From aad2304aa9001846480c790f4efb2c2fd74afd2e Mon Sep 17 00:00:00 2001 From: Pauli Date: Mon, 14 Jul 2025 09:56:00 +1000 Subject: [PATCH] hmac: convert HMAC to use param decoder Reviewed-by: Paul Yang Reviewed-by: Shane Lontis Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/28142) --- providers/implementations/macs/hmac_prov.c.in | 84 ++++++++++--------- 1 file changed, 45 insertions(+), 39 deletions(-) diff --git a/providers/implementations/macs/hmac_prov.c.in b/providers/implementations/macs/hmac_prov.c.in index 0f33a3cb86e..444257ea799 100644 --- a/providers/implementations/macs/hmac_prov.c.in +++ b/providers/implementations/macs/hmac_prov.c.in @@ -6,6 +6,9 @@ * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ +{- +use OpenSSL::paramnames qw(produce_param_decoder); +-} /* * HMAC low level APIs are deprecated for public use, but still ok for internal @@ -24,6 +27,7 @@ #include #include "internal/ssl3_cbc.h" +#include "internal/cryptlib.h" #include "prov/implementations.h" #include "prov/provider_ctx.h" @@ -266,57 +270,58 @@ static int hmac_final(void *vmacctx, unsigned char *out, size_t *outl, return 1; } -static const OSSL_PARAM known_gettable_ctx_params[] = { - OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL), - OSSL_PARAM_size_t(OSSL_MAC_PARAM_BLOCK_SIZE, NULL), - OSSL_FIPS_IND_GETTABLE_CTX_PARAM() - OSSL_PARAM_END -}; +{- produce_param_decoder('hmac_get_ctx_params', + (['MAC_PARAM_SIZE', 'size', 'size_t'], + ['MAC_PARAM_BLOCK_SIZE', 'bsize', 'size_t'], + ['ALG_PARAM_FIPS_APPROVED_INDICATOR', 'ind', 'int'], + )); -} + static const OSSL_PARAM *hmac_gettable_ctx_params(ossl_unused void *ctx, ossl_unused void *provctx) { - return known_gettable_ctx_params; + return hmac_get_ctx_params_list; } static int hmac_get_ctx_params(void *vmacctx, OSSL_PARAM params[]) { struct hmac_data_st *macctx = vmacctx; - OSSL_PARAM *p; + struct hmac_get_ctx_params_st p; + + if (macctx == NULL || !hmac_get_ctx_params_decoder(params, &p)) + return 0; - if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_SIZE)) != NULL - && !OSSL_PARAM_set_size_t(p, hmac_size(macctx))) + if (p.size != NULL && !OSSL_PARAM_set_size_t(p.size, hmac_size(macctx))) return 0; - if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_BLOCK_SIZE)) != NULL - && !OSSL_PARAM_set_int(p, hmac_block_size(macctx))) + if (p.bsize != NULL && !OSSL_PARAM_set_int(p.bsize, hmac_block_size(macctx))) return 0; #ifdef FIPS_MODULE - p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_FIPS_APPROVED_INDICATOR); - if (p != NULL) { + if (p.ind != NULL) { int approved = 0; if (!macctx->internal) approved = OSSL_FIPS_IND_GET(macctx)->approved; - if (!OSSL_PARAM_set_int(p, approved)) + if (!OSSL_PARAM_set_int(p.ind, approved)) return 0; } #endif return 1; } -static const OSSL_PARAM known_settable_ctx_params[] = { - OSSL_PARAM_utf8_string(OSSL_MAC_PARAM_DIGEST, NULL, 0), - OSSL_PARAM_utf8_string(OSSL_MAC_PARAM_PROPERTIES, NULL, 0), - OSSL_PARAM_octet_string(OSSL_MAC_PARAM_KEY, NULL, 0), - OSSL_PARAM_size_t(OSSL_MAC_PARAM_TLS_DATA_SIZE, NULL), - OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_MAC_PARAM_FIPS_KEY_CHECK) - OSSL_PARAM_END -}; +{- produce_param_decoder('hmac_set_ctx_params', + (['MAC_PARAM_DIGEST', 'digest', 'utf8_string'], + ['ALG_PARAM_ENGINE', 'engine', 'utf8_string', 'hidden'], + ['MAC_PARAM_PROPERTIES', 'propq', 'utf8_string'], + ['MAC_PARAM_KEY', 'key', 'octet_string'], + ['MAC_PARAM_TLS_DATA_SIZE', 'tlssize', 'size_t'], + ['MAC_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int'], + )); -} + static const OSSL_PARAM *hmac_settable_ctx_params(ossl_unused void *ctx, ossl_unused void *provctx) { - return known_settable_ctx_params; + return hmac_set_ctx_params_list; } /* @@ -325,32 +330,33 @@ static const OSSL_PARAM *hmac_settable_ctx_params(ossl_unused void *ctx, static int hmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[]) { struct hmac_data_st *macctx = vmacctx; - OSSL_LIB_CTX *ctx = PROV_LIBCTX_OF(macctx->provctx); - const OSSL_PARAM *p; + OSSL_LIB_CTX *ctx; + struct hmac_set_ctx_params_st p; - if (ossl_param_is_empty(params)) - return 1; + if (macctx == NULL || !hmac_set_ctx_params_decoder(params, &p)) + return 0; + + ctx = PROV_LIBCTX_OF(macctx->provctx); - if (!OSSL_FIPS_IND_SET_CTX_PARAM(macctx, OSSL_FIPS_IND_SETTABLE0, params, - OSSL_MAC_PARAM_FIPS_KEY_CHECK)) + if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(macctx, OSSL_FIPS_IND_SETTABLE0, p.ind_k)) return 0; - if (!ossl_prov_digest_load_from_params(&macctx->digest, params, ctx)) + if (p.digest != NULL + && !ossl_prov_digest_load(&macctx->digest, p.digest, p.propq, + p.engine, ctx)) return 0; - if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_KEY)) != NULL) { - if (p->data_type != OSSL_PARAM_OCTET_STRING) + if (p.key != NULL) { + if (p.key->data_type != OSSL_PARAM_OCTET_STRING) return 0; - if (!hmac_setkey(macctx, p->data, p->data_size)) + if (!hmac_setkey(macctx, p.key->data, p.key->data_size)) return 0; } - if ((p = OSSL_PARAM_locate_const(params, - OSSL_MAC_PARAM_TLS_DATA_SIZE)) != NULL) { - if (!OSSL_PARAM_get_size_t(p, &macctx->tls_data_size)) - return 0; - } + if (p.tlssize != NULL && !OSSL_PARAM_get_size_t(p.tlssize, &macctx->tls_data_size)) + return 0; + return 1; } -- 2.47.3