/src/openssl30/crypto/encode_decode/encoder_pkey.c

Source (jump to first uncovered line)
/*
 * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <openssl/err.h>
#include <openssl/ui.h>
#include <openssl/params.h>
#include <openssl/encoder.h>
#include <openssl/core_names.h>
#include <openssl/provider.h>
#include <openssl/safestack.h>
#include <openssl/trace.h>
#include "internal/provider.h"
#include "internal/property.h"
#include "crypto/evp.h"
#include "encoder_local.h"

DEFINE_STACK_OF(OSSL_ENCODER)

int OSSL_ENCODER_CTX_set_cipher(OSSL_ENCODER_CTX *ctx,
                                const char *cipher_name,
                                const char *propquery)
{
    OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END };

    params[0] =
        OSSL_PARAM_construct_utf8_string(OSSL_ENCODER_PARAM_CIPHER,
                                         (void *)cipher_name, 0);
    params[1] =
        OSSL_PARAM_construct_utf8_string(OSSL_ENCODER_PARAM_PROPERTIES,
                                         (void *)propquery, 0);

    return OSSL_ENCODER_CTX_set_params(ctx, params);
}

int OSSL_ENCODER_CTX_set_passphrase(OSSL_ENCODER_CTX *ctx,
                                    const unsigned char *kstr,
                                    size_t klen)
{
    return ossl_pw_set_passphrase(&ctx->pwdata, kstr, klen);
}

int OSSL_ENCODER_CTX_set_passphrase_ui(OSSL_ENCODER_CTX *ctx,
                                       const UI_METHOD *ui_method,
                                       void *ui_data)
{
    return ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data);
}

int OSSL_ENCODER_CTX_set_pem_password_cb(OSSL_ENCODER_CTX *ctx,
                                         pem_password_cb *cb, void *cbarg)
{
    return ossl_pw_set_pem_password_cb(&ctx->pwdata, cb, cbarg);
}

int OSSL_ENCODER_CTX_set_passphrase_cb(OSSL_ENCODER_CTX *ctx,
                                       OSSL_PASSPHRASE_CALLBACK *cb,
                                       void *cbarg)
{
    return ossl_pw_set_ossl_passphrase_cb(&ctx->pwdata, cb, cbarg);
}

/*
 * Support for OSSL_ENCODER_CTX_new_for_type:
 * finding a suitable encoder
 */

struct collected_encoder_st {
    STACK_OF(OPENSSL_CSTRING) *names;
    const char *output_structure;
    const char *output_type;

    const OSSL_PROVIDER *keymgmt_prov;
    OSSL_ENCODER_CTX *ctx;
    unsigned int flag_find_same_provider:1;

    int error_occurred;
};

static void collect_encoder(OSSL_ENCODER *encoder, void *arg)
{
    struct collected_encoder_st *data = arg;
    size_t i, end_i;

    if (data->error_occurred)
        return;

    data->error_occurred = 1;     /* Assume the worst */

    if (data->names == NULL)
        return;

    end_i = sk_OPENSSL_CSTRING_num(data->names);
    for (i = 0; i < end_i; i++) {
        const char *name = sk_OPENSSL_CSTRING_value(data->names, i);
        const OSSL_PROVIDER *prov = OSSL_ENCODER_get0_provider(encoder);
        void *provctx = OSSL_PROVIDER_get0_provider_ctx(prov);

        /*
         * collect_encoder() is called in two passes, one where the encoders
         * from the same provider as the keymgmt are looked up, and one where
         * the other encoders are looked up.  |data->flag_find_same_provider|
         * tells us which pass we're in.
         */
        if ((data->keymgmt_prov == prov) != data->flag_find_same_provider)
            continue;

        if (!OSSL_ENCODER_is_a(encoder, name)
            || (encoder->does_selection != NULL
                && !encoder->does_selection(provctx, data->ctx->selection))
            || (data->keymgmt_prov != prov
                && encoder->import_object == NULL))
            continue;

