    if (der_len != 18 + (long)len) {

        ERR_raise_data(ERR_LIB_PROV, PROV_R_BAD_ENCODING,

                       "unexpected %s public key length: %ld != %ld",

                       ctx->desc->keytype_name, der_len,

                       18 + (long)len);

        goto err;

    }

    if ((spki = OPENSSL_zalloc(sizeof(*spki))) == NULL)

        goto err;

    /* The spki storage is freed on error */

    if (ASN1_item_d2i_ex((ASN1_VALUE **)&spki, &end, der_len,

                         ASN1_ITEM_rptr(BARE_PUBKEY), NULL, NULL) == NULL) {

        ERR_raise_data(ERR_LIB_PROV, PROV_R_BAD_ENCODING,

                       "malformed %s public key ASN.1 encoding",

                       ossl_slh_dsa_key_get_name(ret));

        goto err;

    }

    /* The spki structure now owns some memory */

    if ((spki->pubkey->flags & 0x7) != 0 || end != *der + der_len) {

        ERR_raise_data(ERR_LIB_PROV, PROV_R_BAD_ENCODING,

                       "malformed %s public key ASN.1 encoding",

                       ossl_slh_dsa_key_get_name(ret));

        goto err;

    }

    if (OBJ_cmp(OBJ_nid2obj(ctx->desc->evp_type), spki->algor.oid) != 0) {

        ERR_raise_data(ERR_LIB_PROV, PROV_R_BAD_ENCODING,

                       "unexpected algorithm OID for an %s public key",

                       ossl_slh_dsa_key_get_name(ret));

        goto err;

    }

    if (!ossl_slh_dsa_set_pub(ret, spki->pubkey->data, spki->pubkey->length)) {

        ERR_raise_data(ERR_LIB_PROV, PROV_R_BAD_ENCODING,

                       "failed to parse %s public key from the input data",

                       ossl_slh_dsa_key_get_name(ret));

        goto err;

    }

    ok = 1;

 err:

    if (spki != NULL) {

        ASN1_OBJECT_free(spki->algor.oid);

        ASN1_BIT_STRING_free(spki->pubkey);

        OPENSSL_free(spki);

    }

    if (!ok) {

        ossl_slh_dsa_key_free(ret);

        ret = NULL;

    }

    return ret;

