Commit e1c0726f48 for openssl.org
commit e1c0726f486118f417ddf26b08e8e3ccd8de34b1
Author: Simo Sorce <simo@redhat.com>
Date: Mon Jun 8 18:23:00 2026 -0400
Replace GCM_HW_SET_KEY_CTR_FN with a function
The `GCM_HW_SET_KEY_CTR_FN` macro has been removed and replaced with a proper
function, `aes_gcm_hw_initkey`, for AES GCM hardware implementations. For ARIA
GCM, the macro expansion was manually inlined.
This refactoring eliminates a multi-line macro to improve debuggability and
type safety. Crucially, the new function checks the return value of the
underlying key setup routines, ensuring that key initialization failures are
now correctly caught and propagated instead of being ignored.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
MergeDate: Sat Jun 27 09:05:38 2026
(Merged from https://github.com/openssl/openssl/pull/31472)
diff --git a/providers/implementations/ciphers/cipher_aes_gcm.h b/providers/implementations/ciphers/cipher_aes_gcm.h
index 2b03c584b9..ef4170c255 100644
--- a/providers/implementations/ciphers/cipher_aes_gcm.h
+++ b/providers/implementations/ciphers/cipher_aes_gcm.h
@@ -45,6 +45,16 @@ typedef struct prov_aes_gcm_ctx_st {
} plat;
} PROV_AES_GCM_CTX;
+typedef void (*aes_block128_f)(const unsigned char in[16],
+ unsigned char out[16], const AES_KEY *key);
+
+typedef int (*aes_set_encrypt_key_fn)(const unsigned char *key,
+ int bits, AES_KEY *ks);
+
+int aes_gcm_hw_initkey(PROV_GCM_CTX *ctx, const unsigned char *key,
+ size_t keylen, aes_set_encrypt_key_fn fn_set_key,
+ aes_block128_f fn_block, ctr128_f fn_ctr);
+
int generic_aes_gcm_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in,
size_t len, unsigned char *out);
diff --git a/providers/implementations/ciphers/cipher_aes_gcm_hw.c b/providers/implementations/ciphers/cipher_aes_gcm_hw.c
index 6d41cdb700..bcdb879400 100644
--- a/providers/implementations/ciphers/cipher_aes_gcm_hw.c
+++ b/providers/implementations/ciphers/cipher_aes_gcm_hw.c
@@ -14,48 +14,67 @@
* non-internal use) in order to implement provider AES ciphers.
*/
#include "internal/deprecated.h"
-
+#include <openssl/proverr.h>
#include "cipher_aes_gcm.h"
-static int aes_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key,
- size_t keylen)
+int aes_gcm_hw_initkey(PROV_GCM_CTX *ctx, const unsigned char *key,
+ size_t keylen, aes_set_encrypt_key_fn fn_set_key,
+ aes_block128_f fn_block, ctr128_f fn_ctr)
{
PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx;
AES_KEY *ks = &actx->ks.ks;
+ int ret = fn_set_key(key, (int)(keylen * 8), ks);
+ if (ret < 0) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SETUP_FAILED);
+ return 0;
+ }
+
+ CRYPTO_gcm128_init(&ctx->gcm, ks, (block128_f)fn_block);
+ ctx->ctr = fn_ctr;
+ ctx->key_set = 1;
+
+ return 1;
+}
+
+static int aes_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key,
+ size_t keylen)
+{
#ifdef HWAES_CAPABLE
if (HWAES_CAPABLE) {
#ifdef HWAES_ctr32_encrypt_blocks
- GCM_HW_SET_KEY_CTR_FN(ks, HWAES_set_encrypt_key, HWAES_encrypt,
- HWAES_ctr32_encrypt_blocks);
+ return aes_gcm_hw_initkey(ctx, key, keylen, HWAES_set_encrypt_key,
+ HWAES_encrypt, HWAES_ctr32_encrypt_blocks);
#else
- GCM_HW_SET_KEY_CTR_FN(ks, HWAES_set_encrypt_key, HWAES_encrypt, NULL);
+ return aes_gcm_hw_initkey(ctx, key, keylen, HWAES_set_encrypt_key,
+ HWAES_encrypt, NULL);
#endif /* HWAES_ctr32_encrypt_blocks */
} else
#endif /* HWAES_CAPABLE */
#ifdef BSAES_CAPABLE
if (BSAES_CAPABLE) {
- GCM_HW_SET_KEY_CTR_FN(ks, AES_set_encrypt_key, AES_encrypt,