        /* Only add each encoder implementation once */
        if (OSSL_ENCODER_CTX_add_encoder(data->ctx, encoder))
            break;
    }

    data->error_occurred = 0;         /* All is good now */
}

struct collected_names_st {
    STACK_OF(OPENSSL_CSTRING) *names;
    unsigned int error_occurred:1;
};

static void collect_name(const char *name, void *arg)
{
    struct collected_names_st *data = arg;

    if (data->error_occurred)
        return;

    data->error_occurred = 1;         /* Assume the worst */

    if (sk_OPENSSL_CSTRING_push(data->names, name) <= 0)
        return;

    data->error_occurred = 0;         /* All is good now */
}

/*
 * Support for OSSL_ENCODER_to_bio:
 * writing callback for the OSSL_PARAM (the implementation doesn't have
 * intimate knowledge of the provider side object)
 */

struct construct_data_st {
    const EVP_PKEY *pk;
    int selection;

    OSSL_ENCODER_INSTANCE *encoder_inst;
    const void *obj;
    void *constructed_obj;
};

static int encoder_import_cb(const OSSL_PARAM params[], void *arg)
{
    struct construct_data_st *construct_data = arg;
    OSSL_ENCODER_INSTANCE *encoder_inst = construct_data->encoder_inst;
    OSSL_ENCODER *encoder = OSSL_ENCODER_INSTANCE_get_encoder(encoder_inst);
    void *encoderctx = OSSL_ENCODER_INSTANCE_get_encoder_ctx(encoder_inst);

    construct_data->constructed_obj =
        encoder->import_object(encoderctx, construct_data->selection, params);

    return (construct_data->constructed_obj != NULL);
}

static const void *
encoder_construct_pkey(OSSL_ENCODER_INSTANCE *encoder_inst, void *arg)
{
    struct construct_data_st *data = arg;

    if (data->obj == NULL) {
        OSSL_ENCODER *encoder =
            OSSL_ENCODER_INSTANCE_get_encoder(encoder_inst);
        const EVP_PKEY *pk = data->pk;
        const OSSL_PROVIDER *k_prov = EVP_KEYMGMT_get0_provider(pk->keymgmt);
        const OSSL_PROVIDER *e_prov = OSSL_ENCODER_get0_provider(encoder);

        if (k_prov != e_prov) {
            int selection = data->selection;

            if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
                selection |= OSSL_KEYMGMT_SELECT_PUBLIC_KEY;
            data->encoder_inst = encoder_inst;

            if (!evp_keymgmt_export(pk->keymgmt, pk->keydata, selection,
                                    &encoder_import_cb, data))
                return NULL;
            data->obj = data->constructed_obj;
        } else {
            data->obj = pk->keydata;
        }
    }

    return data->obj;
}

static void encoder_destruct_pkey(void *arg)
{
    struct construct_data_st *data = arg;
    int match = (data->obj == data->constructed_obj);

    if (data->encoder_inst != NULL) {
        OSSL_ENCODER *encoder =
            OSSL_ENCODER_INSTANCE_get_encoder(data->encoder_inst);

        encoder->free_object(data->constructed_obj);
    }
    data->constructed_obj = NULL;
    if (match)
        data->obj = NULL;
}

/*
 * OSSL_ENCODER_CTX_new_for_pkey() returns a ctx with no encoder if
 * it couldn't find a suitable encoder.  This allows a caller to detect if
 * a suitable encoder was found, with OSSL_ENCODER_CTX_get_num_encoder(),
 * and to use fallback methods if the result is NULL.
 */
static int ossl_encoder_ctx_setup_for_pkey(OSSL_ENCODER_CTX *ctx,
                                           const EVP_PKEY *pkey,
                                           int selection,
                                           const char *propquery)
{
    struct construct_data_st *data = NULL;
    const OSSL_PROVIDER *prov = NULL;
    OSSL_LIB_CTX *libctx = NULL;
    int ok = 0;

    if (!ossl_assert(ctx != NULL) || !ossl_assert(pkey != NULL)) {
        ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER);
        return 0;
    }

    if (evp_pkey_is_provided(pkey)) {
        prov = EVP_KEYMGMT_get0_provider(pkey->keymgmt);
        libctx = ossl_provider_libctx(prov);
    }

    if (pkey->keymgmt != NULL) {
        struct collected_encoder_st encoder_data;
        struct collected_names_st keymgmt_data;

        if ((data = OPENSSL_zalloc(sizeof(*data))) == NULL) {
            ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_MALLOC_FAILURE);
            goto err;
        }

