Use LONG_MAX as the limit for ciphers with long based APIs.

These ciphers have long based APIs, while EVP has a size_t based API. The intent of these loops is to handle sizes that are bigger than LONG_MAX. Rather than using the rather crazy EVP_MAXCHUNK construct, use LONG_MAX rounded down to a large block size, ensuring that it is a block size multiple. Revert the recently added overflow checks now that this is handled more appropriately. ok tb@
author: jsing <> 2022-09-15 07:04:19 +0000
committer: jsing <> 2022-09-15 07:04:19 +0000
commit: eb8c72ebbdf63c499f36d2304eaeea78cc947403 (patch)
tree: 1c7afa8ea8df0921bd154e4d6c5a2402edf4beb7 /src/lib/libcrypto/evp/e_cast.c
parent: 1d6e66f8d2d6bdd1973ab33ca3f3b7f7d3a85498 (diff)
download: openbsd-eb8c72ebbdf63c499f36d2304eaeea78cc947403.tar.gz
openbsd-eb8c72ebbdf63c499f36d2304eaeea78cc947403.tar.bz2
openbsd-eb8c72ebbdf63c499f36d2304eaeea78cc947403.zip
1 files changed, 16 insertions, 24 deletions
diff --git a/src/lib/libcrypto/evp/e_cast.c b/src/lib/libcrypto/evp/e_cast.c
index f5654d9f3e..702c26e0c3 100644
--- a/src/lib/libcrypto/evp/e_cast.c
+++ b/src/lib/libcrypto/evp/e_cast.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_cast.c,v 1.12 2022/09/10 17:39:47 jsing Exp $ */
+/* $OpenBSD: e_cast.c,v 1.13 2022/09/15 07:04:19 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -86,14 +86,13 @@ cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 static int
 cast5_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
 {
-        if (inl > LONG_MAX)
+        size_t chunk = LONG_MAX & ~0xff;
-                return 0;
+        while (inl >= chunk) {
-        while (inl >= EVP_MAXCHUNK) {
+                CAST_cbc_encrypt(in, out, (long)chunk, &((EVP_CAST_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt);
-                CAST_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &((EVP_CAST_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt);
+                inl -= chunk;
-                inl -= EVP_MAXCHUNK;
+                in += chunk;
-                in += EVP_MAXCHUNK;
+                out += chunk;
-                out += EVP_MAXCHUNK;
        }
        if (inl)
@@ -105,10 +104,7 @@ cast5_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *i
 static int
 cast5_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
 {
-        size_t chunk = EVP_MAXCHUNK;
+        size_t chunk = LONG_MAX & ~0xff;
-        if (inl > LONG_MAX)
-                return 0;
        if (inl < chunk)
                chunk = inl;
@@ -130,9 +126,6 @@ cast5_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *i
 {
        size_t i, bl;
-        if (inl > LONG_MAX)
-                return 0;
        bl = ctx->cipher->block_size;
        if (inl < bl)
@@ -149,14 +142,13 @@ cast5_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *i
 static int
 cast5_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
 {
-        if (inl > LONG_MAX)
+        size_t chunk = LONG_MAX & ~0xff;
-                return 0;
+        while (inl >= chunk) {
-        while (inl >= EVP_MAXCHUNK) {
+                CAST_ofb64_encrypt(in, out, (long)chunk, &((EVP_CAST_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num);
-                CAST_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, &((EVP_CAST_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num);
+                inl -= chunk;
-                inl -= EVP_MAXCHUNK;
+                in += chunk;
-                in += EVP_MAXCHUNK;
+                out += chunk;
