Use LONG_MAX as the limit for ciphers with long based APIs.

These ciphers have long based APIs, while EVP has a size_t based API. The intent of these loops is to handle sizes that are bigger than LONG_MAX. Rather than using the rather crazy EVP_MAXCHUNK construct, use LONG_MAX rounded down to a large block size, ensuring that it is a block size multiple. Revert the recently added overflow checks now that this is handled more appropriately. ok tb@
author: jsing <> 2022-09-15 07:04:19 +0000
committer: jsing <> 2022-09-15 07:04:19 +0000
commit: eb8c72ebbdf63c499f36d2304eaeea78cc947403 (patch)
tree: 1c7afa8ea8df0921bd154e4d6c5a2402edf4beb7 /src/lib/libcrypto/evp/e_idea.c
parent: 1d6e66f8d2d6bdd1973ab33ca3f3b7f7d3a85498 (diff)
download: openbsd-eb8c72ebbdf63c499f36d2304eaeea78cc947403.tar.gz
openbsd-eb8c72ebbdf63c499f36d2304eaeea78cc947403.tar.bz2
openbsd-eb8c72ebbdf63c499f36d2304eaeea78cc947403.zip
1 files changed, 18 insertions, 25 deletions
diff --git a/src/lib/libcrypto/evp/e_idea.c b/src/lib/libcrypto/evp/e_idea.c
index 8696fb2450..b45ffd5696 100644
--- a/src/lib/libcrypto/evp/e_idea.c
+++ b/src/lib/libcrypto/evp/e_idea.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_idea.c,v 1.16 2022/09/10 17:39:47 jsing Exp $ */
+/* $OpenBSD: e_idea.c,v 1.17 2022/09/15 07:04:19 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -103,9 +103,6 @@ idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 {
        size_t i, bl;
-        if (inl > LONG_MAX)
-                return 0;
        bl = ctx->cipher->block_size;
        if (inl < bl)
@@ -114,7 +111,8 @@ idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
        inl -= bl;
        for (i = 0; i <= inl; i += bl)
-        idea_ecb_encrypt(in + i, out + i, ctx->cipher_data);
+                idea_ecb_encrypt(in + i, out + i, ctx->cipher_data);
        return 1;
 }
@@ -125,14 +123,13 @@ typedef struct {
 static int
 idea_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
 {
-        if (inl > LONG_MAX)
+        size_t chunk = LONG_MAX & ~0xff;
-                return 0;
+        while (inl >= chunk) {
-        while (inl >= EVP_MAXCHUNK) {
+                idea_cbc_encrypt(in, out, (long)chunk, &((EVP_IDEA_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt);
-                idea_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &((EVP_IDEA_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt);
+                inl -= chunk;
-                inl -= EVP_MAXCHUNK;
+                in += chunk;
-                in += EVP_MAXCHUNK;
+                out += chunk;
-                out += EVP_MAXCHUNK;
        }
        if (inl)
@@ -144,14 +141,13 @@ idea_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in
 static int
 idea_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
 {
-        if (inl > LONG_MAX)
+        size_t chunk = LONG_MAX & ~0xff;
-                return 0;
+        while (inl >= chunk) {
-        while (inl >= EVP_MAXCHUNK) {
+                idea_ofb64_encrypt(in, out, (long)chunk, &((EVP_IDEA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num);
-                idea_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, &((EVP_IDEA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num);
+                inl -= chunk;
-                inl -= EVP_MAXCHUNK;
+                in += chunk;
-                in += EVP_MAXCHUNK;
+                out += chunk;
-                out += EVP_MAXCHUNK;
        }
        if (inl)
@@ -163,10 +159,7 @@ idea_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in
 static int
 idea_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
 {
-        size_t chunk = EVP_MAXCHUNK;
+        size_t chunk = LONG_MAX & ~0xff;
-        if (inl > LONG_MAX)
-                return 0;
        if (inl < chunk)
