1 files changed, 37 insertions, 36 deletions
diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c
index edc15fdab4..47d062a6ba 100644
--- a/src/lib/libcrypto/evp/evp_enc.c
+++ b/src/lib/libcrypto/evp/evp_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_enc.c,v 1.61 2023/12/16 09:46:06 tb Exp $ */
+/* $OpenBSD: evp_enc.c,v 1.62 2023/12/16 15:22:40 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -296,7 +296,9 @@ int
 EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
    const unsigned char *in, int inl)
 {
-        int i, j, bl;
+        int block_size = ctx->cipher->block_size;
+        int block_mask = ctx->block_mask;
+        int buf_offset = ctx->buf_len;
        int len = 0, total_len = 0;
        *outl = 0;
@@ -310,49 +312,48 @@ EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
        if ((ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) != 0)
                return evp_cipher(ctx, out, outl, in, inl);
-        if (ctx->buf_len == 0 && (inl & ctx->block_mask) == 0)
+        if (buf_offset == 0 && (inl & block_mask) == 0)
                return evp_cipher(ctx, out, outl, in, inl);
-        i = ctx->buf_len;
+        /* XXX - check that block_size > buf_offset. */
-        bl = ctx->cipher->block_size;
+        if (block_size > sizeof(ctx->buf)) {
-        if ((size_t)bl > sizeof(ctx->buf)) {
                EVPerror(EVP_R_BAD_BLOCK_LENGTH);
                return 0;
        }
-        if (i != 0) {
-                if (bl - i > inl) {
+        if (buf_offset != 0) {
-                        memcpy(&(ctx->buf[i]), in, inl);
+                int buf_avail;
+                if ((buf_avail = block_size - buf_offset) > inl) {
+                        memcpy(&ctx->buf[buf_offset], in, inl);
                        ctx->buf_len += inl;
                        return 1;
-                } else {
+                }
-                        j = bl - i;
-                        /*
+                /*
-                         * Once we've processed the first j bytes from in, the
+                 * Once the first buf_avail bytes from in are processed, the
-                         * amount of data left that is a multiple of the block
+                 * amount of data left that is a multiple of the block length is
-                         * length is (inl - j) & ~(bl - 1).  Ensure this plus
+                 * (inl - buf_avail) & ~block_mask.  Ensure that this plus the
-                         * the block processed from ctx-buf doesn't overflow.
+                 * block processed from ctx->buf doesn't overflow.
-                         */
+                 */
-                        if (((inl - j) & ~(bl - 1)) > INT_MAX - bl) {
+                if (((inl - buf_avail) & ~block_mask) > INT_MAX - block_size) {
-                                EVPerror(EVP_R_TOO_LARGE);
+                        EVPerror(EVP_R_TOO_LARGE);
-                                return 0;
+                        return 0;
-                        }
+                }
-                        memcpy(&(ctx->buf[i]), in, j);
+                memcpy(&ctx->buf[buf_offset], in, buf_avail);
-                        len = 0;
+                len = 0;
-                        if (!evp_cipher(ctx, out, &len, ctx->buf, bl))
+                if (!evp_cipher(ctx, out, &len, ctx->buf, block_size))
-                                return 0;
+                        return 0;
-                        total_len = len;
+                total_len = len;
-                        inl -= j;
+                inl -= buf_avail;
-                        in += j;
+                in += buf_avail;
-                        out += len;
+                out += len;
-                }
        }
-        i = inl&(bl - 1);
+        buf_offset = inl & block_mask;
-        inl -= i;
+        if ((inl -= buf_offset) > 0) {
-        if (inl > 0) {
                if (INT_MAX - inl < total_len)
                        return 0;
                len = 0;
@@ -363,9 +364,9 @@ EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
                total_len += len;
        }
-        if (i != 0)
