Use LONG_MAX as the limit for ciphers with long based APIs.

These ciphers have long based APIs, while EVP has a size_t based API. The
intent of these loops is to handle sizes that are bigger than LONG_MAX.
Rather than using the rather crazy EVP_MAXCHUNK construct, use LONG_MAX
rounded down to a large block size, ensuring that it is a block size
multiple. Revert the recently added overflow checks now that this is
handled more appropriately.

ok tb@

6 files changed, 120 insertions, 169 deletions

diff --git a/src/lib/libcrypto/evp/e_bf.c b/src/lib/libcrypto/evp/e_bf.c
index f97f9ed1e4..4632b523e2 100644
--- a/src/lib/libcrypto/evp/e_bf.c
+++ b/src/lib/libcrypto/evp/e_bf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_bf.c,v 1.13 2022/09/10 17:39:47 jsing Exp $ */
+/* $OpenBSD: e_bf.c,v 1.14 2022/09/15 07:04:19 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -86,14 +86,13 @@ bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 static int
 bf_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
 {
-        if (inl > LONG_MAX)
-                return 0;
-
-        while (inl >= EVP_MAXCHUNK) {
-                BF_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &((EVP_BF_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt);
-                inl -= EVP_MAXCHUNK;
-                in += EVP_MAXCHUNK;
-                out += EVP_MAXCHUNK;
+        size_t chunk = LONG_MAX & ~0xff;
+
+        while (inl >= chunk) {
+                BF_cbc_encrypt(in, out, (long)chunk, &((EVP_BF_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt);
+                inl -= chunk;
+                in += chunk;
+                out += chunk;
         }
 
         if (inl)
@@ -105,10 +104,7 @@ bf_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in,
 static int
 bf_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
 {
-        size_t chunk = EVP_MAXCHUNK;
-
-        if (inl > LONG_MAX)
-                return 0;
+        size_t chunk = LONG_MAX & ~0xff;
 
         if (inl < chunk)
                 chunk = inl;
@@ -130,9 +126,6 @@ bf_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in,
 {
         size_t i, bl;
 
-        if (inl > LONG_MAX)
-                return 0;
-
         bl = ctx->cipher->block_size;
 
         if (inl < bl)
@@ -149,14 +142,13 @@ bf_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in,
 static int
 bf_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
 {
-        if (inl > LONG_MAX)
-                return 0;
-
-        while (inl >= EVP_MAXCHUNK) {
-                BF_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, &((EVP_BF_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num);
-                inl -= EVP_MAXCHUNK;
-                in += EVP_MAXCHUNK;
-                out += EVP_MAXCHUNK;
+        size_t chunk = LONG_MAX & ~0xff;
+
+        while (inl >= chunk) {
+                BF_ofb64_encrypt(in, out, (long)chunk, &((EVP_BF_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num);
+                inl -= chunk;
+                in += chunk;
+                out += chunk;
         }
 
         if (inl)
diff --git a/src/lib/libcrypto/evp/e_cast.c b/src/lib/libcrypto/evp/e_cast.c
index f5654d9f3e..702c26e0c3 100644
--- a/src/lib/libcrypto/evp/e_cast.c
+++ b/src/lib/libcrypto/evp/e_cast.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_cast.c,v 1.12 2022/09/10 17:39:47 jsing Exp $ */
+/* $OpenBSD: e_cast.c,v 1.13 2022/09/15 07:04:19 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -86,14 +86,13 @@ cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 static int
 cast5_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
 {
-        if (inl > LONG_MAX)
-                return 0;
-
-        while (inl >= EVP_MAXCHUNK) {
-                CAST_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &((EVP_CAST_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt);
-                inl -= EVP_MAXCHUNK;
-                in += EVP_MAXCHUNK;
-                out += EVP_MAXCHUNK;
+        size_t chunk = LONG_MAX & ~0xff;
+
+        while (inl >= chunk) {
+                CAST_cbc_encrypt(in, out, (long)chunk, &((EVP_CAST_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt);
+                inl -= chunk;
+                in += chunk;
+                out += chunk;
         }
 
