From: Pauli <ppzgs1@gmail.com>
Date: Wed, 6 Aug 2025 01:06:10 +0000 (+1000)
Subject: slh-dsa: convert to using a generated decoder
X-Git-Tag: openssl-3.6.0-alpha1~70
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4728227992948a9aba8f9729f6ee208d3b269539;p=thirdparty%2Fopenssl.git

slh-dsa: convert to using a generated decoder

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/28275)
---

diff --git a/crypto/slh_dsa/slh_dsa_key.c b/crypto/slh_dsa/slh_dsa_key.c
index 3462da2916c..a4deb81f185 100644
--- a/crypto/slh_dsa/slh_dsa_key.c
+++ b/crypto/slh_dsa/slh_dsa_key.c
@@ -244,11 +244,11 @@ int ossl_slh_dsa_key_pairwise_check(const SLH_DSA_KEY *key)
  *                        if it exists.
  * @returns 1 on success, or 0 on failure.
  */
-int ossl_slh_dsa_key_fromdata(SLH_DSA_KEY *key, const OSSL_PARAM params[],
+int ossl_slh_dsa_key_fromdata(SLH_DSA_KEY *key, const OSSL_PARAM *param_pub,
+                              const OSSL_PARAM *param_priv,
                               int include_private)
 {
     size_t priv_len, key_len, data_len = 0;
-    const OSSL_PARAM *param_priv = NULL, *param_pub = NULL;
     void *p;
 
     if (key == NULL)
@@ -261,7 +261,6 @@ int ossl_slh_dsa_key_fromdata(SLH_DSA_KEY *key, const OSSL_PARAM params[],
 
     /* Private key is optional */
     if (include_private) {
-        param_priv = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY);
         if (param_priv != NULL) {
             p = key->priv;
             if (!OSSL_PARAM_get_octet_string(param_priv, &p, priv_len, &data_len))
@@ -285,7 +284,6 @@ int ossl_slh_dsa_key_fromdata(SLH_DSA_KEY *key, const OSSL_PARAM params[],
      * the public key, (Keygen must be used for this case currently).
      */
     p = SLH_DSA_PUB(key);
-    param_pub = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY);
     if (param_pub == NULL
             || !OSSL_PARAM_get_octet_string(param_pub, &p, key_len, &data_len)
             || data_len != key_len)
diff --git a/include/crypto/slh_dsa.h b/include/crypto/slh_dsa.h
index 93e0b80fb68..e7a2ea84035 100644
--- a/include/crypto/slh_dsa.h
+++ b/include/crypto/slh_dsa.h
@@ -31,7 +31,8 @@ __owur int ossl_slh_dsa_key_equal(const SLH_DSA_KEY *key1, const SLH_DSA_KEY *ke
                                   int selection);
 __owur int ossl_slh_dsa_key_has(const SLH_DSA_KEY *key, int selection);
 __owur int ossl_slh_dsa_key_pairwise_check(const SLH_DSA_KEY *key);
-__owur int ossl_slh_dsa_key_fromdata(SLH_DSA_KEY *key, const OSSL_PARAM *params,
+__owur int ossl_slh_dsa_key_fromdata(SLH_DSA_KEY *key, const OSSL_PARAM *pub,
+                                     const OSSL_PARAM *param_priv,
                                      int include_private);
 __owur int ossl_slh_dsa_generate_key(SLH_DSA_HASH_CTX *ctx, SLH_DSA_KEY *out,
                                      OSSL_LIB_CTX *libctx,
diff --git a/providers/implementations/keymgmt/slh_dsa_kmgmt.c.in b/providers/implementations/keymgmt/slh_dsa_kmgmt.c.in
index 4da667bb36f..82683f466af 100644
--- a/providers/implementations/keymgmt/slh_dsa_kmgmt.c.in
+++ b/providers/implementations/keymgmt/slh_dsa_kmgmt.c.in
@@ -6,10 +6,14 @@
  * in the file LICENSE in the source distribution or at
  * https://www.openssl.org/source/license.html
  */
+{-
+use OpenSSL::paramnames qw(produce_param_decoder);
+-}
 
 #include <openssl/core_dispatch.h>
 #include <openssl/core_names.h>
 #include <openssl/param_build.h>
+#include <openssl/proverr.h>
 #include <openssl/self_test.h>
 #include "crypto/slh_dsa.h"
 #include "internal/fips.h"
@@ -101,48 +105,49 @@ static int slh_dsa_validate(const void *key_data, int selection, int check_type)
     return 1;
 }
 