- ossl_bsaes_ctr32_encrypt_blocks);
+ return aes_gcm_hw_initkey(ctx, key, keylen, AES_set_encrypt_key,
+ AES_encrypt, (ctr128_f)ossl_bsaes_ctr32_encrypt_blocks);
} else
#endif /* BSAES_CAPABLE */
#ifdef VPAES_CAPABLE
if (VPAES_CAPABLE) {
- GCM_HW_SET_KEY_CTR_FN(ks, vpaes_set_encrypt_key, vpaes_encrypt, NULL);
+ return aes_gcm_hw_initkey(ctx, key, keylen, vpaes_set_encrypt_key,
+ vpaes_encrypt, NULL);
} else
#endif /* VPAES_CAPABLE */
{
#ifdef AES_CTR_ASM
- GCM_HW_SET_KEY_CTR_FN(ks, AES_set_encrypt_key, AES_encrypt,
- AES_ctr32_encrypt);
+ return aes_gcm_hw_initkey(ctx, key, keylen, AES_set_encrypt_key,
+ AES_encrypt, (ctr128_f)AES_ctr32_encrypt);
#else
- GCM_HW_SET_KEY_CTR_FN(ks, AES_set_encrypt_key, AES_encrypt, NULL);
+ return aes_gcm_hw_initkey(ctx, key, keylen, AES_set_encrypt_key,
+ AES_encrypt, NULL);
#endif /* AES_CTR_ASM */
}
- return 1;
}
int generic_aes_gcm_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in,
diff --git a/providers/implementations/ciphers/cipher_aes_gcm_hw_aesni.c b/providers/implementations/ciphers/cipher_aes_gcm_hw_aesni.c
index d6f1af75dc..2b8938f27b 100644
--- a/providers/implementations/ciphers/cipher_aes_gcm_hw_aesni.c
+++ b/providers/implementations/ciphers/cipher_aes_gcm_hw_aesni.c
@@ -19,11 +19,8 @@
static int aesni_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key,
size_t keylen)
{
- PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx;
- AES_KEY *ks = &actx->ks.ks;
- GCM_HW_SET_KEY_CTR_FN(ks, aesni_set_encrypt_key, aesni_encrypt,
- aesni_ctr32_encrypt_blocks);
- return 1;
+ return aes_gcm_hw_initkey(ctx, key, keylen, aesni_set_encrypt_key,
+ aesni_encrypt, aesni_ctr32_encrypt_blocks);
}
static const PROV_GCM_HW aesni_gcm = {
diff --git a/providers/implementations/ciphers/cipher_aes_gcm_hw_armv8.c b/providers/implementations/ciphers/cipher_aes_gcm_hw_armv8.c
index 00df7b2c0e..7d50de2a2f 100644
--- a/providers/implementations/ciphers/cipher_aes_gcm_hw_armv8.c
+++ b/providers/implementations/ciphers/cipher_aes_gcm_hw_armv8.c
@@ -83,17 +83,15 @@ size_t armv8_aes_gcm_decrypt(const unsigned char *in, unsigned char *out, size_t
static int armv8_aes_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key,
size_t keylen)
{
- PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx;
- AES_KEY *ks = &actx->ks.ks;
-
if (AES_UNROLL12_EOR3_CAPABLE) {
- GCM_HW_SET_KEY_CTR_FN(ks, aes_v8_set_encrypt_key, aes_v8_encrypt,
+ return aes_gcm_hw_initkey(ctx, key, keylen,
+ aes_v8_set_encrypt_key, aes_v8_encrypt,
aes_v8_ctr32_encrypt_blocks_unroll12_eor3);
} else {
- GCM_HW_SET_KEY_CTR_FN(ks, aes_v8_set_encrypt_key, aes_v8_encrypt,
+ return aes_gcm_hw_initkey(ctx, key, keylen,
+ aes_v8_set_encrypt_key, aes_v8_encrypt,
aes_v8_ctr32_encrypt_blocks);
}
- return 1;
}
static const PROV_GCM_HW armv8_aes_gcm = {
diff --git a/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.c b/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.c
index 0b500d64b2..c605cb0072 100644
--- a/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.c
+++ b/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.c
@@ -19,12 +19,8 @@
static int aes_ppc_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key,
size_t keylen)
{
- PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx;
- AES_KEY *ks = &actx->ks.ks;
-
- GCM_HW_SET_KEY_CTR_FN(ks, aes_p8_set_encrypt_key, aes_p8_encrypt,
- aes_p8_ctr32_encrypt_blocks);
- return 1;
+ return aes_gcm_hw_initkey(ctx, key, keylen, aes_p8_set_encrypt_key,