        /*
         * Select the first encoder implementations in two steps.
         * First, collect the keymgmt names, then the encoders that match.
         */
        keymgmt_data.names = sk_OPENSSL_CSTRING_new_null();
        if (keymgmt_data.names == NULL) {
            ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_MALLOC_FAILURE);
            goto err;
        }

        keymgmt_data.error_occurred = 0;
        EVP_KEYMGMT_names_do_all(pkey->keymgmt, collect_name, &keymgmt_data);
        if (keymgmt_data.error_occurred) {
            sk_OPENSSL_CSTRING_free(keymgmt_data.names);
            goto err;
        }

        encoder_data.names = keymgmt_data.names;
        encoder_data.output_type = ctx->output_type;
        encoder_data.output_structure = ctx->output_structure;
        encoder_data.error_occurred = 0;
        encoder_data.keymgmt_prov = prov;
        encoder_data.ctx = ctx;

        /*
         * Place the encoders with the a different provider as the keymgmt
         * last (the chain is processed in reverse order)
         */
        encoder_data.flag_find_same_provider = 0;
        OSSL_ENCODER_do_all_provided(libctx, collect_encoder, &encoder_data);

        /*
         * Place the encoders with the same provider as the keymgmt first
         * (the chain is processed in reverse order)
         */
        encoder_data.flag_find_same_provider = 1;
        OSSL_ENCODER_do_all_provided(libctx, collect_encoder, &encoder_data);

        sk_OPENSSL_CSTRING_free(keymgmt_data.names);
        if (encoder_data.error_occurred) {
            ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_MALLOC_FAILURE);
            goto err;
        }
    }

    if (data != NULL && OSSL_ENCODER_CTX_get_num_encoders(ctx) != 0) {
        if (!OSSL_ENCODER_CTX_set_construct(ctx, encoder_construct_pkey)
            || !OSSL_ENCODER_CTX_set_construct_data(ctx, data)
            || !OSSL_ENCODER_CTX_set_cleanup(ctx, encoder_destruct_pkey))
            goto err;

        data->pk = pkey;
        data->selection = selection;

        data = NULL;             /* Avoid it being freed */
    }

    ok = 1;
 err:
    if (data != NULL) {
        OSSL_ENCODER_CTX_set_construct_data(ctx, NULL);
        OPENSSL_free(data);
    }
    return ok;
}

OSSL_ENCODER_CTX *OSSL_ENCODER_CTX_new_for_pkey(const EVP_PKEY *pkey,
                                                int selection,
                                                const char *output_type,
                                                const char *output_struct,
                                                const char *propquery)
{
    OSSL_ENCODER_CTX *ctx = NULL;
    OSSL_LIB_CTX *libctx = NULL;

    if (pkey == NULL) {
        ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER);
        return NULL;
    }

    if (!evp_pkey_is_assigned(pkey)) {
        ERR_raise_data(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_INVALID_ARGUMENT,
                       "The passed EVP_PKEY must be assigned a key");
        return NULL;
    }

    if ((ctx = OSSL_ENCODER_CTX_new()) == NULL) {
        ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_MALLOC_FAILURE);
        return NULL;
    }

    if (evp_pkey_is_provided(pkey)) {
        const OSSL_PROVIDER *prov = EVP_KEYMGMT_get0_provider(pkey->keymgmt);

        libctx = ossl_provider_libctx(prov);
    }

    OSSL_TRACE_BEGIN(ENCODER) {
        BIO_printf(trc_out,
                   "(ctx %p) Looking for %s encoders with selection %d\n",
                   (void *)ctx, EVP_PKEY_get0_type_name(pkey), selection);
        BIO_printf(trc_out, "    output type: %s, output structure: %s\n",
                   output_type, output_struct);
    } OSSL_TRACE_END(ENCODER);

    if (OSSL_ENCODER_CTX_set_output_type(ctx, output_type)
        && (output_struct == NULL
            || OSSL_ENCODER_CTX_set_output_structure(ctx, output_struct))
        && OSSL_ENCODER_CTX_set_selection(ctx, selection)
        && ossl_encoder_ctx_setup_for_pkey(ctx, pkey, selection, propquery)
        && OSSL_ENCODER_CTX_add_extra(ctx, libctx, propquery)) {
        OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
        int save_parameters = pkey->save_parameters;

        params[0] = OSSL_PARAM_construct_int(OSSL_ENCODER_PARAM_SAVE_PARAMETERS,
                                             &save_parameters);
        /* ignoring error as this is only auxiliary parameter */
        (void)OSSL_ENCODER_CTX_set_params(ctx, params);