+{- produce_param_decoder('slh_dsa_import',
+                         (['PKEY_PARAM_PUB_KEY',           'pub',     'octet_string'],
+                          ['PKEY_PARAM_PRIV_KEY',          'priv',    'octet_string'],
+                         )); -}
+
 static int slh_dsa_import(void *keydata, int selection, const OSSL_PARAM params[])
 {
     SLH_DSA_KEY *key = keydata;
     int include_priv;
+    struct slh_dsa_import_st p;
 
-    if (!ossl_prov_is_running() || key == NULL)
+    if (!ossl_prov_is_running()
+            || key == NULL
+            || !slh_dsa_import_decoder(params, &p))
         return 0;
 
     if ((selection & SLH_DSA_POSSIBLE_SELECTIONS) == 0)
         return 0;
 
     include_priv = ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0);
-    return ossl_slh_dsa_key_fromdata(key, params, include_priv);
+    return ossl_slh_dsa_key_fromdata(key, p.pub, p.priv, include_priv);
 }
 
-#define SLH_DSA_IMEXPORTABLE_PARAMETERS \
-    OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0), \
-    OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0)
-
-static const OSSL_PARAM slh_dsa_key_types[] = {
-    SLH_DSA_IMEXPORTABLE_PARAMETERS,
-    OSSL_PARAM_END
-};
 static const OSSL_PARAM *slh_dsa_imexport_types(int selection)
 {
     if ((selection & SLH_DSA_POSSIBLE_SELECTIONS) == 0)
         return NULL;
-    return slh_dsa_key_types;
+    return slh_dsa_import_list;
 }
 
-static const OSSL_PARAM slh_dsa_params[] = {
-    OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
-    OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
-    OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL),
-    OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_CATEGORY, NULL),
-    OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_MANDATORY_DIGEST, NULL, 0),
-    SLH_DSA_IMEXPORTABLE_PARAMETERS,
-    OSSL_PARAM_END
-};
+{- produce_param_decoder('slh_dsa_get_params',
+                         (['PKEY_PARAM_BITS',              'bits',    'int'],
+                          ['PKEY_PARAM_SECURITY_BITS',     'secbits', 'int'],
+                          ['PKEY_PARAM_MAX_SIZE',          'maxsize', 'int'],
+                          ['PKEY_PARAM_SECURITY_CATEGORY', 'seccat',  'int'],
+                          ['PKEY_PARAM_MANDATORY_DIGEST',  'mandgst', 'utf8_string'],
+                          ['PKEY_PARAM_PUB_KEY',           'pub',     'octet_string'],
+                          ['PKEY_PARAM_PRIV_KEY',          'priv',    'octet_string'],
+                         )); -}
+
 static const OSSL_PARAM *slh_dsa_gettable_params(void *provctx)
 {
-    return slh_dsa_params;
+    return slh_dsa_get_params_list;
 }
 
 static int key_to_params(SLH_DSA_KEY *key, OSSL_PARAM_BLD *tmpl,
@@ -172,36 +177,37 @@ static int key_to_params(SLH_DSA_KEY *key, OSSL_PARAM_BLD *tmpl,
 static int slh_dsa_get_params(void *keydata, OSSL_PARAM params[])
 {
     SLH_DSA_KEY *key = keydata;
-    OSSL_PARAM *p;
+    struct slh_dsa_get_params_st p;
     const uint8_t *pub, *priv;
 
-    if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL
-            && !OSSL_PARAM_set_size_t(p, 8 * ossl_slh_dsa_key_get_pub_len(key)))
+    if (key == NULL || !slh_dsa_get_params_decoder(params, &p))
+        return 0;
+
+    if (p.bits != NULL
+            && !OSSL_PARAM_set_size_t(p.bits, 8 * ossl_slh_dsa_key_get_pub_len(key)))
         return 0;
-    if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL
-            && !OSSL_PARAM_set_size_t(p, 8 * ossl_slh_dsa_key_get_n(key)))
+    if (p.secbits != NULL
+            && !OSSL_PARAM_set_size_t(p.secbits, 8 * ossl_slh_dsa_key_get_n(key)))
         return 0;
-    if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL
-            && !OSSL_PARAM_set_size_t(p, ossl_slh_dsa_key_get_sig_len(key)))
+    if (p.maxsize != NULL
+            && !OSSL_PARAM_set_size_t(p.maxsize, ossl_slh_dsa_key_get_sig_len(key)))
         return 0;
-    if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_CATEGORY)) != NULL
-            && !OSSL_PARAM_set_int(p, ossl_slh_dsa_key_get_security_category(key)))
+    if (p.seccat != NULL
+            && !OSSL_PARAM_set_int(p.seccat, ossl_slh_dsa_key_get_security_category(key)))
         return 0;
 