+ aes_p8_encrypt, aes_p8_ctr32_encrypt_blocks);
}
static inline uint32_t UTO32(unsigned char *buf)
diff --git a/providers/implementations/ciphers/cipher_aes_gcm_hw_rv32i.c b/providers/implementations/ciphers/cipher_aes_gcm_hw_rv32i.c
index a5dee80453..708be6aef5 100644
--- a/providers/implementations/ciphers/cipher_aes_gcm_hw_rv32i.c
+++ b/providers/implementations/ciphers/cipher_aes_gcm_hw_rv32i.c
@@ -19,24 +19,16 @@
static int rv32i_zknd_zkne_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key,
size_t keylen)
{
- PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx;
- AES_KEY *ks = &actx->ks.ks;
-
- GCM_HW_SET_KEY_CTR_FN(ks, rv32i_zkne_set_encrypt_key, rv32i_zkne_encrypt,
- NULL);
- return 1;
+ return aes_gcm_hw_initkey(ctx, key, keylen,
+ rv32i_zkne_set_encrypt_key, rv32i_zkne_encrypt, NULL);
}
static int rv32i_zbkb_zknd_zkne_gcm_initkey(PROV_GCM_CTX *ctx,
const unsigned char *key,
size_t keylen)
{
- PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx;
- AES_KEY *ks = &actx->ks.ks;
-
- GCM_HW_SET_KEY_CTR_FN(ks, rv32i_zbkb_zkne_set_encrypt_key, rv32i_zkne_encrypt,
- NULL);
- return 1;
+ return aes_gcm_hw_initkey(ctx, key, keylen,
+ rv32i_zbkb_zkne_set_encrypt_key, rv32i_zkne_encrypt, NULL);
}
static const PROV_GCM_HW rv32i_zknd_zkne_gcm = {
diff --git a/providers/implementations/ciphers/cipher_aes_gcm_hw_rv64i.c b/providers/implementations/ciphers/cipher_aes_gcm_hw_rv64i.c
index 74de38f175..7d88ff7e43 100644
--- a/providers/implementations/ciphers/cipher_aes_gcm_hw_rv64i.c
+++ b/providers/implementations/ciphers/cipher_aes_gcm_hw_rv64i.c
@@ -19,14 +19,11 @@
/*-
* RISC-V 64 ZKND and ZKNE support for AES GCM.
*/
-static int rv64i_zknd_zkne_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key,
- size_t keylen)
+static int rv64i_zknd_zkne_gcm_initkey(PROV_GCM_CTX *ctx,
+ const unsigned char *key, size_t keylen)
{
- PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx;
- AES_KEY *ks = &actx->ks.ks;
- GCM_HW_SET_KEY_CTR_FN(ks, rv64i_zkne_set_encrypt_key, rv64i_zkne_encrypt,
- NULL);
- return 1;
+ return aes_gcm_hw_initkey(ctx, key, keylen,
+ rv64i_zkne_set_encrypt_key, rv64i_zkne_encrypt, NULL);
}
static const PROV_GCM_HW rv64i_zknd_zkne_gcm = {
@@ -44,22 +41,17 @@ static const PROV_GCM_HW rv64i_zknd_zkne_gcm = {
static int rv64i_zvkned_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key,
size_t keylen)
{
- PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx;
- AES_KEY *ks = &actx->ks.ks;
-
/*
* Zvkned only supports 128 and 256 bit keys for key schedule generation.
* For AES-192 case, we could fallback to `AES_set_encrypt_key`.
*/
if (keylen * 8 == 128 || keylen * 8 == 256) {
- GCM_HW_SET_KEY_CTR_FN(ks, rv64i_zvkned_set_encrypt_key,
- rv64i_zvkned_encrypt, NULL);
+ return aes_gcm_hw_initkey(ctx, key, keylen,
+ rv64i_zvkned_set_encrypt_key, rv64i_zvkned_encrypt, NULL);
} else {
- GCM_HW_SET_KEY_CTR_FN(ks, AES_set_encrypt_key,
- rv64i_zvkned_encrypt, NULL);
+ return aes_gcm_hw_initkey(ctx, key, keylen,
+ AES_set_encrypt_key, rv64i_zvkned_encrypt, NULL);
}
-
- return 1;
}
static const PROV_GCM_HW rv64i_zvkned_gcm = {
@@ -78,24 +70,19 @@ static int rv64i_zvkb_zvkg_zvkned_gcm_initkey(PROV_GCM_CTX *ctx,
const unsigned char *key,
size_t keylen)
{
- PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx;
- AES_KEY *ks = &actx->ks.ks;
-
/*
* Zvkned only supports 128 and 256 bit keys for key schedule generation.
* For AES-192 case, we could fallback to `AES_set_encrypt_key`.
