[crypto] Change cipher_{en,de}crypt() to void functions

It is a programming error, not a runtime error, if we attempt to use block ciphers with an incorrect blocksize, so use an assert() rather than an error status return.
ipxe · Feb 19, 2009 · b4d3d68 · b4d3d68
1 parent a3219b2
commit b4d3d68
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 50 deletions.
diff --git a/src/crypto/cipher.c b/src/crypto/cipher.c
diff --git a/src/include/gpxe/crypto.h b/src/include/gpxe/crypto.h
@@ -70,7 +70,6 @@ struct cipher_algorithm {
 	 * @v src		Data to encrypt
 	 * @v dst		Buffer for encrypted data
 	 * @v len		Length of data
-	 * @ret rc		Return status code
 	 *
 	 * @v len is guaranteed to be a multiple of @c blocksize.
 	 */
@@ -82,7 +81,6 @@ struct cipher_algorithm {
 	 * @v src		Data to decrypt
 	 * @v dst		Buffer for decrypted data
 	 * @v len		Length of data
-	 * @ret rc		Return status code
 	 *
 	 * @v len is guaranteed to be a multiple of @c blocksize.
 	 */
@@ -123,17 +121,30 @@ static inline void cipher_setiv ( struct cipher_algorithm *cipher,
 	cipher->setiv ( ctx, iv );
 }
 
+static inline void cipher_encrypt ( struct cipher_algorithm *cipher,
+				    void *ctx, const void *src, void *dst,
+				    size_t len ) {
+	cipher->encrypt ( ctx, src, dst, len );
+}
+#define cipher_encrypt( cipher, ctx, src, dst, len ) do {		\
+	assert ( ( len & ( (cipher)->blocksize - 1 ) ) == 0 );		\
+	cipher_encrypt ( (cipher), (ctx), (src), (dst), (len) );	\
+	} while ( 0 )
+
+static inline void cipher_decrypt ( struct cipher_algorithm *cipher,
+				    void *ctx, const void *src, void *dst,
+				    size_t len ) {
+	cipher->decrypt ( ctx, src, dst, len );
+}
+#define cipher_decrypt( cipher, ctx, src, dst, len ) do {		\
+	assert ( ( len & ( (cipher)->blocksize - 1 ) ) == 0 );		\
+	cipher_decrypt ( (cipher), (ctx), (src), (dst), (len) );	\
+	} while ( 0 )
+
 static inline int is_stream_cipher ( struct cipher_algorithm *cipher ) {
 	return ( cipher->blocksize == 1 );
 }
 
-extern int cipher_encrypt ( struct cipher_algorithm *cipher,
-			    void *ctx, const void *src, void *dst,
-			    size_t len );
-extern int cipher_decrypt ( struct cipher_algorithm *cipher,
-			    void *ctx, const void *src, void *dst,
-			    size_t len );
-
 extern struct digest_algorithm digest_null;
 extern struct cipher_algorithm cipher_null;
 extern struct pubkey_algorithm pubkey_null;

diff --git a/src/net/tls.c b/src/net/tls.c
@@ -1223,15 +1223,9 @@ static int tls_send_plaintext ( struct tls_session *tls, unsigned int type,
 	tlshdr->length = htons ( plaintext_len );
 	memcpy ( cipherspec->cipher_next_ctx, cipherspec->cipher_ctx,
 		 cipherspec->cipher->ctxsize );
-	if ( ( rc = cipher_encrypt ( cipherspec->cipher,
-				     cipherspec->cipher_next_ctx, plaintext,
-				     iob_put ( ciphertext, plaintext_len ),
-				     plaintext_len ) ) != 0 ) {
-		DBGC ( tls, "TLS %p could not encrypt: %s\n",
-		       tls, strerror ( rc ) );
-		DBGC_HD ( tls, plaintext, plaintext_len );
-		goto done;
-	}
+	cipher_encrypt ( cipherspec->cipher, cipherspec->cipher_next_ctx,
+			 plaintext, iob_put ( ciphertext, plaintext_len ),
+			 plaintext_len );
 
 	/* Free plaintext as soon as possible to conserve memory */
 	free ( plaintext );
@@ -1393,14 +1387,8 @@ static int tls_new_ciphertext ( struct tls_session *tls,
 	}
 
 	/* Decrypt the record */
-	if ( ( rc = cipher_decrypt ( cipherspec->cipher,
-				     cipherspec->cipher_ctx, ciphertext,
-				     plaintext, record_len ) ) != 0 ) {
-		DBGC ( tls, "TLS %p could not decrypt: %s\n",
-		       tls, strerror ( rc ) );
-		DBGC_HD ( tls, ciphertext, record_len );
-		goto done;
-	}
+	cipher_decrypt ( cipherspec->cipher, cipherspec->cipher_ctx,
+			 ciphertext, plaintext, record_len );
 
 	/* Split record into content and MAC */
 	if ( is_stream_cipher ( cipherspec->cipher ) ) {