-                out += EVP_MAXCHUNK;
        }
        if (inl)
author	jsing <>	2022-09-15 07:04:19 +0000
committer	jsing <>	2022-09-15 07:04:19 +0000
commit	eb8c72ebbdf63c499f36d2304eaeea78cc947403 (patch)
tree	1c7afa8ea8df0921bd154e4d6c5a2402edf4beb7 /src/lib/libcrypto/evp/e_cast.c
parent	1d6e66f8d2d6bdd1973ab33ca3f3b7f7d3a85498 (diff)
download	openbsd-eb8c72ebbdf63c499f36d2304eaeea78cc947403.tar.gz openbsd-eb8c72ebbdf63c499f36d2304eaeea78cc947403.tar.bz2 openbsd-eb8c72ebbdf63c499f36d2304eaeea78cc947403.zip

diff --git a/src/lib/libcrypto/evp/e_cast.c b/src/lib/libcrypto/evp/e_cast.c index f5654d9f3e..702c26e0c3 100644 --- a/src/lib/libcrypto/evp/e_cast.c +++ b/src/lib/libcrypto/evp/e_cast.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: e_cast.c,v 1.12 2022/09/10 17:39:47 jsing Exp $ */	1	/* $OpenBSD: e_cast.c,v 1.13 2022/09/15 07:04:19 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -86,14 +86,13 @@ cast_init_key(EVP_CIPHER_CTX ctx, const unsigned char key,
86	static int	86	static int
87	cast5_cbc_cipher(EVP_CIPHER_CTX ctx, unsigned char out, const unsigned char *in, size_t inl)	87	cast5_cbc_cipher(EVP_CIPHER_CTX ctx, unsigned char out, const unsigned char *in, size_t inl)
88	{	88	{
89	if (inl > LONG_MAX)	89	size_t chunk = LONG_MAX & ~0xff;
90	return 0;	90
91		91	while (inl >= chunk) {
92	while (inl >= EVP_MAXCHUNK) {	92	CAST_cbc_encrypt(in, out, (long)chunk, &((EVP_CAST_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt);
93	CAST_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &((EVP_CAST_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt);	93	inl -= chunk;
94	inl -= EVP_MAXCHUNK;	94	in += chunk;
95	in += EVP_MAXCHUNK;	95	out += chunk;
96	out += EVP_MAXCHUNK;
97	}	96	}
98		97
99	if (inl)	98	if (inl)
@@ -105,10 +104,7 @@ cast5_cbc_cipher(EVP_CIPHER_CTX ctx, unsigned char out, const unsigned char *i
105	static int	104	static int
106	cast5_cfb64_cipher(EVP_CIPHER_CTX ctx, unsigned char out, const unsigned char *in, size_t inl)	105	cast5_cfb64_cipher(EVP_CIPHER_CTX ctx, unsigned char out, const unsigned char *in, size_t inl)
107	{	106	{
108	size_t chunk = EVP_MAXCHUNK;	107	size_t chunk = LONG_MAX & ~0xff;
109
110	if (inl > LONG_MAX)
111	return 0;
112		108
113	if (inl < chunk)	109	if (inl < chunk)
114	chunk = inl;	110	chunk = inl;
@@ -130,9 +126,6 @@ cast5_ecb_cipher(EVP_CIPHER_CTX ctx, unsigned char out, const unsigned char *i
130	{	126	{
131	size_t i, bl;	127	size_t i, bl;
132		128
133	if (inl > LONG_MAX)
134	return 0;
135
136	bl = ctx->cipher->block_size;	129	bl = ctx->cipher->block_size;
137		130
138	if (inl < bl)	131	if (inl < bl)
@@ -149,14 +142,13 @@ cast5_ecb_cipher(EVP_CIPHER_CTX ctx, unsigned char out, const unsigned char *i
149	static int	142	static int
150	cast5_ofb_cipher(EVP_CIPHER_CTX ctx, unsigned char out, const unsigned char *in, size_t inl)	143	cast5_ofb_cipher(EVP_CIPHER_CTX ctx, unsigned char out, const unsigned char *in, size_t inl)
151	{	144	{
152	if (inl > LONG_MAX)	145	size_t chunk = LONG_MAX & ~0xff;
153	return 0;	146
154		147	while (inl >= chunk) {
155	while (inl >= EVP_MAXCHUNK) {	148	CAST_ofb64_encrypt(in, out, (long)chunk, &((EVP_CAST_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num);
156	CAST_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, &((EVP_CAST_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num);	149	inl -= chunk;
157	inl -= EVP_MAXCHUNK;	150	in += chunk;
158	in += EVP_MAXCHUNK;	151	out += chunk;
159	out += EVP_MAXCHUNK;
160	}	152	}
161		153
162	if (inl)	154	if (inl)