        OSSL_TRACE_BEGIN(ENCODER) {
            BIO_printf(trc_out, "(ctx %p) Got %d encoders\n",
                       (void *)ctx, OSSL_ENCODER_CTX_get_num_encoders(ctx));
        } OSSL_TRACE_END(ENCODER);
        return ctx;
    }

    OSSL_ENCODER_CTX_free(ctx);
    return NULL;
}

Coverage Report

Created: 2025-06-13 06:58

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		#include <openssl/err.h>
11		#include <openssl/ui.h>
12		#include <openssl/params.h>
13		#include <openssl/encoder.h>
14		#include <openssl/core_names.h>
15		#include <openssl/provider.h>
16		#include <openssl/safestack.h>
17		#include <openssl/trace.h>
18		#include "internal/provider.h"
19		#include "internal/property.h"
20		#include "crypto/evp.h"
21		#include "encoder_local.h"
22
23		DEFINE_STACK_OF(OSSL_ENCODER)
24
25		int OSSL_ENCODER_CTX_set_cipher(OSSL_ENCODER_CTX *ctx,
26		const char *cipher_name,
27		const char *propquery)
28	0	{
29	0	OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END };
30
31	0	params[0] =
32	0	OSSL_PARAM_construct_utf8_string(OSSL_ENCODER_PARAM_CIPHER,
33	0	(void *)cipher_name, 0);
34	0	params[1] =
35	0	OSSL_PARAM_construct_utf8_string(OSSL_ENCODER_PARAM_PROPERTIES,
36	0	(void *)propquery, 0);
37
38	0	return OSSL_ENCODER_CTX_set_params(ctx, params);
39	0	}
40
41		int OSSL_ENCODER_CTX_set_passphrase(OSSL_ENCODER_CTX *ctx,
42		const unsigned char *kstr,
43		size_t klen)
44	0	{
45	0	return ossl_pw_set_passphrase(&ctx->pwdata, kstr, klen);
46	0	}
47
48		int OSSL_ENCODER_CTX_set_passphrase_ui(OSSL_ENCODER_CTX *ctx,
49		const UI_METHOD *ui_method,
50		void *ui_data)
51	0	{
52	0	return ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data);
53	0	}
54
55		int OSSL_ENCODER_CTX_set_pem_password_cb(OSSL_ENCODER_CTX *ctx,
56		pem_password_cb cb, void cbarg)
57	0	{
58	0	return ossl_pw_set_pem_password_cb(&ctx->pwdata, cb, cbarg);
59	0	}
60
61		int OSSL_ENCODER_CTX_set_passphrase_cb(OSSL_ENCODER_CTX *ctx,
62		OSSL_PASSPHRASE_CALLBACK *cb,
63		void *cbarg)
64	0	{
65	0	return ossl_pw_set_ossl_passphrase_cb(&ctx->pwdata, cb, cbarg);
66	0	}
67
68		/*
69		* Support for OSSL_ENCODER_CTX_new_for_type:
70		* finding a suitable encoder
71		*/
72
73		struct collected_encoder_st {
74		STACK_OF(OPENSSL_CSTRING) *names;
75		const char *output_structure;
76		const char *output_type;
77
78		const OSSL_PROVIDER *keymgmt_prov;
79		OSSL_ENCODER_CTX *ctx;
80		unsigned int flag_find_same_provider:1;
81
82		int error_occurred;
83		};
84
85		static void collect_encoder(OSSL_ENCODER encoder, void arg)
86	985k	{
87	985k	struct collected_encoder_st *data = arg;
88	985k	size_t i, end_i;
89
90	985k	if (data->error_occurred)
91	0	return;
92
93	985k	data->error_occurred = 1; /* Assume the worst */
94
95	985k	if (data->names == NULL)
96	0	return;
97
98	985k	end_i = sk_OPENSSL_CSTRING_num(data->names);
99	6.43M	for (i = 0; i < end_i; i++) {
100	5.49M	const char *name = sk_OPENSSL_CSTRING_value(data->names, i);
101	5.49M	const OSSL_PROVIDER *prov = OSSL_ENCODER_get0_provider(encoder);
102	5.49M	void *provctx = OSSL_PROVIDER_get0_provider_ctx(prov);
103
104		/*
105		* collect_encoder() is called in two passes, one where the encoders
