From: Pauli <ppzgs1@gmail.com>
Date: Tue, 1 Jul 2025 01:42:34 +0000 (+1000)
Subject: tls1prf: update to use generated param decoders
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=387c033a702fccc44d3782903e3384fc4d844d12;p=thirdparty%2Fopenssl.git

tls1prf: update to use generated param decoders

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27923)
---

diff --git a/providers/implementations/kdfs/tls1_prf.c.in b/providers/implementations/kdfs/tls1_prf.c.in
index 4563e19fadd..04c02609f63 100644
--- a/providers/implementations/kdfs/tls1_prf.c.in
+++ b/providers/implementations/kdfs/tls1_prf.c.in
@@ -72,6 +72,7 @@ use OpenSSL::paramnames qw(produce_param_decoder);
 #include "prov/provider_util.h"
 #include "prov/securitycheck.h"
 #include "internal/e_os.h"
+#include "internal/params.h"
 #include "internal/safe_math.h"
 
 OSSL_SAFE_MATH_UNSIGNED(size_t, size_t)
@@ -283,47 +284,63 @@ static int kdf_tls1_prf_derive(void *vctx, unsigned char *key, size_t keylen,
                         key, keylen);
 }
 
+{- produce_param_decoder('tls1prf_set_ctx_params',
+                         (['KDF_PARAM_PROPERTIES',        'propq',  'utf8_string'],
+                          ['ALG_PARAM_ENGINE',            'engine', 'utf8_string'],
+                          ['KDF_PARAM_DIGEST',            'digest', 'utf8_string'],
+                          ['KDF_PARAM_SECRET',            'secret', 'octet_string'],
+                          ['KDF_PARAM_SEED',              'seed',   'octet_string', 6],
+                          ['KDF_PARAM_FIPS_EMS_CHECK',    'ind_e',  'int'],
+                          ['KDF_PARAM_FIPS_DIGEST_CHECK', 'ind_d',  'int'],
+                          ['KDF_PARAM_FIPS_KEY_CHECK',    'ind_k',  'int'],
+                         )); -}
+
 static int kdf_tls1_prf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
 {
-    const OSSL_PARAM *p;
+    struct tls1prf_set_ctx_params_st p;
     TLS1_PRF *ctx = vctx;
     OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);
+    int i;
 
-    if (ossl_param_is_empty(params))
-        return 1;
+    if (ctx == NULL || !tls1prf_set_ctx_params_decoder(params, &p))
+        return 0;
 
-    if (!OSSL_FIPS_IND_SET_CTX_PARAM(ctx, OSSL_FIPS_IND_SETTABLE0, params,
-                                     OSSL_KDF_PARAM_FIPS_EMS_CHECK))
+    if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(ctx, OSSL_FIPS_IND_SETTABLE0, p.ind_e))
         return 0;
-    if (!OSSL_FIPS_IND_SET_CTX_PARAM(ctx, OSSL_FIPS_IND_SETTABLE1, params,
-                                     OSSL_KDF_PARAM_FIPS_DIGEST_CHECK))
+    if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(ctx, OSSL_FIPS_IND_SETTABLE1, p.ind_d))
         return 0;
-    if (!OSSL_FIPS_IND_SET_CTX_PARAM(ctx, OSSL_FIPS_IND_SETTABLE2, params,
-                                     OSSL_KDF_PARAM_FIPS_KEY_CHECK))
+    if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(ctx, OSSL_FIPS_IND_SETTABLE2, p.ind_k))
         return 0;
 
-    if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_DIGEST)) != NULL) {
+    if (p.digest != NULL) {
         PROV_DIGEST digest;
         const EVP_MD *md = NULL;
+        const char *dgst;
+
+        if (!OSSL_PARAM_get_utf8_string_ptr(p.digest, &dgst))
+            return 0;
 
-        if (OPENSSL_strcasecmp(p->data, SN_md5_sha1) == 0) {
-            if (!ossl_prov_macctx_load_from_params(&ctx->P_hash, params,
-                                                   OSSL_MAC_NAME_HMAC,
-                                                   NULL, SN_md5, libctx)
-                || !ossl_prov_macctx_load_from_params(&ctx->P_sha1, params,
-                                                      OSSL_MAC_NAME_HMAC,
-                                                      NULL, SN_sha1, libctx))
+        if (OPENSSL_strcasecmp(dgst, OSSL_DIGEST_NAME_MD5_SHA1) == 0) {
+            if (!ossl_prov_macctx_load(&ctx->P_hash, NULL, NULL, NULL,
+                                       p.propq, p.engine,
+                                       OSSL_MAC_NAME_HMAC, NULL,
+                                       OSSL_DIGEST_NAME_MD5, libctx))
+                return 0;
+            if (!ossl_prov_macctx_load(&ctx->P_sha1, NULL, NULL, NULL,
+                                       p.propq, p.engine,
+                                       OSSL_MAC_NAME_HMAC, NULL,
+                                       OSSL_DIGEST_NAME_SHA1, libctx))
                 return 0;
         } else {
             EVP_MAC_CTX_free(ctx->P_sha1);
-            if (!ossl_prov_macctx_load_from_params(&ctx->P_hash, params,
-                                                   OSSL_MAC_NAME_HMAC,
-                                                   NULL, NULL, libctx))
+            if (!ossl_prov_macctx_load(&ctx->P_hash, NULL, NULL, p.digest,
+                                       p.propq, p.engine,
+                                       OSSL_MAC_NAME_HMAC, NULL, NULL, libctx))
                 return 0;
         }
 
         memset(&digest, 0, sizeof(digest));
-        if (!ossl_prov_digest_load_from_params(&digest, params, libctx))
+        if (!ossl_prov_digest_load(&digest, p.digest, p.propq, p.engine, libctx))
             return 0;
 
         md = ossl_prov_digest_md(&digest);
@@ -343,10 +360,11 @@ static int kdf_tls1_prf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
         ossl_prov_digest_reset(&digest);
     }
 
