From 709d4be78f64a8ba0707fb5682b90039e848dad4 Mon Sep 17 00:00:00 2001 From: Pauli Date: Mon, 15 Aug 2022 14:49:17 +1000 Subject: Limit the size of various MAXCHUNK definitions The current code has issues when sizeof(long) <> sizeof(size_t). The two types are assumed to be interchangeable and them being different will cause crashes and endless loops. This fix limits the maximum chunk size for many of the symmetric ciphers to 2^30 bytes. This chunk size limits the amount of data that will be encrypted/decrypted in one lump. The code internally handles block of data later than the chunk limit, so this will present no difference to the caller. Any loss of efficiency due to limiting the chunking to 1Gbyte rather than more should be insignificant. Fixes Coverity issues: 1508498, 1508500 - 1508505, 1508507 - 1508527, 1508529 - 1508533, 1508535 - 1508537, 1508539, 1508541 - 1508549, 1508551 - 1508569 & 1508571 - 1508582. Reviewed-by: Dmitry Belyavskiy Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18997) --- providers/implementations/include/prov/ciphercommon.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'providers/implementations/include') diff --git a/providers/implementations/include/prov/ciphercommon.h b/providers/implementations/include/prov/ciphercommon.h index f474128592..0e5d9f2681 100644 --- a/providers/implementations/include/prov/ciphercommon.h +++ b/providers/implementations/include/prov/ciphercommon.h @@ -18,7 +18,7 @@ # include "internal/cryptlib.h" # include "crypto/modes.h" -# define MAXCHUNK ((size_t)1 << (sizeof(long) * 8 - 2)) +# define MAXCHUNK ((size_t)1 << 30) # define MAXBITCHUNK ((size_t)1 << (sizeof(size_t) * 8 - 4)) # define GENERIC_BLOCK_SIZE 16 -- cgit v1.2.3