106		* from the same provider as the keymgmt are looked up, and one where
107		* the other encoders are looked up. \|data->flag_find_same_provider\|
108		* tells us which pass we're in.
109		*/
110	5.49M	if ((data->keymgmt_prov == prov) != data->flag_find_same_provider)
111	2.85M	continue;
112
113	2.63M	if (!OSSL_ENCODER_is_a(encoder, name)
114	2.63M	\|\| (encoder->does_selection != NULL
115	120k	&& !encoder->does_selection(provctx, data->ctx->selection))
116	2.63M	\|\| (data->keymgmt_prov != prov
117	43.5k	&& encoder->import_object == NULL))
118	2.59M	continue;
119
120		/* Only add each encoder implementation once */
121	43.5k	if (OSSL_ENCODER_CTX_add_encoder(data->ctx, encoder))
122	43.5k	break;
123	43.5k	}
124
125	985k	data->error_occurred = 0; /* All is good now */
126	985k	}
127
128		struct collected_names_st {
129		STACK_OF(OPENSSL_CSTRING) *names;
130		unsigned int error_occurred:1;
131		};
132
133		static void collect_name(const char name, void arg)
134	205k	{
135	205k	struct collected_names_st *data = arg;
136
137	205k	if (data->error_occurred)
138	0	return;
139
140	205k	data->error_occurred = 1; /* Assume the worst */
141
142	205k	if (sk_OPENSSL_CSTRING_push(data->names, name) <= 0)
143	0	return;
144
145	205k	data->error_occurred = 0; /* All is good now */
146	205k	}
147
148		/*
149		* Support for OSSL_ENCODER_to_bio:
150		* writing callback for the OSSL_PARAM (the implementation doesn't have
151		* intimate knowledge of the provider side object)
152		*/
153
154		struct construct_data_st {
155		const EVP_PKEY *pk;
156		int selection;
157
158		OSSL_ENCODER_INSTANCE *encoder_inst;
159		const void *obj;
160		void *constructed_obj;
161		};
162
163		static int encoder_import_cb(const OSSL_PARAM params[], void *arg)
164	0	{
165	0	struct construct_data_st *construct_data = arg;
166	0	OSSL_ENCODER_INSTANCE *encoder_inst = construct_data->encoder_inst;
167	0	OSSL_ENCODER *encoder = OSSL_ENCODER_INSTANCE_get_encoder(encoder_inst);
168	0	void *encoderctx = OSSL_ENCODER_INSTANCE_get_encoder_ctx(encoder_inst);
169
170	0	construct_data->constructed_obj =
171	0	encoder->import_object(encoderctx, construct_data->selection, params);
172
173	0	return (construct_data->constructed_obj != NULL);
174	0	}
175
176		static const void *
177		encoder_construct_pkey(OSSL_ENCODER_INSTANCE encoder_inst, void arg)
178	43.6k	{
179	43.6k	struct construct_data_st *data = arg;
180
181	43.6k	if (data->obj == NULL) {
182	43.6k	OSSL_ENCODER *encoder =
183	43.6k	OSSL_ENCODER_INSTANCE_get_encoder(encoder_inst);
184	43.6k	const EVP_PKEY *pk = data->pk;
185	43.6k	const OSSL_PROVIDER *k_prov = EVP_KEYMGMT_get0_provider(pk->keymgmt);
186	43.6k	const OSSL_PROVIDER *e_prov = OSSL_ENCODER_get0_provider(encoder);
187
188	43.6k	if (k_prov != e_prov) {
189	0	int selection = data->selection;
190
191	0	if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
192	0	selection \|= OSSL_KEYMGMT_SELECT_PUBLIC_KEY;
193	0	data->encoder_inst = encoder_inst;
194
195	0	if (!evp_keymgmt_export(pk->keymgmt, pk->keydata, selection,
196	0	&encoder_import_cb, data))
197	0	return NULL;
198	0	data->obj = data->constructed_obj;
199	43.6k	} else {
200	43.6k	data->obj = pk->keydata;
201	43.6k	}
202	43.6k	}
203
204	43.6k	return data->obj;
