PROV: Add type specific PKCS#8 decoding to the DER->key decoders

This required refactoring a number of functions from the diverse
EVP_PKEY_ASN1_METHOD implementations to become shared backend
functions.  It also meant modifying a few of them to return pointers
to our internal RSA / DSA/ DH / EC_KEY, ... structures instead of
manipulating an EVP_PKEY pointer directly, letting the caller do the
latter.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14314)

7 files changed, 46 insertions, 1 deletions

diff --git a/include/crypto/dh.h b/include/crypto/dh.h
index d8b597a0f1..b16ac8f42f 100644
--- a/include/crypto/dh.h
+++ b/include/crypto/dh.h
@@ -14,6 +14,7 @@
 # include <openssl/core.h>
 # include <openssl/params.h>
 # include <openssl/dh.h>
+# include <openssl/x509.h>
 # include "internal/ffc.h"
 
 DH *ossl_dh_new_by_nid_ex(OSSL_LIB_CTX *libctx, int nid);
@@ -35,6 +36,8 @@ int ossl_dh_params_fromdata(DH *dh, const OSSL_PARAM params[]);
 int ossl_dh_key_fromdata(DH *dh, const OSSL_PARAM params[]);
 int ossl_dh_params_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]);
 int ossl_dh_key_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]);
+DH *ossl_dh_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf,
+                           OSSL_LIB_CTX *libctx, const char *propq);
 
 int ossl_dh_check_pub_key_partial(const DH *dh, const BIGNUM *pub_key, int *ret);
 int ossl_dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret);
diff --git a/include/crypto/dsa.h b/include/crypto/dsa.h
index 0c15c51da0..38c49c3295 100644
--- a/include/crypto/dsa.h
+++ b/include/crypto/dsa.h
@@ -13,6 +13,7 @@
 
 # include <openssl/core.h>
 # include <openssl/dsa.h>
+# include <openssl/x509.h>
 # include "internal/ffc.h"
 
 #define DSA_PARAMGEN_TYPE_FIPS_186_4   0   /* Use FIPS186-4 standard */
@@ -31,6 +32,8 @@ int ossl_dsa_sign_int(int type, const unsigned char *dgst, int dlen,
 FFC_PARAMS *ossl_dsa_get0_params(DSA *dsa);
 int ossl_dsa_ffc_params_fromdata(DSA *dsa, const OSSL_PARAM params[]);
 int ossl_dsa_key_fromdata(DSA *dsa, const OSSL_PARAM params[]);
+DSA *ossl_dsa_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf,
+                             OSSL_LIB_CTX *libctx, const char *propq);
 
 int ossl_dsa_generate_public_key(BN_CTX *ctx, const DSA *dsa,
                                  const BIGNUM *priv_key, BIGNUM *pub_key);
diff --git a/include/crypto/ec.h b/include/crypto/ec.h
index a3d87e9d1a..c679fd8d11 100644
--- a/include/crypto/ec.h
+++ b/include/crypto/ec.h
@@ -25,6 +25,7 @@ int evp_pkey_ctx_set_ec_param_enc_prov(EVP_PKEY_CTX *ctx, int param_enc);
 # ifndef OPENSSL_NO_EC
 #  include <openssl/core.h>
 #  include <openssl/ec.h>
+#  include <openssl/x509.h>
 #  include "crypto/types.h"
 
 /*-
@@ -78,6 +79,12 @@ int ossl_ec_group_set_params(EC_GROUP *group, const OSSL_PARAM params[]);
 int ossl_ec_key_fromdata(EC_KEY *ecx, const OSSL_PARAM params[],
                          int include_private);
 int ossl_ec_key_otherparams_fromdata(EC_KEY *ec, const OSSL_PARAM params[]);
+EC_KEY *ossl_ec_key_param_from_x509_algor(const X509_ALGOR *palg,
+                                          OSSL_LIB_CTX *libctx,
+                                          const char *propq);
+EC_KEY *ossl_ec_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf,
+                               OSSL_LIB_CTX *libctx, const char *propq);
+
 int ossl_ec_set_ecdh_cofactor_mode(EC_KEY *ec, int mode);
 int ossl_ec_encoding_name2id(const char *name);
 int ossl_ec_encoding_param2id(const OSSL_PARAM *p, int *id);
diff --git a/include/crypto/ecx.h b/include/crypto/ecx.h
index 101a5748e8..dfc70fb4e6 100644
--- a/include/crypto/ecx.h
+++ b/include/crypto/ecx.h
@@ -20,7 +20,9 @@
 #  include <openssl/core.h>
 #  include <openssl/e_os2.h>
 #  include <openssl/crypto.h>
+#  include <openssl/x509.h>
 #  include "internal/refcount.h"
+#  include "crypto/types.h"
 