}

# define slh_dsa_sha2_128s_evp_type        EVP_PKEY_SLH_DSA_SHA2_128S

# define slh_dsa_sha2_128s_d2i_private_key NULL

# define slh_dsa_sha2_128s_d2i_public_key  NULL

# define slh_dsa_sha2_128s_d2i_key_params  NULL

# define slh_dsa_sha2_128s_d2i_PKCS8       slh_dsa_d2i_PKCS8

# define slh_dsa_sha2_128s_d2i_PUBKEY      slh_dsa_d2i_PUBKEY

# define slh_dsa_sha2_128s_free            (free_key_fn *)ossl_slh_dsa_key_free

# define slh_dsa_sha2_128s_check           NULL

# define slh_dsa_sha2_128s_adjust          NULL

# define slh_dsa_sha2_128f_evp_type        EVP_PKEY_SLH_DSA_SHA2_128F

# define slh_dsa_sha2_128f_d2i_private_key NULL

# define slh_dsa_sha2_128f_d2i_public_key  NULL

# define slh_dsa_sha2_128f_d2i_key_params  NULL

# define slh_dsa_sha2_128f_d2i_PKCS8       slh_dsa_d2i_PKCS8

# define slh_dsa_sha2_128f_d2i_PUBKEY      slh_dsa_d2i_PUBKEY

# define slh_dsa_sha2_128f_free            (free_key_fn *)ossl_slh_dsa_key_free

# define slh_dsa_sha2_128f_check           NULL

# define slh_dsa_sha2_128f_adjust          NULL

# define slh_dsa_sha2_192s_evp_type        EVP_PKEY_SLH_DSA_SHA2_192S

# define slh_dsa_sha2_192s_d2i_private_key NULL

# define slh_dsa_sha2_192s_d2i_public_key  NULL

# define slh_dsa_sha2_192s_d2i_key_params  NULL

# define slh_dsa_sha2_192s_d2i_PKCS8       slh_dsa_d2i_PKCS8

# define slh_dsa_sha2_192s_d2i_PUBKEY      slh_dsa_d2i_PUBKEY

# define slh_dsa_sha2_192s_free            (free_key_fn *)ossl_slh_dsa_key_free

# define slh_dsa_sha2_192s_check           NULL

# define slh_dsa_sha2_192s_adjust          NULL

# define slh_dsa_sha2_192f_evp_type        EVP_PKEY_SLH_DSA_SHA2_192F

# define slh_dsa_sha2_192f_d2i_private_key NULL

# define slh_dsa_sha2_192f_d2i_public_key  NULL

# define slh_dsa_sha2_192f_d2i_key_params  NULL

# define slh_dsa_sha2_192f_d2i_PKCS8       slh_dsa_d2i_PKCS8

# define slh_dsa_sha2_192f_d2i_PUBKEY      slh_dsa_d2i_PUBKEY

# define slh_dsa_sha2_192f_free            (free_key_fn *)ossl_slh_dsa_key_free

# define slh_dsa_sha2_192f_check           NULL

# define slh_dsa_sha2_192f_adjust          NULL

# define slh_dsa_sha2_256s_evp_type        EVP_PKEY_SLH_DSA_SHA2_256S

# define slh_dsa_sha2_256s_d2i_private_key NULL

# define slh_dsa_sha2_256s_d2i_public_key  NULL

# define slh_dsa_sha2_256s_d2i_key_params  NULL

# define slh_dsa_sha2_256s_d2i_PKCS8       slh_dsa_d2i_PKCS8

# define slh_dsa_sha2_256s_d2i_PUBKEY      slh_dsa_d2i_PUBKEY

# define slh_dsa_sha2_256s_free            (free_key_fn *)ossl_slh_dsa_key_free

# define slh_dsa_sha2_256s_check           NULL

# define slh_dsa_sha2_256s_adjust          NULL

# define slh_dsa_sha2_256f_evp_type        EVP_PKEY_SLH_DSA_SHA2_256F

# define slh_dsa_sha2_256f_d2i_private_key NULL

# define slh_dsa_sha2_256f_d2i_public_key  NULL

# define slh_dsa_sha2_256f_d2i_key_params  NULL

# define slh_dsa_sha2_256f_d2i_PKCS8       slh_dsa_d2i_PKCS8

# define slh_dsa_sha2_256f_d2i_PUBKEY      slh_dsa_d2i_PUBKEY

# define slh_dsa_sha2_256f_free            (free_key_fn *)ossl_slh_dsa_key_free

# define slh_dsa_sha2_256f_check           NULL

# define slh_dsa_sha2_256f_adjust          NULL

# define slh_dsa_shake_128s_evp_type        EVP_PKEY_SLH_DSA_SHAKE_128S

# define slh_dsa_shake_128s_d2i_private_key NULL

# define slh_dsa_shake_128s_d2i_public_key  NULL

# define slh_dsa_shake_128s_d2i_key_params  NULL

# define slh_dsa_shake_128s_d2i_PKCS8       slh_dsa_d2i_PKCS8

# define slh_dsa_shake_128s_d2i_PUBKEY      slh_dsa_d2i_PUBKEY

# define slh_dsa_shake_128s_free            (free_key_fn *)ossl_slh_dsa_key_free

# define slh_dsa_shake_128s_check           NULL

# define slh_dsa_shake_128s_adjust          NULL

# define slh_dsa_shake_128f_evp_type        EVP_PKEY_SLH_DSA_SHAKE_128F

# define slh_dsa_shake_128f_d2i_private_key NULL

# define slh_dsa_shake_128f_d2i_public_key  NULL

# define slh_dsa_shake_128f_d2i_key_params  NULL

# define slh_dsa_shake_128f_d2i_PKCS8       slh_dsa_d2i_PKCS8

# define slh_dsa_shake_128f_d2i_PUBKEY      slh_dsa_d2i_PUBKEY

# define