205	43.6k	}
206
207		static void encoder_destruct_pkey(void *arg)
208	43.6k	{
209	43.6k	struct construct_data_st *data = arg;
210	43.6k	int match = (data->obj == data->constructed_obj);
211
212	43.6k	if (data->encoder_inst != NULL) {
213	0	OSSL_ENCODER *encoder =
214	0	OSSL_ENCODER_INSTANCE_get_encoder(data->encoder_inst);
215
216	0	encoder->free_object(data->constructed_obj);
217	0	}
218	43.6k	data->constructed_obj = NULL;
219	43.6k	if (match)
220	0	data->obj = NULL;
221	43.6k	}
222
223		/*
224		* OSSL_ENCODER_CTX_new_for_pkey() returns a ctx with no encoder if
225		* it couldn't find a suitable encoder. This allows a caller to detect if
226		* a suitable encoder was found, with OSSL_ENCODER_CTX_get_num_encoder(),
227		* and to use fallback methods if the result is NULL.
228		*/
229		static int ossl_encoder_ctx_setup_for_pkey(OSSL_ENCODER_CTX *ctx,
230		const EVP_PKEY *pkey,
231		int selection,
232		const char *propquery)
233	4.39k	{
234	4.39k	struct construct_data_st *data = NULL;
235	4.39k	const OSSL_PROVIDER *prov = NULL;
236	4.39k	OSSL_LIB_CTX *libctx = NULL;
237	4.39k	int ok = 0;
238
239	4.39k	if (!ossl_assert(ctx != NULL) \|\| !ossl_assert(pkey != NULL)) {
240	0	ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER);
241	0	return 0;
242	0	}
243
244	4.39k	if (evp_pkey_is_provided(pkey)) {
245	4.28k	prov = EVP_KEYMGMT_get0_provider(pkey->keymgmt);
246	4.28k	libctx = ossl_provider_libctx(prov);
247	4.28k	}
248
249	4.39k	if (pkey->keymgmt != NULL) {
250	4.28k	struct collected_encoder_st encoder_data;
251	4.28k	struct collected_names_st keymgmt_data;
252
253	4.28k	if ((data = OPENSSL_zalloc(sizeof(*data))) == NULL) {
254	0	ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_MALLOC_FAILURE);
255	0	goto err;
256	0	}
257
258		/*
259		* Select the first encoder implementations in two steps.
260		* First, collect the keymgmt names, then the encoders that match.
261		*/
262	4.28k	keymgmt_data.names = sk_OPENSSL_CSTRING_new_null();
263	4.28k	if (keymgmt_data.names == NULL) {
264	0	ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_MALLOC_FAILURE);
265	0	goto err;
266	0	}
267
268	4.28k	keymgmt_data.error_occurred = 0;
269	4.28k	EVP_KEYMGMT_names_do_all(pkey->keymgmt, collect_name, &keymgmt_data);
270	4.28k	if (keymgmt_data.error_occurred) {
271	0	sk_OPENSSL_CSTRING_free(keymgmt_data.names);
272	0	goto err;
273	0	}
274
275	4.28k	encoder_data.names = keymgmt_data.names;
276	4.28k	encoder_data.output_type = ctx->output_type;
277	4.28k	encoder_data.output_structure = ctx->output_structure;
278	4.28k	encoder_data.error_occurred = 0;
279	4.28k	encoder_data.keymgmt_prov = prov;
280	4.28k	encoder_data.ctx = ctx;
281
282		/*
283		* Place the encoders with the a different provider as the keymgmt
284		* last (the chain is processed in reverse order)
285		*/
286	4.28k	encoder_data.flag_find_same_provider = 0;
287	4.28k	OSSL_ENCODER_do_all_provided(libctx, collect_encoder, &encoder_data);
288
289		/*
290		* Place the encoders with the same provider as the keymgmt first
291		* (the chain is processed in reverse order)
292		*/
293	4.28k	encoder_data.flag_find_same_provider = 1;
294	4.28k	OSSL_ENCODER_do_all_provided(libctx, collect_encoder, &encoder_data);