-    if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SECRET)) != NULL) {
+    if (p.secret != NULL) {
         OPENSSL_clear_free(ctx->sec, ctx->seclen);
         ctx->sec = NULL;
-        if (!OSSL_PARAM_get_octet_string(p, (void **)&ctx->sec, 0, &ctx->seclen))
+        if (!OSSL_PARAM_get_octet_string(p.secret, (void **)&ctx->sec, 0,
+                                         &ctx->seclen))
             return 0;
 
 #ifdef FIPS_MODULE
@@ -354,18 +372,18 @@ static int kdf_tls1_prf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
             return 0;
 #endif
     }
-    /* The seed fields concatenate, so process them all */
-    if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SEED)) != NULL) {
-        for (; p != NULL; p = OSSL_PARAM_locate_const(p + 1,
-                                                      OSSL_KDF_PARAM_SEED)) {
-            if (p->data_size != 0 && p->data != NULL) {
+
+    /* The seed fields concatenate across set calls, so process them all */
+    if (p.num_seed > 0) {
+        for (i = 0; i < p.num_seed; i++) {
+            if (p.seed[i]->data_size != 0 && p.seed[i]->data != NULL) {
                 const void *val = NULL;
                 size_t sz = 0;
                 unsigned char *seed;
                 size_t seedlen;
                 int err = 0;
 
-                if (!OSSL_PARAM_get_octet_string_ptr(p, &val, &sz))
+                if (!OSSL_PARAM_get_octet_string_ptr(p.seed[i], &val, &sz))
                     return 0;
 
                 seedlen = safe_add_size_t(ctx->seedlen, sz, &err);
@@ -383,34 +401,33 @@ static int kdf_tls1_prf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
             }
         }
     }
+
     return 1;
 }
 
 static const OSSL_PARAM *kdf_tls1_prf_settable_ctx_params(
         ossl_unused void *ctx, ossl_unused void *provctx)
 {
-    static const OSSL_PARAM known_settable_ctx_params[] = {
-        OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_PROPERTIES, NULL, 0),
-        OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_DIGEST, NULL, 0),
-        OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SECRET, NULL, 0),
-        OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SEED, NULL, 0),
-        OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_KDF_PARAM_FIPS_EMS_CHECK)
-        OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_KDF_PARAM_FIPS_DIGEST_CHECK)
-        OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_KDF_PARAM_FIPS_KEY_CHECK)
-        OSSL_PARAM_END
-    };
-    return known_settable_ctx_params;
+    return tls1prf_set_ctx_params_list;
 }
 
+{- produce_param_decoder('tls1prf_get_ctx_params',
+                         (['KDF_PARAM_SIZE',                    'size', 'size_t'],
+                          ['KDF_PARAM_FIPS_APPROVED_INDICATOR', 'ind',  'int'],
+                         )); -}
+
 static int kdf_tls1_prf_get_ctx_params(void *vctx, OSSL_PARAM params[])
 {
-    OSSL_PARAM *p;
+    struct tls1prf_get_ctx_params_st p;
+    TLS1_PRF *ctx = (TLS1_PRF *)vctx;
 
-    if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) {
-        if (!OSSL_PARAM_set_size_t(p, SIZE_MAX))
-            return 0;
-    }
-    if (!OSSL_FIPS_IND_GET_CTX_PARAM(((TLS1_PRF *)vctx), params))
+    if (ctx == NULL || !tls1prf_get_ctx_params_decoder(params, &p))
+        return 0;
+
+    if (p.size != NULL && !OSSL_PARAM_set_size_t(p.size, SIZE_MAX))
+        return 0;
+
+    if (!OSSL_FIPS_IND_GET_CTX_FROM_PARAM(ctx, p.ind))
         return 0;
     return 1;
 }
@@ -418,12 +435,7 @@ static int kdf_tls1_prf_get_ctx_params(void *vctx, OSSL_PARAM params[])
 static const OSSL_PARAM *kdf_tls1_prf_gettable_ctx_params(
         ossl_unused void *ctx, ossl_unused void *provctx)
 {
-    static const OSSL_PARAM known_gettable_ctx_params[] = {
-        OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
-        OSSL_FIPS_IND_GETTABLE_CTX_PARAM()
-        OSSL_PARAM_END
-    };
-    return known_gettable_ctx_params;
+    return tls1prf_get_ctx_params_list;
 }
 
 const OSSL_DISPATCH ossl_kdf_tls1_prf_functions[] = {