jcs.org / openbsd-src
jcs's openbsd hax
openbsd
fork atom

Stop using CRYPTO_gcm128_init() and stack allocated GCM128_CONTEXT.

Since struct gcm128_context is not exposed via a public header, there is no
way CRYPTO_gcm128_init() can actually be used properly. Instead, use
CRYPTO_gcm128_new() and CRYPTO_gcm128_free_bird()^WCRYPTO_gcm128_release()
(naming consistency is apparently hard).

jsing 4262d44a a6dde246

+16 -16
+16 -16
regress/lib/libcrypto/gcm128/gcm128test.c
··· 1 - /* $OpenBSD: gcm128test.c,v 1.7 2022/09/05 21:06:31 tb Exp $ */ 1 + /* $OpenBSD: gcm128test.c,v 1.8 2025/05/16 14:03:49 jsing Exp $ */ 2 2 /* ==================================================================== 3 3 * Copyright (c) 2010 The OpenSSL Project. All rights reserved. 4 4 * ··· 56 56 57 57 #include <openssl/aes.h> 58 58 #include <openssl/modes.h> 59 - 60 - /* XXX - something like this should be in the public headers. */ 61 - struct gcm128_context { 62 - uint64_t opaque[64]; 63 - }; 64 59 65 60 struct gcm128_test { 66 61 const uint8_t K[128]; ··· 856 851 static int 857 852 do_gcm128_test(int test_no, struct gcm128_test *tv) 858 853 { 859 - GCM128_CONTEXT ctx; 854 + GCM128_CONTEXT *ctx; 860 855 AES_KEY key; 861 856 uint8_t *out = NULL; 862 857 size_t out_len; ··· 873 868 874 869 if (out_len != 0) 875 870 memset(out, 0, out_len); 876 - CRYPTO_gcm128_init(&ctx, &key, (block128_f)AES_encrypt); 877 - CRYPTO_gcm128_setiv(&ctx, tv->IV, tv->IV_len); 871 + 872 + if ((ctx = CRYPTO_gcm128_new(&key, (block128_f)AES_encrypt)) == NULL) 873 + err(1, "CRYPTO_gcm128_new"); 874 + 875 + CRYPTO_gcm128_setiv(ctx, tv->IV, tv->IV_len); 878 876 if (tv->A_len > 0) 879 - CRYPTO_gcm128_aad(&ctx, tv->A, tv->A_len); 877 + CRYPTO_gcm128_aad(ctx, tv->A, tv->A_len); 880 878 if (tv->P_len > 0) 881 - CRYPTO_gcm128_encrypt(&ctx, tv->P, out, out_len); 882 - if (CRYPTO_gcm128_finish(&ctx, tv->T, 16)) { 879 + CRYPTO_gcm128_encrypt(ctx, tv->P, out, out_len); 880 + if (CRYPTO_gcm128_finish(ctx, tv->T, 16)) { 883 881 fprintf(stderr, "TEST %d: CRYPTO_gcm128_finish failed\n", 884 882 test_no); 885 883 goto fail; ··· 891 889 892 890 if (out_len != 0) 893 891 memset(out, 0, out_len); 894 - CRYPTO_gcm128_setiv(&ctx, tv->IV, tv->IV_len); 892 + CRYPTO_gcm128_setiv(ctx, tv->IV, tv->IV_len); 895 893 if (tv->A_len > 0) 896 - CRYPTO_gcm128_aad(&ctx, tv->A, tv->A_len); 894 + CRYPTO_gcm128_aad(ctx, tv->A, tv->A_len); 897 895 if (tv->C_len > 0) 898 - CRYPTO_gcm128_decrypt(&ctx, tv->C, out, out_len); 899 - if (CRYPTO_gcm128_finish(&ctx, tv->T, 16)) { 896 + CRYPTO_gcm128_decrypt(ctx, tv->C, out, out_len); 897 + if (CRYPTO_gcm128_finish(ctx, tv->T, 16)) { 900 898 fprintf(stderr, "TEST %d: CRYPTO_gcm128_finish failed\n", 901 899 test_no); 902 900 goto fail; ··· 909 907 ret = 0; 910 908 911 909 fail: 910 + CRYPTO_gcm128_release(ctx); 911 + 912 912 free(out); 913 913 return (ret); 914 914 }