*/
if (keylen * 8 == 128 || keylen * 8 == 256) {
- GCM_HW_SET_KEY_CTR_FN(ks, rv64i_zvkned_set_encrypt_key,
- rv64i_zvkned_encrypt,
+ return aes_gcm_hw_initkey(ctx, key, keylen,
+ rv64i_zvkned_set_encrypt_key, rv64i_zvkned_encrypt,
rv64i_zvkb_zvkned_ctr32_encrypt_blocks);
} else {
- GCM_HW_SET_KEY_CTR_FN(ks, AES_set_encrypt_key,
- rv64i_zvkned_encrypt,
+ return aes_gcm_hw_initkey(ctx, key, keylen,
+ AES_set_encrypt_key, rv64i_zvkned_encrypt,
rv64i_zvkb_zvkned_ctr32_encrypt_blocks);
}
-
- return 1;
}
static const PROV_GCM_HW rv64i_zvkb_zvkg_zvkned_gcm = {
diff --git a/providers/implementations/ciphers/cipher_aes_gcm_hw_t4.c b/providers/implementations/ciphers/cipher_aes_gcm_hw_t4.c
index 4625c66e4d..4b6968581d 100644
--- a/providers/implementations/ciphers/cipher_aes_gcm_hw_t4.c
+++ b/providers/implementations/ciphers/cipher_aes_gcm_hw_t4.c
@@ -19,26 +19,22 @@
static int t4_aes_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key,
size_t keylen)
{
- ctr128_f ctr;
- PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx;
- AES_KEY *ks = &actx->ks.ks;
-
switch (keylen) {
case 16:
- ctr = (ctr128_f)aes128_t4_ctr32_encrypt;
- break;
+ return aes_gcm_hw_initkey(ctx, key, keylen,
+ aes_t4_set_encrypt_key, aes_t4_encrypt,
+ (ctr128_f)aes128_t4_ctr32_encrypt);
case 24:
- ctr = (ctr128_f)aes192_t4_ctr32_encrypt;
- break;
+ return aes_gcm_hw_initkey(ctx, key, keylen,
+ aes_t4_set_encrypt_key, aes_t4_encrypt,
+ (ctr128_f)aes192_t4_ctr32_encrypt);
case 32:
- ctr = (ctr128_f)aes256_t4_ctr32_encrypt;
- break;
+ return aes_gcm_hw_initkey(ctx, key, keylen,
+ aes_t4_set_encrypt_key, aes_t4_encrypt,
+ (ctr128_f)aes256_t4_ctr32_encrypt);
default:
return 0;
}
-
- GCM_HW_SET_KEY_CTR_FN(ks, aes_t4_set_encrypt_key, aes_t4_encrypt, ctr);
- return 1;
}
static const PROV_GCM_HW t4_aes_gcm = {
diff --git a/providers/implementations/ciphers/cipher_aria_gcm_hw.c b/providers/implementations/ciphers/cipher_aria_gcm_hw.c
index f4c8646103..35f3257d89 100644
--- a/providers/implementations/ciphers/cipher_aria_gcm_hw.c
+++ b/providers/implementations/ciphers/cipher_aria_gcm_hw.c
@@ -19,7 +19,11 @@ static int aria_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key,
PROV_ARIA_GCM_CTX *actx = (PROV_ARIA_GCM_CTX *)ctx;
ARIA_KEY *ks = &actx->ks.ks;
- GCM_HW_SET_KEY_CTR_FN(ks, ossl_aria_set_encrypt_key, ossl_aria_encrypt, NULL);
+ ossl_aria_set_encrypt_key(key, (int)(keylen * 8), ks);
+ CRYPTO_gcm128_init(&ctx->gcm, ks, (block128_f)ossl_aria_encrypt);
+ ctx->ctr = NULL;
+ ctx->key_set = 1;
+
return 1;
}
diff --git a/providers/implementations/include/prov/ciphercommon_gcm.h b/providers/implementations/include/prov/ciphercommon_gcm.h
index ba5d0b5f87..08865b7595 100644
--- a/providers/implementations/include/prov/ciphercommon_gcm.h
+++ b/providers/implementations/include/prov/ciphercommon_gcm.h
@@ -123,10 +123,4 @@ int ossl_gcm_one_shot(PROV_GCM_CTX *ctx, unsigned char *aad, size_t aad_len,
int ossl_gcm_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in,
size_t len, unsigned char *out);
-#define GCM_HW_SET_KEY_CTR_FN(ks, fn_set_enc_key, fn_block, fn_ctr) \
- fn_set_enc_key(key, (int)(keylen * 8), ks); \
- CRYPTO_gcm128_init(&ctx->gcm, ks, (block128_f)fn_block); \
- ctx->ctr = (ctr128_f)fn_ctr; \
- ctx->key_set = 1;
-
#endif