 #  define X25519_KEYLEN         32
 #  define X448_KEYLEN           56
@@ -76,6 +78,7 @@ struct ecx_key_st {
 
 typedef struct ecx_key_st ECX_KEY;
 
+size_t ossl_ecx_key_length(ECX_KEY_TYPE type);
 ECX_KEY *ossl_ecx_key_new(OSSL_LIB_CTX *libctx, ECX_KEY_TYPE type,
                           int haspubkey, const char *propq);
 void ossl_ecx_key_set0_libctx(ECX_KEY *key, OSSL_LIB_CTX *libctx);
@@ -124,9 +127,22 @@ ossl_x448_public_from_private(uint8_t out_public_value[56],
 
 
 /* Backend support */
+typedef enum {
+    KEY_OP_PUBLIC,
+    KEY_OP_PRIVATE,
+    KEY_OP_KEYGEN
+} ecx_key_op_t;
+
+ECX_KEY *ossl_ecx_key_op(const X509_ALGOR *palg,
+                         const unsigned char *p, int plen,
+                         int pkey_id, ecx_key_op_t op,
+                         OSSL_LIB_CTX *libctx, const char *propq);
+
 int ossl_ecx_public_from_private(ECX_KEY *key);
 int ossl_ecx_key_fromdata(ECX_KEY *ecx, const OSSL_PARAM params[],
                           int include_private);
+ECX_KEY *ossl_ecx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf,
+                                 OSSL_LIB_CTX *libctx, const char *propq);
 
 ECX_KEY *ossl_evp_pkey_get1_X25519(EVP_PKEY *pkey);
 ECX_KEY *ossl_evp_pkey_get1_X448(EVP_PKEY *pkey);
diff --git a/include/crypto/rsa.h b/include/crypto/rsa.h
index 7fca88dfe4..69fa8a4d8a 100644
--- a/include/crypto/rsa.h
+++ b/include/crypto/rsa.h
@@ -13,6 +13,7 @@
 
 # include <openssl/core.h>
 # include <openssl/rsa.h>
+# include <openssl/x509.h>
 # include "crypto/types.h"
 
 typedef struct rsa_pss_params_30_st {
@@ -69,6 +70,14 @@ int ossl_rsa_pss_params_30_fromdata(RSA_PSS_PARAMS_30 *pss_params,
                                     int *defaults_set,
                                     const OSSL_PARAM params[],
                                     OSSL_LIB_CTX *libctx);
+int ossl_rsa_set0_pss_params(RSA *r, RSA_PSS_PARAMS *pss);
+int ossl_rsa_pss_get_param_unverified(const RSA_PSS_PARAMS *pss,
+                                      const EVP_MD **pmd, const EVP_MD **pmgf1md,
+                                      int *psaltlen, int *ptrailerField);
+RSA_PSS_PARAMS *ossl_rsa_pss_decode(const X509_ALGOR *alg);
+int ossl_rsa_param_decode(RSA *rsa, const X509_ALGOR *alg);
+RSA *ossl_rsa_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf,
+                             OSSL_LIB_CTX *libctx, const char *propq);
 
 int ossl_rsa_padding_check_PKCS1_type_2_TLS(OSSL_LIB_CTX *ctx, unsigned char *to,
                                             size_t tlen,
@@ -113,4 +122,5 @@ void ossl_rsa_acvp_test_free(RSA_ACVP_TEST *t);
 # define RSA_ACVP_TEST void
 # endif
 
+RSA *evp_pkey_get1_RSA_PSS(EVP_PKEY *pkey);
 #endif
diff --git a/include/crypto/types.h b/include/crypto/types.h
index 275d1d36c1..13a5f9ce1d 100644
--- a/include/crypto/types.h
+++ b/include/crypto/types.h
@@ -12,6 +12,12 @@
 #ifdef OPENSSL_NO_DEPRECATED_3_0
 typedef struct rsa_st RSA;
 typedef struct rsa_meth_st RSA_METHOD;
+# ifndef OPENSSL_NO_EC
 typedef struct ec_key_st EC_KEY;
 typedef struct ec_key_method_st EC_KEY_METHOD;
+# endif
+#endif
+
+#ifndef OPENSSL_NO_EC
+typedef struct ecx_key_st ECX_KEY;
 #endif
diff --git a/include/crypto/x509.h b/include/crypto/x509.h
index e0997a4712..98aea5f1fd 100644
--- a/include/crypto/x509.h
+++ b/include/crypto/x509.h
@@ -14,7 +14,7 @@
 # include "internal/refcount.h"
 # include <openssl/asn1.h>
 # include <openssl/x509.h>
-# include "crypto/ecx.h"
+# include "crypto/types.h"
 
 /* Internal X509 structures and functions: not for application use */