[crypto] Change cipher_{en,de}crypt() to void functions
It is a programming error, not a runtime error, if we attempt to use block ciphers with an incorrect blocksize, so use an assert() rather than an error status return.
This commit is contained in:
Michael Brown
parent
a3219b24a8
commit
b4d3d686cc
|
|
@ -1,24 +0,0 @@
|
|||
#include <stdint.h>
|
||||
#include <errno.h>
|
||||
#include <gpxe/crypto.h>
|
||||
|
||||
int cipher_encrypt ( struct cipher_algorithm *cipher,
|
||||
void *ctx, const void *src, void *dst,
|
||||
size_t len ) {
|
||||
if ( ( len & ( cipher->blocksize - 1 ) ) ) {
|
||||
return -EINVAL;
|
||||
}
|
||||
cipher->encrypt ( ctx, src, dst, len );
|
||||
return 0;
|
||||
}
|
||||
|
||||
int cipher_decrypt ( struct cipher_algorithm *cipher,
|
||||
void *ctx, const void *src, void *dst,
|
||||
size_t len ) {
|
||||
if ( ( len & ( cipher->blocksize - 1 ) ) ) {
|
||||
return -EINVAL;
|
||||
}
|
||||
cipher->decrypt ( ctx, src, dst, len );
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
@ -70,7 +70,6 @@ struct cipher_algorithm {
|
|||
* @v src Data to encrypt
|
||||
* @v dst Buffer for encrypted data
|
||||
* @v len Length of data
|
||||
* @ret rc Return status code
|
||||
*
|
||||
* @v len is guaranteed to be a multiple of @c blocksize.
|
||||
*/
|
||||
|
|
@ -82,7 +81,6 @@ struct cipher_algorithm {
|
|||
* @v src Data to decrypt
|
||||
* @v dst Buffer for decrypted data
|
||||
* @v len Length of data
|
||||
* @ret rc Return status code
|
||||
*
|
||||
* @v len is guaranteed to be a multiple of @c blocksize.
|
||||
*/
|
||||
|
|
@ -123,17 +121,30 @@ static inline void cipher_setiv ( struct cipher_algorithm *cipher,
|
|||
cipher->setiv ( ctx, iv );
|
||||
}
|
||||
|
||||
static inline void cipher_encrypt ( struct cipher_algorithm *cipher,
|
||||
void *ctx, const void *src, void *dst,
|
||||
size_t len ) {
|
||||
cipher->encrypt ( ctx, src, dst, len );
|
||||
}
|
||||
#define cipher_encrypt( cipher, ctx, src, dst, len ) do { \
|
||||
assert ( ( len & ( (cipher)->blocksize - 1 ) ) == 0 ); \
|
||||
cipher_encrypt ( (cipher), (ctx), (src), (dst), (len) ); \
|
||||
} while ( 0 )
|
||||
|
||||
static inline void cipher_decrypt ( struct cipher_algorithm *cipher,
|
||||
void *ctx, const void *src, void *dst,
|
||||
size_t len ) {
|
||||
cipher->decrypt ( ctx, src, dst, len );
|
||||
}
|
||||
#define cipher_decrypt( cipher, ctx, src, dst, len ) do { \
|
||||
assert ( ( len & ( (cipher)->blocksize - 1 ) ) == 0 ); \
|
||||
cipher_decrypt ( (cipher), (ctx), (src), (dst), (len) ); \
|
||||
} while ( 0 )
|
||||
|
||||
static inline int is_stream_cipher ( struct cipher_algorithm *cipher ) {
|
||||
return ( cipher->blocksize == 1 );
|
||||
}
|
||||
|
||||
extern int cipher_encrypt ( struct cipher_algorithm *cipher,
|
||||
void *ctx, const void *src, void *dst,
|
||||
size_t len );
|
||||
extern int cipher_decrypt ( struct cipher_algorithm *cipher,
|
||||
void *ctx, const void *src, void *dst,
|
||||
size_t len );
|
||||
|
||||
extern struct digest_algorithm digest_null;
|
||||
extern struct cipher_algorithm cipher_null;
|
||||
extern struct pubkey_algorithm pubkey_null;
|
||||
|
|
|
|||
|
|
@ -1223,15 +1223,9 @@ static int tls_send_plaintext ( struct tls_session *tls, unsigned int type,
|
|||
tlshdr->length = htons ( plaintext_len );
|
||||
memcpy ( cipherspec->cipher_next_ctx, cipherspec->cipher_ctx,
|
||||
cipherspec->cipher->ctxsize );
|
||||
if ( ( rc = cipher_encrypt ( cipherspec->cipher,
|
||||
cipherspec->cipher_next_ctx, plaintext,
|
||||
iob_put ( ciphertext, plaintext_len ),
|
||||
plaintext_len ) ) != 0 ) {
|
||||
DBGC ( tls, "TLS %p could not encrypt: %s\n",
|
||||
tls, strerror ( rc ) );
|
||||
DBGC_HD ( tls, plaintext, plaintext_len );
|
||||
goto done;
|
||||
}
|
||||
cipher_encrypt ( cipherspec->cipher, cipherspec->cipher_next_ctx,
|
||||
plaintext, iob_put ( ciphertext, plaintext_len ),
|
||||
plaintext_len );
|
||||
|
||||
/* Free plaintext as soon as possible to conserve memory */
|
||||
free ( plaintext );
|
||||
|
|
@ -1393,14 +1387,8 @@ static int tls_new_ciphertext ( struct tls_session *tls,
|
|||
}
|
||||
|
||||
/* Decrypt the record */
|
||||
if ( ( rc = cipher_decrypt ( cipherspec->cipher,
|
||||
cipherspec->cipher_ctx, ciphertext,
|
||||
plaintext, record_len ) ) != 0 ) {
|
||||
DBGC ( tls, "TLS %p could not decrypt: %s\n",
|
||||
tls, strerror ( rc ) );
|
||||
DBGC_HD ( tls, ciphertext, record_len );
|
||||
goto done;
|
||||
}
|
||||
cipher_decrypt ( cipherspec->cipher, cipherspec->cipher_ctx,
|
||||
ciphertext, plaintext, record_len );
|
||||
|
||||
/* Split record into content and MAC */
|
||||
if ( is_stream_cipher ( cipherspec->cipher ) ) {
|
||||
|
|
|
|||
Reference in New Issue