+        if (buf_offset != 0)
-                memcpy(ctx->buf, &(in[inl]), i);
+                memcpy(ctx->buf, &in[inl], buf_offset);
-        ctx->buf_len = i;
+        ctx->buf_len = buf_offset;
        *outl = total_len;

diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c index edc15fdab4..47d062a6ba 100644 --- a/src/lib/libcrypto/evp/evp_enc.c +++ b/src/lib/libcrypto/evp/evp_enc.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: evp_enc.c,v 1.61 2023/12/16 09:46:06 tb Exp $ */	1	/* $OpenBSD: evp_enc.c,v 1.62 2023/12/16 15:22:40 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -296,7 +296,9 @@ int
296	EVP_EncryptUpdate(EVP_CIPHER_CTX ctx, unsigned char out, int *outl,	296	EVP_EncryptUpdate(EVP_CIPHER_CTX ctx, unsigned char out, int *outl,
297	const unsigned char *in, int inl)	297	const unsigned char *in, int inl)
298	{	298	{
299	int i, j, bl;	299	int block_size = ctx->cipher->block_size;
		300	int block_mask = ctx->block_mask;
		301	int buf_offset = ctx->buf_len;
300	int len = 0, total_len = 0;	302	int len = 0, total_len = 0;
301		303
302	*outl = 0;	304	*outl = 0;
@@ -310,49 +312,48 @@ EVP_EncryptUpdate(EVP_CIPHER_CTX ctx, unsigned char out, int *outl,
310	if ((ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) != 0)	312	if ((ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) != 0)
311	return evp_cipher(ctx, out, outl, in, inl);	313	return evp_cipher(ctx, out, outl, in, inl);
312		314
313	if (ctx->buf_len == 0 && (inl & ctx->block_mask) == 0)	315	if (buf_offset == 0 && (inl & block_mask) == 0)
314	return evp_cipher(ctx, out, outl, in, inl);	316	return evp_cipher(ctx, out, outl, in, inl);
315		317
316	i = ctx->buf_len;	318	/* XXX - check that block_size > buf_offset. */
317	bl = ctx->cipher->block_size;	319	if (block_size > sizeof(ctx->buf)) {
318	if ((size_t)bl > sizeof(ctx->buf)) {
319	EVPerror(EVP_R_BAD_BLOCK_LENGTH);	320	EVPerror(EVP_R_BAD_BLOCK_LENGTH);
320	return 0;	321	return 0;
321	}	322	}
322	if (i != 0) {	323
323	if (bl - i > inl) {	324	if (buf_offset != 0) {
324	memcpy(&(ctx->buf[i]), in, inl);	325	int buf_avail;
		326
		327	if ((buf_avail = block_size - buf_offset) > inl) {
		328	memcpy(&ctx->buf[buf_offset], in, inl);
325	ctx->buf_len += inl;	329	ctx->buf_len += inl;
326	return 1;	330	return 1;
327	} else {	331	}
328	j = bl - i;
329		332
330	/*	333	/*
331	* Once we've processed the first j bytes from in, the	334	* Once the first buf_avail bytes from in are processed, the
332	* amount of data left that is a multiple of the block	335	* amount of data left that is a multiple of the block length is
333	* length is (inl - j) & ~(bl - 1). Ensure this plus	336	* (inl - buf_avail) & ~block_mask. Ensure that this plus the
334	* the block processed from ctx-buf doesn't overflow.	337	* block processed from ctx->buf doesn't overflow.
335	*/	338	*/
336	if (((inl - j) & ~(bl - 1)) > INT_MAX - bl) {	339	if (((inl - buf_avail) & ~block_mask) > INT_MAX - block_size) {
337	EVPerror(EVP_R_TOO_LARGE);	340	EVPerror(EVP_R_TOO_LARGE);
338	return 0;	341	return 0;
339	}	342	}
340	memcpy(&(ctx->buf[i]), in, j);	343	memcpy(&ctx->buf[buf_offset], in, buf_avail);
341		344
342	len = 0;	345	len = 0;
343	if (!evp_cipher(ctx, out, &len, ctx->buf, bl))	346	if (!evp_cipher(ctx, out, &len, ctx->buf, block_size))
344	return 0;	347	return 0;
345	total_len = len;	348	total_len = len;
346		349
347	inl -= j;	350	inl -= buf_avail;
348	in += j;	351	in += buf_avail;
349	out += len;	352	out += len;
350	}
351	}	353	}
352		354
353	i = inl&(bl - 1);	355	buf_offset = inl & block_mask;
354	inl -= i;	356	if ((inl -= buf_offset) > 0) {
355	if (inl > 0) {
356	if (INT_MAX - inl < total_len)	357	if (INT_MAX - inl < total_len)
357	return 0;	358	return 0;
358	len = 0;	359	len = 0;
@@ -363,9 +364,9 @@ EVP_EncryptUpdate(EVP_CIPHER_CTX ctx, unsigned char out, int *outl,
363	total_len += len;	364	total_len += len;
364	}	365	}
365		366
366	if (i != 0)	367	if (buf_offset != 0)
367	memcpy(ctx->buf, &(in[inl]), i);	368	memcpy(ctx->buf, &in[inl], buf_offset);
368	ctx->buf_len = i;	369	ctx->buf_len = buf_offset;
369		370
370	*outl = total_len;	371	*outl = total_len;
371		372