                chunk = inl;
author	jsing <>	2022-09-15 07:04:19 +0000
committer	jsing <>	2022-09-15 07:04:19 +0000
commit	eb8c72ebbdf63c499f36d2304eaeea78cc947403 (patch)
tree	1c7afa8ea8df0921bd154e4d6c5a2402edf4beb7 /src/lib/libcrypto/evp/e_idea.c
parent	1d6e66f8d2d6bdd1973ab33ca3f3b7f7d3a85498 (diff)
download	openbsd-eb8c72ebbdf63c499f36d2304eaeea78cc947403.tar.gz openbsd-eb8c72ebbdf63c499f36d2304eaeea78cc947403.tar.bz2 openbsd-eb8c72ebbdf63c499f36d2304eaeea78cc947403.zip

diff --git a/src/lib/libcrypto/evp/e_idea.c b/src/lib/libcrypto/evp/e_idea.c index 8696fb2450..b45ffd5696 100644 --- a/src/lib/libcrypto/evp/e_idea.c +++ b/src/lib/libcrypto/evp/e_idea.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: e_idea.c,v 1.16 2022/09/10 17:39:47 jsing Exp $ */	1	/* $OpenBSD: e_idea.c,v 1.17 2022/09/15 07:04:19 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -103,9 +103,6 @@ idea_ecb_cipher(EVP_CIPHER_CTX ctx, unsigned char out,
103	{	103	{
104	size_t i, bl;	104	size_t i, bl;
105		105
106	if (inl > LONG_MAX)
107	return 0;
108
109	bl = ctx->cipher->block_size;	106	bl = ctx->cipher->block_size;
110		107
111	if (inl < bl)	108	if (inl < bl)
@@ -114,7 +111,8 @@ idea_ecb_cipher(EVP_CIPHER_CTX ctx, unsigned char out,
114	inl -= bl;	111	inl -= bl;
115		112
116	for (i = 0; i <= inl; i += bl)	113	for (i = 0; i <= inl; i += bl)
117	idea_ecb_encrypt(in + i, out + i, ctx->cipher_data);	114	idea_ecb_encrypt(in + i, out + i, ctx->cipher_data);
		115
118	return 1;	116	return 1;
119	}	117	}
120		118
@@ -125,14 +123,13 @@ typedef struct {
125	static int	123	static int
126	idea_cbc_cipher(EVP_CIPHER_CTX ctx, unsigned char out, const unsigned char *in, size_t inl)	124	idea_cbc_cipher(EVP_CIPHER_CTX ctx, unsigned char out, const unsigned char *in, size_t inl)
127	{	125	{
128	if (inl > LONG_MAX)	126	size_t chunk = LONG_MAX & ~0xff;
129	return 0;	127
130		128	while (inl >= chunk) {
131	while (inl >= EVP_MAXCHUNK) {	129	idea_cbc_encrypt(in, out, (long)chunk, &((EVP_IDEA_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt);
132	idea_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &((EVP_IDEA_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt);	130	inl -= chunk;
133	inl -= EVP_MAXCHUNK;	131	in += chunk;
134	in += EVP_MAXCHUNK;	132	out += chunk;
135	out += EVP_MAXCHUNK;
136	}	133	}
137		134
138	if (inl)	135	if (inl)
@@ -144,14 +141,13 @@ idea_cbc_cipher(EVP_CIPHER_CTX ctx, unsigned char out, const unsigned char *in
144	static int	141	static int
145	idea_ofb_cipher(EVP_CIPHER_CTX ctx, unsigned char out, const unsigned char *in, size_t inl)	142	idea_ofb_cipher(EVP_CIPHER_CTX ctx, unsigned char out, const unsigned char *in, size_t inl)
146	{	143	{
147	if (inl > LONG_MAX)	144	size_t chunk = LONG_MAX & ~0xff;
148	return 0;	145
149		146	while (inl >= chunk) {
150	while (inl >= EVP_MAXCHUNK) {	147	idea_ofb64_encrypt(in, out, (long)chunk, &((EVP_IDEA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num);
151	idea_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, &((EVP_IDEA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num);	148	inl -= chunk;
152	inl -= EVP_MAXCHUNK;	149	in += chunk;
153	in += EVP_MAXCHUNK;	150	out += chunk;
154	out += EVP_MAXCHUNK;
155	}	151	}
156		152
157	if (inl)	153	if (inl)
@@ -163,10 +159,7 @@ idea_ofb_cipher(EVP_CIPHER_CTX ctx, unsigned char out, const unsigned char *in
163	static int	159	static int
164	idea_cfb64_cipher(EVP_CIPHER_CTX ctx, unsigned char out, const unsigned char *in, size_t inl)	160	idea_cfb64_cipher(EVP_CIPHER_CTX ctx, unsigned char out, const unsigned char *in, size_t inl)
165	{	161	{
166	size_t chunk = EVP_MAXCHUNK;	162	size_t chunk = LONG_MAX & ~0xff;
167
168	if (inl > LONG_MAX)
169	return 0;
170		163
171	if (inl < chunk)	164	if (inl < chunk)
172	chunk = inl;	165	chunk = inl;