slh_dsa_shake_128f_free            (free_key_fn *)ossl_slh_dsa_key_free

# define slh_dsa_shake_128f_check           NULL

# define slh_dsa_shake_128f_adjust          NULL

# define slh_dsa_shake_192s_evp_type        EVP_PKEY_SLH_DSA_SHAKE_192S

# define slh_dsa_shake_192s_d2i_private_key NULL

# define slh_dsa_shake_192s_d2i_public_key  NULL

# define slh_dsa_shake_192s_d2i_key_params  NULL

# define slh_dsa_shake_192s_d2i_PKCS8       slh_dsa_d2i_PKCS8

# define slh_dsa_shake_192s_d2i_PUBKEY      slh_dsa_d2i_PUBKEY

# define slh_dsa_shake_192s_free            (free_key_fn *)ossl_slh_dsa_key_free

# define slh_dsa_shake_192s_check           NULL

# define slh_dsa_shake_192s_adjust          NULL

# define slh_dsa_shake_192f_evp_type        EVP_PKEY_SLH_DSA_SHAKE_192F

# define slh_dsa_shake_192f_d2i_private_key NULL

# define slh_dsa_shake_192f_d2i_public_key  NULL

# define slh_dsa_shake_192f_d2i_key_params  NULL

# define slh_dsa_shake_192f_d2i_PKCS8       slh_dsa_d2i_PKCS8

# define slh_dsa_shake_192f_d2i_PUBKEY      slh_dsa_d2i_PUBKEY

# define slh_dsa_shake_192f_free            (free_key_fn *)ossl_slh_dsa_key_free

# define slh_dsa_shake_192f_check           NULL

# define slh_dsa_shake_192f_adjust          NULL

# define slh_dsa_shake_256s_evp_type        EVP_PKEY_SLH_DSA_SHAKE_256S

# define slh_dsa_shake_256s_d2i_private_key NULL

# define slh_dsa_shake_256s_d2i_public_key  NULL

# define slh_dsa_shake_256s_d2i_key_params  NULL

# define slh_dsa_shake_256s_d2i_PKCS8       slh_dsa_d2i_PKCS8

# define slh_dsa_shake_256s_d2i_PUBKEY      slh_dsa_d2i_PUBKEY

# define slh_dsa_shake_256s_free            (free_key_fn *)ossl_slh_dsa_key_free

# define slh_dsa_shake_256s_check           NULL

# define slh_dsa_shake_256s_adjust          NULL

# define slh_dsa_shake_256f_evp_type        EVP_PKEY_SLH_DSA_SHAKE_256F

# define slh_dsa_shake_256f_d2i_private_key NULL

# define slh_dsa_shake_256f_d2i_public_key  NULL

# define slh_dsa_shake_256f_d2i_key_params  NULL

# define slh_dsa_shake_256f_d2i_PKCS8       slh_dsa_d2i_PKCS8

# define slh_dsa_shake_256f_d2i_PUBKEY      slh_dsa_d2i_PUBKEY

# define slh_dsa_shake_256f_free            (free_key_fn *)ossl_slh_dsa_key_free

# define slh_dsa_shake_256f_check           NULL

# define slh_dsa_shake_256f_adjust          NULL

#endif /* OPENSSL_NO_SLH_DSA */

/* ---------------------------------------------------------------------- */

#define rsa_evp_type                    EVP_PKEY_RSA

#define rsa_d2i_private_key             (d2i_of_void *)d2i_RSAPrivateKey

#define rsa_d2i_public_key              (d2i_of_void *)d2i_RSAPublicKey

#define rsa_d2i_key_params              NULL

#define rsa_free                        (free_key_fn *)RSA_free

static void *rsa_d2i_PKCS8(const unsigned char **der, long der_len,

                           struct der2key_ctx_st *ctx)

{

    return der2key_decode_p8(der, der_len, ctx,

                             (key_from_pkcs8_t *)ossl_rsa_key_from_pkcs8);

}

static void *

rsa_d2i_PUBKEY(const unsigned char **der, long der_len,

               ossl_unused struct der2key_ctx_st *ctx)

{

    return d2i_RSA_PUBKEY(NULL, der, der_len);

}

static int rsa_check(void *key, struct der2key_ctx_st *ctx)

{

    int valid;

    switch (RSA_test_flags(key, RSA_FLAG_TYPE_MASK)) {

    case RSA_FLAG_TYPE_RSA:

        valid = (ctx->desc->evp_type == EVP_PKEY_RSA);

        break;

    case RSA_FLAG_TYPE_RSASSAPSS:

        valid = (ctx->desc->evp_type == EVP_PKEY_RSA_PSS);

        break;

    default:

        /* Currently unsupported RSA key type */

        valid = 0;

    }

    valid = (valid && ossl_rsa_check_factors(key));

    return valid;

}

static void rsa_adjust(void *key, struct der2key_ctx_st *ctx)

{

    ossl_rsa_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));

}

#define rsapss_evp_type                 EVP_PKEY_RSA_PSS

#define rsapss_d2i_private_key          (d2i_of_void *)d2i_RSAPrivateKey

#define rsapss_d2i_public_key           (d2i_of_void *)d2i_RSAPublicKey