Browse Source

[crypto] Change cipher_{en,de}crypt() to void functions

It is a programming error, not a runtime error, if we attempt to use
block ciphers with an incorrect blocksize, so use an assert() rather
than an error status return.
tags/v0.9.7
Michael Brown 15 years ago
parent
commit
b4d3d686cc
3 changed files with 25 additions and 50 deletions
  1. 0
    24
      src/crypto/cipher.c
  2. 20
    9
      src/include/gpxe/crypto.h
  3. 5
    17
      src/net/tls.c

+ 0
- 24
src/crypto/cipher.c View File

@@ -1,24 +0,0 @@
1
-#include <stdint.h>
2
-#include <errno.h>
3
-#include <gpxe/crypto.h>
4
-
5
-int cipher_encrypt ( struct cipher_algorithm *cipher,
6
-		     void *ctx, const void *src, void *dst,
7
-		     size_t len ) {
8
-	if ( ( len & ( cipher->blocksize - 1 ) ) ) {
9
-		return -EINVAL;
10
-	}
11
-	cipher->encrypt ( ctx, src, dst, len );
12
-	return 0;
13
-}
14
-
15
-int cipher_decrypt ( struct cipher_algorithm *cipher,
16
-		     void *ctx, const void *src, void *dst,
17
-		     size_t len ) {
18
-	if ( ( len & ( cipher->blocksize - 1 ) ) ) {
19
-		return -EINVAL;
20
-	}
21
-	cipher->decrypt ( ctx, src, dst, len );
22
-	return 0;
23
-}
24
-

+ 20
- 9
src/include/gpxe/crypto.h View File

@@ -70,7 +70,6 @@ struct cipher_algorithm {
70 70
 	 * @v src		Data to encrypt
71 71
 	 * @v dst		Buffer for encrypted data
72 72
 	 * @v len		Length of data
73
-	 * @ret rc		Return status code
74 73
 	 *
75 74
 	 * @v len is guaranteed to be a multiple of @c blocksize.
76 75
 	 */
@@ -82,7 +81,6 @@ struct cipher_algorithm {
82 81
 	 * @v src		Data to decrypt
83 82
 	 * @v dst		Buffer for decrypted data
84 83
 	 * @v len		Length of data
85
-	 * @ret rc		Return status code
86 84
 	 *
87 85
 	 * @v len is guaranteed to be a multiple of @c blocksize.
88 86
 	 */
@@ -123,17 +121,30 @@ static inline void cipher_setiv ( struct cipher_algorithm *cipher,
123 121
 	cipher->setiv ( ctx, iv );
124 122
 }
125 123
 
124
+static inline void cipher_encrypt ( struct cipher_algorithm *cipher,
125
+				    void *ctx, const void *src, void *dst,
126
+				    size_t len ) {
127
+	cipher->encrypt ( ctx, src, dst, len );
128
+}
129
+#define cipher_encrypt( cipher, ctx, src, dst, len ) do {		\
130
+	assert ( ( len & ( (cipher)->blocksize - 1 ) ) == 0 );		\
131
+	cipher_encrypt ( (cipher), (ctx), (src), (dst), (len) );	\
132
+	} while ( 0 )
133
+
134
+static inline void cipher_decrypt ( struct cipher_algorithm *cipher,
135
+				    void *ctx, const void *src, void *dst,
136
+				    size_t len ) {
137
+	cipher->decrypt ( ctx, src, dst, len );
138
+}
139
+#define cipher_decrypt( cipher, ctx, src, dst, len ) do {		\
140
+	assert ( ( len & ( (cipher)->blocksize - 1 ) ) == 0 );		\
141
+	cipher_decrypt ( (cipher), (ctx), (src), (dst), (len) );	\
142
+	} while ( 0 )
143
+
126 144
 static inline int is_stream_cipher ( struct cipher_algorithm *cipher ) {
127 145
 	return ( cipher->blocksize == 1 );
128 146
 }
129 147
 
130
-extern int cipher_encrypt ( struct cipher_algorithm *cipher,
131
-			    void *ctx, const void *src, void *dst,
132
-			    size_t len );
133
-extern int cipher_decrypt ( struct cipher_algorithm *cipher,
134
-			    void *ctx, const void *src, void *dst,
135
-			    size_t len );
136
-
137 148
 extern struct digest_algorithm digest_null;
138 149
 extern struct cipher_algorithm cipher_null;
139 150
 extern struct pubkey_algorithm pubkey_null;

+ 5
- 17
src/net/tls.c View File

@@ -1223,15 +1223,9 @@ static int tls_send_plaintext ( struct tls_session *tls, unsigned int type,
1223 1223
 	tlshdr->length = htons ( plaintext_len );
1224 1224
 	memcpy ( cipherspec->cipher_next_ctx, cipherspec->cipher_ctx,
1225 1225
 		 cipherspec->cipher->ctxsize );
1226
-	if ( ( rc = cipher_encrypt ( cipherspec->cipher,
1227
-				     cipherspec->cipher_next_ctx, plaintext,
1228
-				     iob_put ( ciphertext, plaintext_len ),
1229
-				     plaintext_len ) ) != 0 ) {
1230
-		DBGC ( tls, "TLS %p could not encrypt: %s\n",
1231
-		       tls, strerror ( rc ) );
1232
-		DBGC_HD ( tls, plaintext, plaintext_len );
1233
-		goto done;
1234
-	}
1226
+	cipher_encrypt ( cipherspec->cipher, cipherspec->cipher_next_ctx,
1227
+			 plaintext, iob_put ( ciphertext, plaintext_len ),
1228
+			 plaintext_len );
1235 1229
 
1236 1230
 	/* Free plaintext as soon as possible to conserve memory */
1237 1231
 	free ( plaintext );
@@ -1393,14 +1387,8 @@ static int tls_new_ciphertext ( struct tls_session *tls,
1393 1387
 	}
1394 1388
 
1395 1389
 	/* Decrypt the record */
1396
-	if ( ( rc = cipher_decrypt ( cipherspec->cipher,
1397
-				     cipherspec->cipher_ctx, ciphertext,
1398
-				     plaintext, record_len ) ) != 0 ) {
1399
-		DBGC ( tls, "TLS %p could not decrypt: %s\n",
1400
-		       tls, strerror ( rc ) );
1401
-		DBGC_HD ( tls, ciphertext, record_len );
1402
-		goto done;
1403
-	}
1390
+	cipher_decrypt ( cipherspec->cipher, cipherspec->cipher_ctx,
1391
+			 ciphertext, plaintext, record_len );
1404 1392
 
1405 1393
 	/* Split record into content and MAC */
1406 1394
 	if ( is_stream_cipher ( cipherspec->cipher ) ) {

Loading…
Cancel
Save