         if (inl)
@@ -105,10 +104,7 @@ cast5_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *i
 static int
 cast5_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
 {
-        size_t chunk = EVP_MAXCHUNK;
-
-        if (inl > LONG_MAX)
-                return 0;
+        size_t chunk = LONG_MAX & ~0xff;
 
         if (inl < chunk)
                 chunk = inl;
@@ -130,9 +126,6 @@ cast5_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *i
 {
         size_t i, bl;
 
-        if (inl > LONG_MAX)
-                return 0;
-
         bl = ctx->cipher->block_size;
 
         if (inl < bl)
@@ -149,14 +142,13 @@ cast5_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *i
 static int
 cast5_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
 {
-        if (inl > LONG_MAX)
-                return 0;
-
-        while (inl >= EVP_MAXCHUNK) {
-                CAST_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, &((EVP_CAST_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num);
-                inl -= EVP_MAXCHUNK;
-                in += EVP_MAXCHUNK;
-                out += EVP_MAXCHUNK;
+        size_t chunk = LONG_MAX & ~0xff;
+
+        while (inl >= chunk) {
+                CAST_ofb64_encrypt(in, out, (long)chunk, &((EVP_CAST_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num);
+                inl -= chunk;
+                in += chunk;
+                out += chunk;
         }
 
         if (inl)
diff --git a/src/lib/libcrypto/evp/e_des.c b/src/lib/libcrypto/evp/e_des.c
index 9205128cf4..8fcab72e6b 100644
--- a/src/lib/libcrypto/evp/e_des.c
+++ b/src/lib/libcrypto/evp/e_des.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_des.c,v 1.18 2022/09/04 15:45:25 jsing Exp $ */
+/* $OpenBSD: e_des.c,v 1.19 2022/09/15 07:04:19 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -99,9 +99,6 @@ des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 {
         size_t i, bl;
 
-        if (inl > LONG_MAX)
-                return 0;
-
         bl = ctx->cipher->block_size;
 
         if (inl < bl)
@@ -120,15 +117,14 @@ static int
 des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     const unsigned char *in, size_t inl)
 {
-        if (inl > LONG_MAX)
-                return 0;
+        size_t chunk = LONG_MAX & ~0xff;
 
-        while (inl >= EVP_MAXCHUNK) {
-                DES_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data,
+        while (inl >= chunk) {
+                DES_ofb64_encrypt(in, out, (long)chunk, ctx->cipher_data,
                     (DES_cblock *)ctx->iv, &ctx->num);
-                inl -= EVP_MAXCHUNK;
-                in += EVP_MAXCHUNK;
-                out += EVP_MAXCHUNK;
+                inl -= chunk;
+                in += chunk;
+                out += chunk;
         }
         if (inl)
                 DES_ofb64_encrypt(in, out, (long)inl, ctx->cipher_data,
@@ -140,15 +136,14 @@ static int
 des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     const unsigned char *in, size_t inl)
 {
-        if (inl > LONG_MAX)
-                return 0;
+        size_t chunk = LONG_MAX & ~0xff;
 
-        while (inl >= EVP_MAXCHUNK) {
-                DES_ncbc_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data,
+        while (inl >= chunk) {
+                DES_ncbc_encrypt(in, out, (long)chunk, ctx->cipher_data,
                     (DES_cblock *)ctx->iv, ctx->encrypt);
-                inl -= EVP_MAXCHUNK;
-                in += EVP_MAXCHUNK;
-                out += EVP_MAXCHUNK;
+                inl -= chunk;
+                in += chunk;
+                out += chunk;
         }
         if (inl)
                 DES_ncbc_encrypt(in, out, (long)inl, ctx->cipher_data,
@@ -160,15 +155,14 @@ static int
 des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     const unsigned char *in, size_t inl)
 {
-        if (inl > LONG_MAX)
-                return 0;
+        size_t chunk = LONG_MAX & ~0xff;
 