295
296	4.28k	sk_OPENSSL_CSTRING_free(keymgmt_data.names);
297	4.28k	if (encoder_data.error_occurred) {
298	0	ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_MALLOC_FAILURE);
299	0	goto err;
300	0	}
301	4.28k	}
302
303	4.39k	if (data != NULL && OSSL_ENCODER_CTX_get_num_encoders(ctx) != 0) {
304	4.28k	if (!OSSL_ENCODER_CTX_set_construct(ctx, encoder_construct_pkey)
305	4.28k	\|\| !OSSL_ENCODER_CTX_set_construct_data(ctx, data)
306	4.28k	\|\| !OSSL_ENCODER_CTX_set_cleanup(ctx, encoder_destruct_pkey))
307	0	goto err;
308
309	4.28k	data->pk = pkey;
310	4.28k	data->selection = selection;
311
312	4.28k	data = NULL; /* Avoid it being freed */
313	4.28k	}
314
315	4.39k	ok = 1;
316	4.39k	err:
317	4.39k	if (data != NULL) {
318	0	OSSL_ENCODER_CTX_set_construct_data(ctx, NULL);
319	0	OPENSSL_free(data);
320	0	}
321	4.39k	return ok;
322	4.39k	}
323
324		OSSL_ENCODER_CTX OSSL_ENCODER_CTX_new_for_pkey(const EVP_PKEY pkey,
325		int selection,
326		const char *output_type,
327		const char *output_struct,
328		const char *propquery)
329	44.6k	{
330	44.6k	OSSL_ENCODER_CTX *ctx = NULL;
331	44.6k	OSSL_LIB_CTX *libctx = NULL;
332
333	44.6k	if (pkey == NULL) {
334	0	ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER);
335	0	return NULL;
336	0	}
337
338	44.6k	if (!evp_pkey_is_assigned(pkey)) {
339	0	ERR_raise_data(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_INVALID_ARGUMENT,
340	0	"The passed EVP_PKEY must be assigned a key");
341	0	return NULL;
342	0	}
343
344	44.6k	if ((ctx = OSSL_ENCODER_CTX_new()) == NULL) {
345	0	ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_MALLOC_FAILURE);
346	0	return NULL;
347	0	}
348
349	44.6k	if (evp_pkey_is_provided(pkey)) {
350	43.7k	const OSSL_PROVIDER *prov = EVP_KEYMGMT_get0_provider(pkey->keymgmt);
351
352	43.7k	libctx = ossl_provider_libctx(prov);
353	43.7k	}
354
355	44.6k	OSSL_TRACE_BEGIN(ENCODER) {
356	0	BIO_printf(trc_out,
357	0	"(ctx %p) Looking for %s encoders with selection %d\n",
358	0	(void *)ctx, EVP_PKEY_get0_type_name(pkey), selection);
359	0	BIO_printf(trc_out, " output type: %s, output structure: %s\n",
360	0	output_type, output_struct);
361	44.6k	} OSSL_TRACE_END(ENCODER);
362
363	44.6k	if (OSSL_ENCODER_CTX_set_output_type(ctx, output_type)
364	44.6k	&& (output_struct == NULL
365	44.6k	\|\| OSSL_ENCODER_CTX_set_output_structure(ctx, output_struct))
366	44.6k	&& OSSL_ENCODER_CTX_set_selection(ctx, selection)
367	44.6k	&& ossl_encoder_ctx_setup_for_pkey(ctx, pkey, selection, propquery)
368	44.6k	&& OSSL_ENCODER_CTX_add_extra(ctx, libctx, propquery)) {
369	44.6k	OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
370	44.6k	int save_parameters = pkey->save_parameters;
371
372	44.6k	params[0] = OSSL_PARAM_construct_int(OSSL_ENCODER_PARAM_SAVE_PARAMETERS,
373	44.6k	&save_parameters);
374		/* ignoring error as this is only auxiliary parameter */
375	44.6k	(void)OSSL_ENCODER_CTX_set_params(ctx, params);
376
377	44.6k	OSSL_TRACE_BEGIN(ENCODER) {
378	0	BIO_printf(trc_out, "(ctx %p) Got %d encoders\n",
379	0	(void *)ctx, OSSL_ENCODER_CTX_get_num_encoders(ctx));
380	44.6k	} OSSL_TRACE_END(ENCODER);
381	44.6k	return ctx;
382	44.6k	}
383
384	0	OSSL_ENCODER_CTX_free(ctx);
385	0	return NULL;
386	44.6k	}