diff options
author | Pauli <pauli@openssl.org> | 2022-03-15 14:28:07 +1100 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2022-03-30 10:10:25 +1100 |
commit | 330ff7e67d2ecc1c298fe7c4347c2109b4a979de (patch) | |
tree | 3aa2bf60d150b000cf64ff82e624b78dfc12e96a /crypto | |
parent | 4157a32867e6643da8daee94e836aaa18b9feed6 (diff) |
Use safe math to computer sizes.
The sizes are rounded via the expression: (cmpl + 7) / 8 which overflows if
cmpl is near to the type's maximum. Instead we use the safe_math function to
computer this without any possibility of error.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17884)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/evp/evp_enc.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index d0a62a6d46..d6b921ce81 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -24,9 +24,12 @@ #include "internal/cryptlib.h" #include "internal/provider.h" #include "internal/core.h" +#include "internal/safe_math.h" #include "crypto/evp.h" #include "evp_local.h" +OSSL_SAFE_MATH_SIGNED(int, int) + int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx) { if (ctx == NULL) @@ -517,7 +520,7 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx, int i, j, bl, cmpl = inl; if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) - cmpl = (cmpl + 7) / 8; + cmpl = safe_div_round_up_int(cmpl, 8, NULL); bl = ctx->cipher->block_size; @@ -803,7 +806,7 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, b = ctx->cipher->block_size; if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) - cmpl = (cmpl + 7) / 8; + cmpl = safe_div_round_up_int(cmpl, 8, NULL); if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { if (b == 1 && ossl_is_partially_overlapping(out, in, cmpl)) { |