Use generated param decoders in SHA provider

Refactor the SHA provider's context parameter handling in sha2_prov.c to use
the generated parameter decoder framework.

This change replaces manual parameter lookups using `OSSL_PARAM_locate` and
static `OSSL_PARAM` arrays with generated decoder functions and structs. A new
template, `sha2_prov.inc.in`, is added to create the necessary decoders during
the build.

This simplifies the code, reduces boilerplate, and improves type safety.

Signed-off-by: Simo Sorce <simo@redhat.com>

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28837)

.gitignore

@@ -159,6 +159,7 @@ providers/implementations/ciphers/cipher_sm4_xts.inc
 providers/implementations/digests/blake2_prov.inc
 providers/implementations/digests/digestcommon.inc
 providers/implementations/digests/mdc2_prov.inc
+providers/implementations/digests/sha2_prov.inc
 providers/implementations/digests/sha3_prov.inc
 providers/implementations/include/prov/blake2_params.inc
 providers/implementations/macs/cmac_prov.inc

build.info

@@ -115,6 +115,7 @@ DEPEND[]=include/openssl/asn1.h \
          providers/implementations/digests/blake2_prov.inc \
          providers/implementations/digests/digestcommon.inc \
          providers/implementations/digests/mdc2_prov.inc \
+         providers/implementations/digests/sha2_prov.inc \
          providers/implementations/digests/sha3_prov.inc \
          providers/implementations/include/prov/blake2_params.inc \
          providers/implementations/macs/cmac_prov.inc \
@@ -233,6 +234,7 @@ DEPEND[providers/implementations/asymciphers/rsa_enc.inc \
        providers/implementations/digests/blake2_prov.inc \
        providers/implementations/digests/digestcommon.inc \
        providers/implementations/digests/mdc2_prov.inc \
+       providers/implementations/digests/sha2_prov.inc \
        providers/implementations/digests/sha3_prov.inc \
        providers/implementations/include/prov/blake2_params.inc \
        providers/implementations/macs/cmac_prov.inc \
@@ -389,6 +391,8 @@ GENERATE[providers/implementations/digests/digestcommon.inc]=\
     providers/implementations/digests/digestcommon.inc.in
 GENERATE[providers/implementations/digests/mdc2_prov.inc]=\
     providers/implementations/digests/mdc2_prov.inc.in
+GENERATE[providers/implementations/digests/sha2_prov.inc]=\
+    providers/implementations/digests/sha2_prov.inc.in
 GENERATE[providers/implementations/digests/sha3_prov.inc]=\
     providers/implementations/digests/sha3_prov.inc.in
 GENERATE[providers/implementations/include/prov/blake2_params.inc]=\

providers/implementations/digests/sha2_prov.c

@@ -17,46 +17,41 @@
 #include <openssl/crypto.h>
 #include <openssl/core_dispatch.h>
 #include <openssl/evp.h>
+#include <openssl/err.h>
 #include <openssl/sha.h>
 #include <openssl/params.h>
+#include <openssl/proverr.h>
 #include <openssl/core_names.h>
 #include "prov/digestcommon.h"
 #include "prov/implementations.h"
 #include "crypto/sha.h"
+#include "internal/common.h"
+#include "providers/implementations/digests/sha2_prov.inc"
 
 #define SHA2_FLAGS PROV_DIGEST_FLAG_ALGID_ABSENT
 
-static OSSL_FUNC_digest_set_ctx_params_fn sha1_set_ctx_params;
-static OSSL_FUNC_digest_settable_ctx_params_fn sha1_settable_ctx_params;
-
-static const OSSL_PARAM known_sha1_settable_ctx_params[] = {
-    { OSSL_DIGEST_PARAM_SSL3_MS, OSSL_PARAM_OCTET_STRING, NULL, 0, 0 },
-    OSSL_PARAM_END
-};
-static const OSSL_PARAM *sha1_settable_ctx_params(ossl_unused void *ctx,
-    ossl_unused void *provctx)
-{
-    return known_sha1_settable_ctx_params;
-}
-
 /* Special set_params method for SSL3 */
 static int sha1_set_ctx_params(void *vctx, const OSSL_PARAM params[])
 {
-    const OSSL_PARAM *p;
+    struct sha1_set_ctx_params_st p;
     SHA_CTX *ctx = (SHA_CTX *)vctx;
 
-    if (ctx == NULL)
+    if (ossl_unlikely(ctx == NULL || !sha1_set_ctx_params_decoder(params, &p)))
         return 0;
-    if (ossl_param_is_empty(params))
-        return 1;
 
-    p = OSSL_PARAM_locate_const(params, OSSL_DIGEST_PARAM_SSL3_MS);
-    if (p != NULL && p->data_type == OSSL_PARAM_OCTET_STRING)
+    if (p.ssl3_ms != NULL)
         return ossl_sha1_ctrl(ctx, EVP_CTRL_SSL3_MASTER_SECRET,
-            (int)p->data_size, p->data);
+            (int)p.ssl3_ms->data_size, p.ssl3_ms->data);
+
     return 1;
 }
 
+static const OSSL_PARAM *sha1_settable_ctx_params(ossl_unused void *ctx,
+    ossl_unused void *provctx)
+{
+    return sha1_set_ctx_params_list;
+}
+
 static const unsigned char sha256magic[] = "SHA256v1";
 #define SHA256MAGIC_LEN (sizeof(sha256magic) - 1)
 #define SHA256_SERIALIZATION_LEN                      \

providers/implementations/digests/sha2_prov.inc.in

@@ -0,0 +1,18 @@
+/*
+ * Copyright 2025 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the \"License\").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+{-
+use OpenSSL::paramnames qw(produce_param_decoder);
+-}
+
+{-
+produce_param_decoder('sha1_set_ctx_params',
+                      ([ 'OSSL_DIGEST_PARAM_SSL3_MS', 'ssl3_ms', 'octet_string' ],
+                      ));
+-}