     priv = ossl_slh_dsa_key_get_priv(key);
     if (priv != NULL) {
-        p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_PRIV_KEY);
         /* Note: ossl_slh_dsa_key_get_priv_len() includes the public key */
-        if (p != NULL
-            && !OSSL_PARAM_set_octet_string(p, priv,
+        if (p.priv != NULL
+            && !OSSL_PARAM_set_octet_string(p.priv, priv,
                                             ossl_slh_dsa_key_get_priv_len(key)))
             return 0;
     }
     pub = ossl_slh_dsa_key_get_pub(key);
     if (pub != NULL) {
-        p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_PUB_KEY);
-        if (p != NULL
-            && !OSSL_PARAM_set_octet_string(p, pub,
+        if (p.pub != NULL
+            && !OSSL_PARAM_set_octet_string(p.pub, pub,
                                             ossl_slh_dsa_key_get_pub_len(key)))
             return 0;
     }
@@ -209,8 +215,7 @@ static int slh_dsa_get_params(void *keydata, OSSL_PARAM params[])
      * This allows apps to use an empty digest, so that the old API
      * for digest signing can be used.
      */
-    p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MANDATORY_DIGEST);
-    if (p != NULL && !OSSL_PARAM_set_utf8_string(p, ""))
+    if (p.mandgst != NULL && !OSSL_PARAM_set_utf8_string(p.mandgst, ""))
         return 0;
     return 1;
 }
@@ -364,31 +369,34 @@ static void *slh_dsa_gen(void *genctx, const char *alg)
     return NULL;
 }
 
+{- produce_param_decoder('slh_dsa_gen_set_params',
+                         (['PKEY_PARAM_PROPERTIES',   'propq', 'utf8_string'],
+                          ['PKEY_PARAM_SLH_DSA_SEED', 'seed',  'octet_string'],
+                         )); -}
+
 static int slh_dsa_gen_set_params(void *genctx, const OSSL_PARAM params[])
 {
     struct slh_dsa_gen_ctx *gctx = genctx;
-    const OSSL_PARAM *p;
+    struct slh_dsa_gen_set_params_st p;
 
-    if (gctx == NULL)
+    if (gctx == NULL || !slh_dsa_gen_set_params_decoder(params, &p))
         return 0;
 
-    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_SLH_DSA_SEED);
-    if (p != NULL) {
+    if (p.seed != NULL) {
         void *vp = gctx->entropy;
         size_t len = sizeof(gctx->entropy);
 
-        if (!OSSL_PARAM_get_octet_string(p, &vp, len, &(gctx->entropy_len))) {
+        if (!OSSL_PARAM_get_octet_string(p.seed, &vp, len, &(gctx->entropy_len))) {
             gctx->entropy_len = 0;
             return 0;
         }
     }
 
-    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PROPERTIES);
-    if (p != NULL) {
-        if (p->data_type != OSSL_PARAM_UTF8_STRING)
+    if (p.propq != NULL) {
+        if (p.propq->data_type != OSSL_PARAM_UTF8_STRING)
             return 0;
         OPENSSL_free(gctx->propq);
-        gctx->propq = OPENSSL_strdup(p->data);
+        gctx->propq = OPENSSL_strdup(p.propq->data);
         if (gctx->propq == NULL)
             return 0;
     }
@@ -398,12 +406,7 @@ static int slh_dsa_gen_set_params(void *genctx, const OSSL_PARAM params[])
 static const OSSL_PARAM *slh_dsa_gen_settable_params(ossl_unused void *genctx,
                                                      ossl_unused void *provctx)
 {
-    static OSSL_PARAM settable[] = {
-        OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_PROPERTIES, NULL, 0),
-        OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_SLH_DSA_SEED, NULL, 0),
-        OSSL_PARAM_END
-    };
-    return settable;
+    return slh_dsa_gen_set_params_list;
 }
 
 static void slh_dsa_gen_cleanup(void *genctx)