xCAT/xNBA
2
0
Fork 0
mirror of https://github.com/xcat2/xNBA.git synced 2025-03-04 02:00:13 +00:00
Code Issues Projects Releases Wiki Activity

[crypto] Change cipher_{en,de}crypt() to void functions

Browse Source 
It is a programming error, not a runtime error, if we attempt to use
block ciphers with an incorrect blocksize, so use an assert() rather
than an error status return.
This commit is contained in:
Michael Brown 2009-02-18 22:27:34 +00:00
parent a3219b24a8
commit b4d3d686cc
3 changed files with 25 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
src/crypto/cipher.c
View File

@ -1,24 +0,0 @@
#include <stdint.h>
#include <errno.h>
#include <gpxe/crypto.h>
int cipher_encrypt ( struct cipher_algorithm *cipher,
void *ctx, const void *src, void *dst,
size_t len ) {
if ( ( len & ( cipher->blocksize - 1 ) ) ) {
return -EINVAL;
}
cipher->encrypt ( ctx, src, dst, len );
return 0;
}
int cipher_decrypt ( struct cipher_algorithm *cipher,
void *ctx, const void *src, void *dst,
size_t len ) {
if ( ( len & ( cipher->blocksize - 1 ) ) ) {
return -EINVAL;
}
cipher->decrypt ( ctx, src, dst, len );
return 0;
}

29
src/include/gpxe/crypto.h
View File

@ -70,7 +70,6 @@ struct cipher_algorithm {
* @v src Data to encrypt
* @v dst Buffer for encrypted data
* @v len Length of data
* @ret rc Return status code
*
* @v len is guaranteed to be a multiple of @c blocksize.
*/
@ -82,7 +81,6 @@ struct cipher_algorithm {
* @v src Data to decrypt
* @v dst Buffer for decrypted data
* @v len Length of data
* @ret rc Return status code
*
* @v len is guaranteed to be a multiple of @c blocksize.
*/
@ -123,17 +121,30 @@ static inline void cipher_setiv ( struct cipher_algorithm *cipher,
cipher->setiv ( ctx, iv );
}
static inline void cipher_encrypt ( struct cipher_algorithm *cipher,
void *ctx, const void *src, void *dst,
size_t len ) {
cipher->encrypt ( ctx, src, dst, len );
}
#define cipher_encrypt( cipher, ctx, src, dst, len ) do { \
assert ( ( len & ( (cipher)->blocksize - 1 ) ) == 0 ); \
cipher_encrypt ( (cipher), (ctx), (src), (dst), (len) ); \
} while ( 0 )
static inline void cipher_decrypt ( struct cipher_algorithm *cipher,
void *ctx, const void *src, void *dst,
size_t len ) {
cipher->decrypt ( ctx, src, dst, len );
}
#define cipher_decrypt( cipher, ctx, src, dst, len ) do { \
assert ( ( len & ( (cipher)->blocksize - 1 ) ) == 0 ); \
cipher_decrypt ( (cipher), (ctx), (src), (dst), (len) ); \
} while ( 0 )
static inline int is_stream_cipher ( struct cipher_algorithm *cipher ) {
return ( cipher->blocksize == 1 );
}
extern int cipher_encrypt ( struct cipher_algorithm *cipher,
void *ctx, const void *src, void *dst,
size_t len );
extern int cipher_decrypt ( struct cipher_algorithm *cipher,
void *ctx, const void *src, void *dst,
size_t len );
extern struct digest_algorithm digest_null;
extern struct cipher_algorithm cipher_null;
extern struct pubkey_algorithm pubkey_null;

22
src/net/tls.c
View File

@ -1223,15 +1223,9 @@ static int tls_send_plaintext ( struct tls_session *tls, unsigned int type,
tlshdr->length = htons ( plaintext_len );
memcpy ( cipherspec->cipher_next_ctx, cipherspec->cipher_ctx,
cipherspec->cipher->ctxsize );
if ( ( rc = cipher_encrypt ( cipherspec->cipher,
cipherspec->cipher_next_ctx, plaintext,
iob_put ( ciphertext, plaintext_len ),
plaintext_len ) ) != 0 ) {
DBGC ( tls, "TLS %p could not encrypt: %s\n",
tls, strerror ( rc ) );
DBGC_HD ( tls, plaintext, plaintext_len );
goto done;
}
cipher_encrypt ( cipherspec->cipher, cipherspec->cipher_next_ctx,
plaintext, iob_put ( ciphertext, plaintext_len ),
plaintext_len );
/* Free plaintext as soon as possible to conserve memory */
free ( plaintext );
@ -1393,14 +1387,8 @@ static int tls_new_ciphertext ( struct tls_session *tls,
}
/* Decrypt the record */
if ( ( rc = cipher_decrypt ( cipherspec->cipher,
cipherspec->cipher_ctx, ciphertext,
plaintext, record_len ) ) != 0 ) {
DBGC ( tls, "TLS %p could not decrypt: %s\n",
tls, strerror ( rc ) );
DBGC_HD ( tls, ciphertext, record_len );
goto done;
}
cipher_decrypt ( cipherspec->cipher, cipherspec->cipher_ctx,
ciphertext, plaintext, record_len );
/* Split record into content and MAC */
if ( is_stream_cipher ( cipherspec->cipher ) ) {