robin.thoni
/
ipxe
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 11 Wiki Activity
Browse Source

[crypto] Change cipher_{en,de}crypt() to void functions 

It is a programming error, not a runtime error, if we attempt to use
block ciphers with an incorrect blocksize, so use an assert() rather
than an error status return.
tags/v0.9.7
Michael Brown 15 years ago
parent
a3219b24a8
commit
b4d3d686cc
3 changed files with 25 additions and 50 deletions
Split View Show Diff Stats
  1. 0
    24
      src/crypto/cipher.c
  2. 20
    9
      src/include/gpxe/crypto.h
  3. 5
    17
      src/net/tls.c

+ 0
- 24
src/crypto/cipher.c View File 

@@ -1,24 +0,0 @@
1 
-#include <stdint.h>
2 
-#include <errno.h>
3 
-#include <gpxe/crypto.h>
4 
-
5 
-int cipher_encrypt ( struct cipher_algorithm *cipher,
6 
-		     void *ctx, const void *src, void *dst,
7 
-		     size_t len ) {
8 
-	if ( ( len & ( cipher->blocksize - 1 ) ) ) {
9 
-		return -EINVAL;
10 
-	}
11 
-	cipher->encrypt ( ctx, src, dst, len );
12 
-	return 0;
13 
-}
14 
-
15 
-int cipher_decrypt ( struct cipher_algorithm *cipher,
16 
-		     void *ctx, const void *src, void *dst,
17 
-		     size_t len ) {
18 
-	if ( ( len & ( cipher->blocksize - 1 ) ) ) {
19 
-		return -EINVAL;
20 
-	}
21 
-	cipher->decrypt ( ctx, src, dst, len );
22 
-	return 0;
23 
-}
24 
-

+ 20
- 9
src/include/gpxe/crypto.h View File 

@@ -70,7 +70,6 @@ struct cipher_algorithm {
70 70 
 	 * @v src		Data to encrypt
71 71 
 	 * @v dst		Buffer for encrypted data
72 72 
 	 * @v len		Length of data
73 
-	 * @ret rc		Return status code
74 73 
 	 *
75 74 
 	 * @v len is guaranteed to be a multiple of @c blocksize.
76 75 
 	 */
 
@@ -82,7 +81,6 @@ struct cipher_algorithm {
82 81 
 	 * @v src		Data to decrypt
83 82 
 	 * @v dst		Buffer for decrypted data
84 83 
 	 * @v len		Length of data
85 
-	 * @ret rc		Return status code
86 84 
 	 *
87 85 
 	 * @v len is guaranteed to be a multiple of @c blocksize.
88 86 
 	 */
 
@@ -123,17 +121,30 @@ static inline void cipher_setiv ( struct cipher_algorithm *cipher,
123 121 
 	cipher->setiv ( ctx, iv );
124 122 
 }
125 123
124 
+static inline void cipher_encrypt ( struct cipher_algorithm *cipher,
125 
+				    void *ctx, const void *src, void *dst,
126 
+				    size_t len ) {
127 
+	cipher->encrypt ( ctx, src, dst, len );
128 
+}
129 
+#define cipher_encrypt( cipher, ctx, src, dst, len ) do {		\
130 
+	assert ( ( len & ( (cipher)->blocksize - 1 ) ) == 0 );		\
131 
+	cipher_encrypt ( (cipher), (ctx), (src), (dst), (len) );	\
132 
+	} while ( 0 )
133 
+
134 
+static inline void cipher_decrypt ( struct cipher_algorithm *cipher,
135 
+				    void *ctx, const void *src, void *dst,
136 
+				    size_t len ) {
137 
+	cipher->decrypt ( ctx, src, dst, len );
138 
+}
139 
+#define cipher_decrypt( cipher, ctx, src, dst, len ) do {		\
140 
+	assert ( ( len & ( (cipher)->blocksize - 1 ) ) == 0 );		\
141 
+	cipher_decrypt ( (cipher), (ctx), (src), (dst), (len) );	\
142 
+	} while ( 0 )
143 
+
126 144 
 static inline int is_stream_cipher ( struct cipher_algorithm *cipher ) {
127 145 
 	return ( cipher->blocksize == 1 );
128 146 
 }
129 147
130 
-extern int cipher_encrypt ( struct cipher_algorithm *cipher,
131 
-			    void *ctx, const void *src, void *dst,
132 
-			    size_t len );
133 
-extern int cipher_decrypt ( struct cipher_algorithm *cipher,
134 
-			    void *ctx, const void *src, void *dst,
135 
-			    size_t len );
136 
-
137 148 
 extern struct digest_algorithm digest_null;
138 149 
 extern struct cipher_algorithm cipher_null;
139 150 
 extern struct pubkey_algorithm pubkey_null;

+ 5
- 17
src/net/tls.c View File 

@@ -1223,15 +1223,9 @@ static int tls_send_plaintext ( struct tls_session *tls, unsigned int type,
1223 1223 
 	tlshdr->length = htons ( plaintext_len );
1224 1224 
 	memcpy ( cipherspec->cipher_next_ctx, cipherspec->cipher_ctx,
1225 1225 
 		 cipherspec->cipher->ctxsize );
1226 
-	if ( ( rc = cipher_encrypt ( cipherspec->cipher,
1227 
-				     cipherspec->cipher_next_ctx, plaintext,
1228 
-				     iob_put ( ciphertext, plaintext_len ),
1229 
-				     plaintext_len ) ) != 0 ) {
1230 
-		DBGC ( tls, "TLS %p could not encrypt: %s\n",
1231 
-		       tls, strerror ( rc ) );
1232 
-		DBGC_HD ( tls, plaintext, plaintext_len );
1233 
-		goto done;
1234 
-	}
1226 
+	cipher_encrypt ( cipherspec->cipher, cipherspec->cipher_next_ctx,
1227 
+			 plaintext, iob_put ( ciphertext, plaintext_len ),
1228 
+			 plaintext_len );
1235 1229
1236 1230 
 	/* Free plaintext as soon as possible to conserve memory */
1237 1231 
 	free ( plaintext );
 
@@ -1393,14 +1387,8 @@ static int tls_new_ciphertext ( struct tls_session *tls,
1393 1387 
 	}
1394 1388
1395 1389 
 	/* Decrypt the record */
1396 
-	if ( ( rc = cipher_decrypt ( cipherspec->cipher,
1397 
-				     cipherspec->cipher_ctx, ciphertext,
1398 
-				     plaintext, record_len ) ) != 0 ) {
1399 
-		DBGC ( tls, "TLS %p could not decrypt: %s\n",
1400 
-		       tls, strerror ( rc ) );
1401 
-		DBGC_HD ( tls, ciphertext, record_len );
1402 
-		goto done;
1403 
-	}
1390 
+	cipher_decrypt ( cipherspec->cipher, cipherspec->cipher_ctx,
1391 
+			 ciphertext, plaintext, record_len );
1404 1392
1405 1393 
 	/* Split record into content and MAC */
1406 1394 
 	if ( is_stream_cipher ( cipherspec->cipher ) ) {

Write Preview
Loading…
Cancel
Save