-        while (inl >= EVP_MAXCHUNK) {
-                DES_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data,
+        while (inl >= chunk) {
+                DES_cfb64_encrypt(in, out, (long)chunk, ctx->cipher_data,
                     (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
-                inl -= EVP_MAXCHUNK;
-                in += EVP_MAXCHUNK;
-                out += EVP_MAXCHUNK;
+                inl -= chunk;
+                in += chunk;
+                out += chunk;
         }
         if (inl)
                 DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data,
@@ -182,11 +176,9 @@ static int
 des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     const unsigned char *in, size_t inl)
 {
-        size_t n, chunk = EVP_MAXCHUNK/8;
         unsigned char c[1], d[1];
-
-        if (inl > LONG_MAX)
-                return 0;
+        size_t chunk = LONG_MAX / 8;
+        size_t n;
 
         if (inl < chunk)
                 chunk = inl;
@@ -214,15 +206,14 @@ static int
 des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     const unsigned char *in, size_t inl)
 {
-        if (inl > LONG_MAX)
-                return 0;
+        size_t chunk = LONG_MAX & ~0xff;
 
-        while (inl >= EVP_MAXCHUNK) {
-                DES_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK,
+        while (inl >= chunk) {
+                DES_cfb_encrypt(in, out, 8, (long)chunk,
                     ctx->cipher_data, (DES_cblock *)ctx->iv, ctx->encrypt);
-                inl -= EVP_MAXCHUNK;
-                in += EVP_MAXCHUNK;
-                out += EVP_MAXCHUNK;
+                inl -= chunk;
+                in += chunk;
+                out += chunk;
         }
         if (inl)
                 DES_cfb_encrypt(in, out, 8, (long)inl, ctx->cipher_data,
diff --git a/src/lib/libcrypto/evp/e_des3.c b/src/lib/libcrypto/evp/e_des3.c
index 1171a53b74..6a5d03fe99 100644
--- a/src/lib/libcrypto/evp/e_des3.c
+++ b/src/lib/libcrypto/evp/e_des3.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_des3.c,v 1.24 2022/09/04 15:45:25 jsing Exp $ */
+/* $OpenBSD: e_des3.c,v 1.25 2022/09/15 07:04:19 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -130,9 +130,6 @@ des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 {
         size_t i, bl;
 
-        if (inl > LONG_MAX)
-                return 0;
-
         bl = ctx->cipher->block_size;
 
         if (inl < bl)
@@ -141,8 +138,9 @@ des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         inl -= bl;
 
         for (i = 0; i <= inl; i += bl)
-        DES_ecb3_encrypt((const_DES_cblock *)(in + i), (DES_cblock *)(out + i),
-            &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, ctx->encrypt);
+                DES_ecb3_encrypt((const_DES_cblock *)(in + i), (DES_cblock *)(out + i),
+                    &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, ctx->encrypt);
+
         return 1;
 }
 
@@ -150,16 +148,15 @@ static int
 des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     const unsigned char *in, size_t inl)
 {
-        if (inl > LONG_MAX)
-                return 0;
+        size_t chunk = LONG_MAX & ~0xff;
 
-        while (inl >= EVP_MAXCHUNK) {
-                DES_ede3_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK,
+        while (inl >= chunk) {
+                DES_ede3_ofb64_encrypt(in, out, (long)chunk,
                     &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
                     (DES_cblock *)ctx->iv, &ctx->num);
-                inl -= EVP_MAXCHUNK;
-                in += EVP_MAXCHUNK;
-                out += EVP_MAXCHUNK;
+                inl -= chunk;
+                in += chunk;
+                out += chunk;
         }
         if (inl)
                 DES_ede3_ofb64_encrypt(in, out, (long)inl,
@@ -173,16 +170,15 @@ static int
 des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     const unsigned char *in, size_t inl)
 {
-        if (inl > LONG_MAX)
-                return 0;
+        size_t chunk = LONG_MAX & ~0xff;
 
