From: Pauli <ppzgs1@gmail.com>
Date: Mon, 14 Jul 2025 00:57:54 +0000 (+1000)
Subject: cmac: convert CMAC to use param decoder
X-Git-Tag: openssl-3.6.0-alpha1~173
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=404f19838fa38fa3435b942d3cc356da8da10512;p=thirdparty%2Fopenssl.git

cmac: convert CMAC to use param decoder

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28142)
---

diff --git a/providers/implementations/macs/cmac_prov.c.in b/providers/implementations/macs/cmac_prov.c.in
index 36acf4d81b8..e8198842b81 100644
--- a/providers/implementations/macs/cmac_prov.c.in
+++ b/providers/implementations/macs/cmac_prov.c.in
@@ -6,6 +6,9 @@
  * in the file LICENSE in the source distribution or at
  * https://www.openssl.org/source/license.html
  */
+{-
+use OpenSSL::paramnames qw(produce_param_decoder);
+-}
 
 /*
  * CMAC low level APIs are deprecated for public use, but still ok for internal
@@ -21,6 +24,7 @@
 #include <openssl/err.h>
 #include <openssl/proverr.h>
 
+#include "internal/cryptlib.h"
 #include "prov/securitycheck.h"
 #include "prov/implementations.h"
 #include "prov/provider_ctx.h"
@@ -199,46 +203,50 @@ static int cmac_final(void *vmacctx, unsigned char *out, size_t *outl,
     return CMAC_Final(macctx->ctx, out, outl);
 }
 
-static const OSSL_PARAM known_gettable_ctx_params[] = {
-    OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL),
-    OSSL_PARAM_size_t(OSSL_MAC_PARAM_BLOCK_SIZE, NULL),
-    OSSL_FIPS_IND_GETTABLE_CTX_PARAM()
-    OSSL_PARAM_END
-};
+{- produce_param_decoder('cmac_get_ctx_params',
+                         (['MAC_PARAM_SIZE',                    'size',   'size_t'],
+                          ['MAC_PARAM_BLOCK_SIZE',              'bsize',  'size_t'],
+                          ['ALG_PARAM_FIPS_APPROVED_INDICATOR', 'ind',    'int'],
+                         )); -}
+
 static const OSSL_PARAM *cmac_gettable_ctx_params(ossl_unused void *ctx,
                                                   ossl_unused void *provctx)
 {
-    return known_gettable_ctx_params;
+    return cmac_get_ctx_params_list;
 }
 
 static int cmac_get_ctx_params(void *vmacctx, OSSL_PARAM params[])
 {
-    OSSL_PARAM *p;
+    struct cmac_data_st *macctx = vmacctx;
+    struct cmac_get_ctx_params_st p;
+
+    if (macctx == NULL || !cmac_get_ctx_params_decoder(params, &p))
+        return 0;
 
-    if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_SIZE)) != NULL
-            && !OSSL_PARAM_set_size_t(p, cmac_size(vmacctx)))
+    if (p.size != NULL && !OSSL_PARAM_set_size_t(p.size, cmac_size(vmacctx)))
         return 0;
 
-    if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_BLOCK_SIZE)) != NULL
-            && !OSSL_PARAM_set_size_t(p, cmac_size(vmacctx)))
+    if (p.bsize != NULL && !OSSL_PARAM_set_size_t(p.bsize, cmac_size(vmacctx)))
         return 0;
 
-    if (!OSSL_FIPS_IND_GET_CTX_PARAM((struct cmac_data_st *)vmacctx, params))
+    if (!OSSL_FIPS_IND_GET_CTX_FROM_PARAM(macctx, p.ind))
         return 0;
+
     return 1;
 }
 
-static const OSSL_PARAM known_settable_ctx_params[] = {
-    OSSL_PARAM_utf8_string(OSSL_MAC_PARAM_CIPHER, NULL, 0),
-    OSSL_PARAM_utf8_string(OSSL_MAC_PARAM_PROPERTIES, NULL, 0),
-    OSSL_PARAM_octet_string(OSSL_MAC_PARAM_KEY, NULL, 0),
-    OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_CIPHER_PARAM_FIPS_ENCRYPT_CHECK)
-    OSSL_PARAM_END
-};
+{- produce_param_decoder('cmac_set_ctx_params',
+                         (['MAC_PARAM_CIPHER',                'cipher', 'utf8_string'],
+                          ['ALG_PARAM_ENGINE',                'engine', 'utf8_string', 'hidden'],
+                          ['MAC_PARAM_PROPERTIES',            'propq',  'utf8_string'],
+                          ['MAC_PARAM_KEY',                   'key',    'octet_string'],
+                          ['CIPHER_PARAM_FIPS_ENCRYPT_CHECK', 'ind_ec', 'int'],
+                         )); -}
+
 static const OSSL_PARAM *cmac_settable_ctx_params(ossl_unused void *ctx,
                                                   ossl_unused void *provctx)
 {
-    return known_settable_ctx_params;
+    return cmac_set_ctx_params_list;
 }
 
 /*
@@ -247,19 +255,20 @@ static const OSSL_PARAM *cmac_settable_ctx_params(ossl_unused void *ctx,
 static int cmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[])
 {
     struct cmac_data_st *macctx = vmacctx;
-    OSSL_LIB_CTX *ctx = PROV_LIBCTX_OF(macctx->provctx);
-    const OSSL_PARAM *p;
+    OSSL_LIB_CTX *ctx;
+    struct cmac_set_ctx_params_st p;
+
+    if (macctx == NULL || !cmac_set_ctx_params_decoder(params, &p))
+        return 0;
 
-    if (ossl_param_is_empty(params))
-        return 1;
+    ctx = PROV_LIBCTX_OF(macctx->provctx);
 
-    if (!OSSL_FIPS_IND_SET_CTX_PARAM(macctx,
-                                     OSSL_FIPS_IND_SETTABLE0, params,
-                                     OSSL_CIPHER_PARAM_FIPS_ENCRYPT_CHECK))
+    if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(macctx, OSSL_FIPS_IND_SETTABLE0, p.ind_ec))
         return 0;
 
-    if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_CIPHER)) != NULL) {
-        if (!ossl_prov_cipher_load_from_params(&macctx->cipher, params, ctx))
+    if (p.cipher != NULL) {
+        if (!ossl_prov_cipher_load(&macctx->cipher, p.cipher, p.propq,
+                                   p.engine, ctx))
             return 0;
 
         if (EVP_CIPHER_get_mode(ossl_prov_cipher_cipher(&macctx->cipher))
@@ -282,10 +291,10 @@ static int cmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[])
 #endif
     }
 
-    if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_KEY)) != NULL) {
-        if (p->data_type != OSSL_PARAM_OCTET_STRING)
+    if (p.key != NULL) {
+        if (p.key->data_type != OSSL_PARAM_OCTET_STRING)
             return 0;
-        return cmac_setkey(macctx, p->data, p->data_size);
+        return cmac_setkey(macctx, p.key->data, p.key->data_size);
     }
     return 1;
 }