diff options
author | Pauli <pauli@openssl.org> | 2022-08-15 14:49:17 +1000 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2022-08-19 17:29:48 +1000 |
commit | d3072f3f3ba3a6385bd41473483c9ee81443b684 (patch) | |
tree | cde891061a3017837894cd92bf4f2e5e13f11a9e /providers | |
parent | a6cadcbdc3b4f3fbd0fd228e41177f0661b68264 (diff) |
Limit the size of various MAXCHUNK definitions
The current code has issues when sizeof(long) <> sizeof(size_t). The two
types are assumed to be interchangeable and them being different will
cause crashes and endless loops.
This fix limits the maximum chunk size for many of the symmetric ciphers
to 2^30 bytes. This chunk size limits the amount of data that will
be encrypted/decrypted in one lump. The code internally handles block
of data later than the chunk limit, so this will present no difference
to the caller. Any loss of efficiency due to limiting the chunking to
1Gbyte rather than more should be insignificant.
Fixes Coverity issues:
1508498, 1508500 - 1508505, 1508507 - 1508527, 1508529 - 1508533,
1508535 - 1508537, 1508539, 1508541 - 1508549, 1508551 - 1508569 &
1508571 - 1508582.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18997)
(cherry picked from commit 709d4be78f64a8ba0707fb5682b90039e848dad4)
Diffstat (limited to 'providers')
-rw-r--r-- | providers/implementations/include/prov/ciphercommon.h | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/providers/implementations/include/prov/ciphercommon.h b/providers/implementations/include/prov/ciphercommon.h index 91c4c914be..30a59e5572 100644 --- a/providers/implementations/include/prov/ciphercommon.h +++ b/providers/implementations/include/prov/ciphercommon.h @@ -14,8 +14,8 @@ #include "internal/cryptlib.h" #include "crypto/modes.h" -#define MAXCHUNK ((size_t)1 << (sizeof(long) * 8 - 2)) -#define MAXBITCHUNK ((size_t)1 << (sizeof(size_t) * 8 - 4)) +# define MAXCHUNK ((size_t)1 << 30) +# define MAXBITCHUNK ((size_t)1 << (sizeof(size_t) * 8 - 4)) #define GENERIC_BLOCK_SIZE 16 #define IV_STATE_UNINITIALISED 0 /* initial state is not initialized */ |