-        while (inl >= EVP_MAXCHUNK) {
-                DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK,
+        while (inl >= chunk) {
+                DES_ede3_cbc_encrypt(in, out, (long)chunk,
                     &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
                     (DES_cblock *)ctx->iv, ctx->encrypt);
-                inl -= EVP_MAXCHUNK;
-                in += EVP_MAXCHUNK;
-                out += EVP_MAXCHUNK;
+                inl -= chunk;
+                in += chunk;
+                out += chunk;
         }
         if (inl)
                 DES_ede3_cbc_encrypt(in, out, (long)inl,
@@ -195,16 +191,15 @@ static int
 des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     const unsigned char *in, size_t inl)
 {
-        if (inl > LONG_MAX)
-                return 0;
+        size_t chunk = LONG_MAX & ~0xff;
 
-        while (inl >= EVP_MAXCHUNK) {
-                DES_ede3_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK,
+        while (inl >= chunk) {
+                DES_ede3_cfb64_encrypt(in, out, (long)chunk,
                     &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
                     (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
-                inl -= EVP_MAXCHUNK;
-                in += EVP_MAXCHUNK;
-                out += EVP_MAXCHUNK;
+                inl -= chunk;
+                in += chunk;
+                out += chunk;
         }
         if (inl)
                 DES_ede3_cfb64_encrypt(in, out, (long)inl,
@@ -219,11 +214,8 @@ static int
 des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     const unsigned char *in, size_t inl)
 {
-        size_t n;
         unsigned char c[1], d[1];
-
-        if (inl > LONG_MAX)
-                return 0;
+        size_t n;
 
         if (!(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS))
                 inl *= 8;
@@ -244,16 +236,15 @@ static int
 des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     const unsigned char *in, size_t inl)
 {
-        if (inl > LONG_MAX)
-                return 0;
+        size_t chunk = LONG_MAX & ~0xff;
 
-        while (inl >= EVP_MAXCHUNK) {
-                DES_ede3_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK,
+        while (inl >= chunk) {
+                DES_ede3_cfb_encrypt(in, out, 8, (long)chunk,
                     &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
                     (DES_cblock *)ctx->iv, ctx->encrypt);
-                inl -= EVP_MAXCHUNK;
-                in += EVP_MAXCHUNK;
-                out += EVP_MAXCHUNK;
+                inl -= chunk;
+                in += chunk;
+                out += chunk;
         }
         if (inl)
                 DES_ede3_cfb_encrypt(in, out, 8, (long)inl,
diff --git a/src/lib/libcrypto/evp/e_idea.c b/src/lib/libcrypto/evp/e_idea.c
index 8696fb2450..b45ffd5696 100644
--- a/src/lib/libcrypto/evp/e_idea.c
+++ b/src/lib/libcrypto/evp/e_idea.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_idea.c,v 1.16 2022/09/10 17:39:47 jsing Exp $ */
+/* $OpenBSD: e_idea.c,v 1.17 2022/09/15 07:04:19 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -103,9 +103,6 @@ idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 {
         size_t i, bl;
 
-        if (inl > LONG_MAX)
-                return 0;
-
         bl = ctx->cipher->block_size;
 
         if (inl < bl)
@@ -114,7 +111,8 @@ idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         inl -= bl;
 
         for (i = 0; i <= inl; i += bl)
-        idea_ecb_encrypt(in + i, out + i, ctx->cipher_data);
+                idea_ecb_encrypt(in + i, out + i, ctx->cipher_data);
+
         return 1;
 }
 
