Re: iked, use ibuf_seek() where it is obvious

Tue, 06 Jun 2023 06:20:04 -0700 

On Tue, Jun 06, 2023 at 12:59:05PM +0200, Claudio Jeker wrote:
> Replace some ibuf_data() + offset constructs to use ibuf_seek() the actual
> interface built exactly for this.
> 
> Should behave the same unless the code is already broken and overflowing
> the buffer.

Agreed.  Reads fine, ok tb

> -- 
> :wq Claudio
> 
> Index: crypto.c
> ===================================================================
> RCS file: /cvs/src/sbin/iked/crypto.c,v
> retrieving revision 1.43
> diff -u -p -r1.43 crypto.c
> --- crypto.c  23 May 2023 13:12:19 -0000      1.43
> +++ crypto.c  6 Jun 2023 10:52:59 -0000
> @@ -567,9 +567,9 @@ cipher_init(struct iked_cipher *encr, in
>               return (-1);
>       if (encr->encr_saltlength > 0) {
>               /* For AEADs the nonce is salt + IV  (see RFC5282) */
> -             nonce = ibuf_new(ibuf_data(encr->encr_key) +
> +             nonce = ibuf_new(ibuf_seek(encr->encr_key,
>                   ibuf_size(encr->encr_key) - encr->encr_saltlength,
> -                 encr->encr_saltlength);
> +                 encr->encr_saltlength), encr->encr_saltlength);
>               if (nonce == NULL)
>                       return (-1);
>               if (ibuf_add(nonce, ibuf_data(encr->encr_iv) , 
> ibuf_size(encr->encr_iv)) != 0)
> Index: ikev2_msg.c
> ===================================================================
> RCS file: /cvs/src/sbin/iked/ikev2_msg.c,v
> retrieving revision 1.93
> diff -u -p -r1.93 ikev2_msg.c
> --- ikev2_msg.c       30 May 2023 08:41:15 -0000      1.93
> +++ ikev2_msg.c       6 Jun 2023 10:51:45 -0000
> @@ -644,7 +644,7 @@ ikev2_msg_decrypt(struct iked *env, stru
>       }
>  
>       cipher_setkey(sa->sa_encr, encr->buf, ibuf_length(encr));
> -     cipher_setiv(sa->sa_encr, ibuf_data(src) + ivoff, ivlen);
> +     cipher_setiv(sa->sa_encr, ibuf_seek(src, ivoff, ivlen), ivlen);
>       if (cipher_init_decrypt(sa->sa_encr) == -1) {
>               log_info("%s: error initiating cipher.", __func__);
>               goto done;
> @@ -676,7 +676,7 @@ ikev2_msg_decrypt(struct iked *env, stru
>       }
>  
>       if ((outlen = ibuf_length(out)) != 0) {
> -             if (cipher_update(sa->sa_encr, ibuf_data(src) + encroff,
> +             if (cipher_update(sa->sa_encr, ibuf_seek(src, encroff, encrlen),
>                   encrlen, ibuf_data(out), &outlen) == -1) {
>                       log_info("%s: error updating cipher.", __func__);
>                       goto done;
>

Reply via email to