Make the OPE scheme return CRYPTO_OPE_ERROR on error.

Instead of UINT64_MAX.

src/lib/crypt_ops/crypto_ope.c

@@ -149,7 +149,8 @@ crypto_ope_free_(crypto_ope_t *ope)
 
 /**
  * Return the encrypted value corresponding to <b>input</b>.  The input value
- * must be in range 1..OPE_INPUT_MAX.  Returns UINT64_MAX on an invalid input.
+ * must be in range 1..OPE_INPUT_MAX.  Returns CRYPTO_OPE_ERROR on an invalid
+ * input.
  *
  * NOTE: this function is not constant-time.
  */
@@ -157,7 +158,7 @@ uint64_t
 crypto_ope_encrypt(const crypto_ope_t *ope, int plaintext)
 {
   if (plaintext <= 0 || plaintext > OPE_INPUT_MAX)
-    return UINT64_MAX;
+    return CRYPTO_OPE_ERROR;
 
   const int sample_idx = (plaintext / SAMPLE_INTERVAL);
   const int starting_iv = sample_idx * SAMPLE_INTERVAL;

src/lib/crypt_ops/crypto_ope.h

@@ -26,6 +26,8 @@
  */
 #define OPE_INPUT_MAX (1<<18)
 
+#define CRYPTO_OPE_ERROR UINT64_MAX
+
 typedef struct crypto_ope_c crypto_ope_t;
 
 crypto_ope_t *crypto_ope_new(const uint8_t *key);

src/or/hs_service.c

@@ -2428,8 +2428,8 @@ set_descriptor_revision_counter(hs_service_descriptor_t *hs_desc, time_t now,
   rev_counter = crypto_ope_encrypt(hs_desc->ope_cipher,
                                    (int) seconds_since_start_of_srv);
 
-  /* The OPE module returns UINT64_MAX in case of errors. */
-  tor_assert_nonfatal(rev_counter < UINT64_MAX);
+  /* The OPE module returns CRYPTO_OPE_ERROR in case of errors. */
+  tor_assert_nonfatal(rev_counter < CRYPTO_OPE_ERROR);
 
   log_info(LD_REND, "Encrypted revision counter %d to %ld",
            (int) seconds_since_start_of_srv, (long int) rev_counter);