@@ -125,14 +123,13 @@ typedef struct {
 static int
 idea_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
 {
-        if (inl > LONG_MAX)
-                return 0;
-
-        while (inl >= EVP_MAXCHUNK) {
-                idea_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &((EVP_IDEA_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt);
-                inl -= EVP_MAXCHUNK;
-                in += EVP_MAXCHUNK;
-                out += EVP_MAXCHUNK;
+        size_t chunk = LONG_MAX & ~0xff;
+
+        while (inl >= chunk) {
+                idea_cbc_encrypt(in, out, (long)chunk, &((EVP_IDEA_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt);
+                inl -= chunk;
+                in += chunk;
+                out += chunk;
         }
 
         if (inl)
@@ -144,14 +141,13 @@ idea_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in
 static int
 idea_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
 {
-        if (inl > LONG_MAX)
-                return 0;
-
-        while (inl >= EVP_MAXCHUNK) {
-                idea_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, &((EVP_IDEA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num);
-                inl -= EVP_MAXCHUNK;
-                in += EVP_MAXCHUNK;
-                out += EVP_MAXCHUNK;
+        size_t chunk = LONG_MAX & ~0xff;
+
+        while (inl >= chunk) {
+                idea_ofb64_encrypt(in, out, (long)chunk, &((EVP_IDEA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num);
+                inl -= chunk;
+                in += chunk;
+                out += chunk;
         }
 
         if (inl)
@@ -163,10 +159,7 @@ idea_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in
 static int
 idea_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
 {
-        size_t chunk = EVP_MAXCHUNK;
-
-        if (inl > LONG_MAX)
-                return 0;
+        size_t chunk = LONG_MAX & ~0xff;
 
         if (inl < chunk)
                 chunk = inl;
diff --git a/src/lib/libcrypto/evp/e_rc2.c b/src/lib/libcrypto/evp/e_rc2.c
index 4f92365e7e..1af17a7c41 100644
--- a/src/lib/libcrypto/evp/e_rc2.c
+++ b/src/lib/libcrypto/evp/e_rc2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_rc2.c,v 1.18 2022/09/10 17:39:47 jsing Exp $ */
+/* $OpenBSD: e_rc2.c,v 1.19 2022/09/15 07:04:19 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -88,14 +88,13 @@ typedef struct {
 static int
 rc2_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
 {
-        if (inl > LONG_MAX)
-                return 0;
+        size_t chunk = LONG_MAX & ~0xff;
 
-        while (inl >= EVP_MAXCHUNK) {
-                RC2_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &((EVP_RC2_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt);
-                inl -= EVP_MAXCHUNK;
-                in += EVP_MAXCHUNK;
-                out += EVP_MAXCHUNK;
+        while (inl >= chunk) {
+                RC2_cbc_encrypt(in, out, (long)chunk, &((EVP_RC2_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt);
+                inl -= chunk;
+                in += chunk;
+                out += chunk;
         }
 
         if (inl)
@@ -107,10 +106,7 @@ rc2_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in,
 static int
 rc2_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
 {
-        size_t chunk = EVP_MAXCHUNK;
-
-        if (inl > LONG_MAX)
-                return 0;
+        size_t chunk = LONG_MAX & ~0xff;
 
         if (inl < chunk)
                 chunk = inl;
@@ -132,9 +128,6 @@ rc2_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in,
 {
         size_t i, bl;
 
-        if (inl > LONG_MAX)
-                return 0;
-
         bl = ctx->cipher->block_size;
 
         if (inl < bl)
@@ -151,14 +144,13 @@ rc2_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in,
 static int
 rc2_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
 {
-        if (inl > LONG_MAX)
-                return 0;
+        size_t chunk = LONG_MAX & ~0xff;
 
-        while (inl >= EVP_MAXCHUNK) {
-                RC2_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, &((EVP_RC2_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num);
-                inl -= EVP_MAXCHUNK;
-                in += EVP_MAXCHUNK;
-                out += EVP_MAXCHUNK;
+        while (inl >= chunk) {
+                RC2_ofb64_encrypt(in, out, (long)chunk, &((EVP_RC2_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num);
+                inl -= chunk;
+                in += chunk;
+                out += chunk;
         }
 
         if (inl)