mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2024-12-26 22:52:13 +00:00
MINOR: quic: remove return val of quic_aead_iv_build()
quic_aead_iv_build() should never fail unless we call it with buffers of different size. This never happens in the code as every input buffers are of size QUIC_TLS_IV_LEN. Remove the return value and add a BUG_ON() to prevent future misusage. This is especially useful to remove one error handling on the sending patch via quic_packet_encrypt(). This should be backported up to 2.7.
This commit is contained in:
parent
8d6d246dbc
commit
5eadc27623
@ -96,8 +96,8 @@ int quic_tls_sec_update(const EVP_MD *md, const struct quic_version *qv,
|
||||
unsigned char *new_sec, size_t new_seclen,
|
||||
const unsigned char *sec, size_t seclen);
|
||||
|
||||
int quic_aead_iv_build(unsigned char *iv, size_t ivlen,
|
||||
unsigned char *aead_iv, size_t aead_ivlen, uint64_t pn);
|
||||
void quic_aead_iv_build(unsigned char *iv, size_t ivlen,
|
||||
unsigned char *aead_iv, size_t aead_ivlen, uint64_t pn);
|
||||
|
||||
/* HP protection (AES) */
|
||||
int quic_tls_dec_aes_ctx_init(EVP_CIPHER_CTX **aes_ctx,
|
||||
|
@ -1542,10 +1542,7 @@ static int quic_packet_encrypt(unsigned char *payload, size_t payload_len,
|
||||
|
||||
TRACE_ENTER(QUIC_EV_CONN_ENCPKT, qc);
|
||||
|
||||
if (!quic_aead_iv_build(iv, sizeof iv, tx_iv, tx_iv_sz, pn)) {
|
||||
TRACE_ERROR("AEAD IV building for encryption failed", QUIC_EV_CONN_ENCPKT, qc);
|
||||
goto err;
|
||||
}
|
||||
quic_aead_iv_build(iv, sizeof iv, tx_iv, tx_iv_sz, pn);
|
||||
|
||||
if (!quic_tls_encrypt(payload, payload_len, aad, aad_len,
|
||||
tls_ctx->tx.ctx, tls_ctx->tx.aead, tls_ctx->tx.key, iv)) {
|
||||
@ -1626,10 +1623,7 @@ static int qc_pkt_decrypt(struct quic_conn *qc, struct quic_enc_level *qel,
|
||||
}
|
||||
}
|
||||
|
||||
if (!quic_aead_iv_build(iv, sizeof iv, rx_iv, rx_iv_sz, pkt->pn)) {
|
||||
TRACE_ERROR("quic_aead_iv_build() failed", QUIC_EV_CONN_RXPKT, qc);
|
||||
goto leave;
|
||||
}
|
||||
quic_aead_iv_build(iv, sizeof iv, rx_iv, rx_iv_sz, pkt->pn);
|
||||
|
||||
ret = quic_tls_decrypt(pkt->data + pkt->aad_len, pkt->len - pkt->aad_len,
|
||||
pkt->data, pkt->aad_len,
|
||||
|
@ -326,17 +326,16 @@ int quic_tls_sec_update(const EVP_MD *md, const struct quic_version *qv,
|
||||
* <aead_ivlen> as size depending on <pn> packet number.
|
||||
* This is the function which must be called to build an AEAD IV for the AEAD cryptographic algorithm
|
||||
* used to encrypt/decrypt the QUIC packet payloads depending on the packet number <pn>.
|
||||
* This function fails and return 0 only if the two buffer lengths are different, 1 if not.
|
||||
*/
|
||||
int quic_aead_iv_build(unsigned char *iv, size_t ivlen,
|
||||
unsigned char *aead_iv, size_t aead_ivlen, uint64_t pn)
|
||||
void quic_aead_iv_build(unsigned char *iv, size_t ivlen,
|
||||
unsigned char *aead_iv, size_t aead_ivlen, uint64_t pn)
|
||||
{
|
||||
int i;
|
||||
unsigned int shift;
|
||||
unsigned char *pos = iv;
|
||||
|
||||
if (ivlen != aead_ivlen)
|
||||
return 0;
|
||||
/* Input buffers must have the same size. */
|
||||
BUG_ON(ivlen != aead_ivlen);
|
||||
|
||||
for (i = 0; i < ivlen - sizeof pn; i++)
|
||||
*pos++ = *aead_iv++;
|
||||
@ -345,8 +344,6 @@ int quic_aead_iv_build(unsigned char *iv, size_t ivlen,
|
||||
shift = 56;
|
||||
for (i = aead_ivlen - sizeof pn; i < aead_ivlen ; i++, shift -= 8)
|
||||
*pos++ = *aead_iv++ ^ (pn >> shift);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* Initialize the cipher context for RX part of <tls_ctx> QUIC TLS context.
|
||||
|
Loading…
Reference in New Issue
Block a user