commit 4262d44a3b0184fe8a501dedb5ea0de3baa71eff
from: jsing <jsing@openbsd.org>
date: Fri May 16 14:03:49 2025 UTC

Stop using CRYPTO_gcm128_init() and stack allocated GCM128_CONTEXT.

Since struct gcm128_context is not exposed via a public header, there is no
way CRYPTO_gcm128_init() can actually be used properly. Instead, use
CRYPTO_gcm128_new() and CRYPTO_gcm128_free_bird()^WCRYPTO_gcm128_release()
(naming consistency is apparently hard).

commit - a6dde246c6ce7883360973b2fdcc5006cc089de7
commit + 4262d44a3b0184fe8a501dedb5ea0de3baa71eff
blob - def7653c7b6e891c3540bb6201ec9f8b9ee0eab4
blob + 78631979fed7fe5a069b410f3f7ff5e4daa1cd88
--- regress/lib/libcrypto/gcm128/gcm128test.c
+++ regress/lib/libcrypto/gcm128/gcm128test.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: gcm128test.c,v 1.7 2022/09/05 21:06:31 tb Exp $	*/
+/*	$OpenBSD: gcm128test.c,v 1.8 2025/05/16 14:03:49 jsing Exp $	*/
 /* ====================================================================
  * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
  *
@@ -57,11 +57,6 @@
 #include <openssl/aes.h>
 #include <openssl/modes.h>
 
-/* XXX - something like this should be in the public headers. */
-struct gcm128_context {
-	uint64_t opaque[64];
-};
-
 struct gcm128_test {
 	const uint8_t K[128];
 	size_t K_len;
@@ -856,7 +851,7 @@ struct gcm128_test gcm128_tests[] = {
 static int
 do_gcm128_test(int test_no, struct gcm128_test *tv)
 {
-	GCM128_CONTEXT ctx;
+	GCM128_CONTEXT *ctx;
 	AES_KEY key;
 	uint8_t *out = NULL;
 	size_t out_len;
@@ -873,13 +868,16 @@ do_gcm128_test(int test_no, struct gcm128_test *tv)
 
 	if (out_len != 0)
 		memset(out, 0, out_len);
-	CRYPTO_gcm128_init(&ctx, &key, (block128_f)AES_encrypt);
-	CRYPTO_gcm128_setiv(&ctx, tv->IV, tv->IV_len);
+
+	if ((ctx = CRYPTO_gcm128_new(&key, (block128_f)AES_encrypt)) == NULL)
+		err(1, "CRYPTO_gcm128_new");
+
+	CRYPTO_gcm128_setiv(ctx, tv->IV, tv->IV_len);
 	if (tv->A_len > 0)
-		CRYPTO_gcm128_aad(&ctx, tv->A, tv->A_len);
+		CRYPTO_gcm128_aad(ctx, tv->A, tv->A_len);
 	if (tv->P_len > 0)
-		CRYPTO_gcm128_encrypt(&ctx, tv->P, out, out_len);
-	if (CRYPTO_gcm128_finish(&ctx, tv->T, 16)) {
+		CRYPTO_gcm128_encrypt(ctx, tv->P, out, out_len);
+	if (CRYPTO_gcm128_finish(ctx, tv->T, 16)) {
 		fprintf(stderr, "TEST %d: CRYPTO_gcm128_finish failed\n",
 		    test_no);
 		goto fail;
@@ -891,12 +889,12 @@ do_gcm128_test(int test_no, struct gcm128_test *tv)
 
 	if (out_len != 0)
 		memset(out, 0, out_len);
-	CRYPTO_gcm128_setiv(&ctx, tv->IV, tv->IV_len);
+	CRYPTO_gcm128_setiv(ctx, tv->IV, tv->IV_len);
 	if (tv->A_len > 0)
-		CRYPTO_gcm128_aad(&ctx, tv->A, tv->A_len);
+		CRYPTO_gcm128_aad(ctx, tv->A, tv->A_len);
 	if (tv->C_len > 0)
-		CRYPTO_gcm128_decrypt(&ctx, tv->C, out, out_len);
-	if (CRYPTO_gcm128_finish(&ctx, tv->T, 16)) {
+		CRYPTO_gcm128_decrypt(ctx, tv->C, out, out_len);
+	if (CRYPTO_gcm128_finish(ctx, tv->T, 16)) {
 		fprintf(stderr, "TEST %d: CRYPTO_gcm128_finish failed\n",
 		    test_no);
 		goto fail;
@@ -909,6 +907,8 @@ do_gcm128_test(int test_no, struct gcm128_test *tv)
 	ret = 0;
 
 fail:
+	CRYPTO_gcm128_release(ctx);
+
 	free(out);
 	return (ret);
 }