Use safe math to computer sizes.

The sizes are rounded via the expression: (cmpl + 7) / 8 which overflows if cmpl is near to the type's maximum. Instead we use the safe_math function to computer this without any possibility of error. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17884)
2024-11-27 05:21:51 +08:00 · 2022-03-15 14:28:07 +11:00 · 2022-03-15 14:28:07 +11:00 · 330ff7e67d
commit 330ff7e67d
parent 4157a32867
1 changed files with 5 additions and 2 deletions
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@ -24,9 +24,12 @@
 #include "internal/cryptlib.h"
 #include "internal/provider.h"
 #include "internal/core.h"
+#include "internal/safe_math.h"
 #include "crypto/evp.h"
 #include "evp_local.h"

+OSSL_SAFE_MATH_SIGNED(int, int)
+
 int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx)
 {
    if (ctx == NULL)
@ -517,7 +520,7 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx,
    int i, j, bl, cmpl = inl;

    if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
-        cmpl = (cmpl + 7) / 8;
+        cmpl = safe_div_round_up_int(cmpl, 8, NULL);

    bl = ctx->cipher->block_size;

@ -803,7 +806,7 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
    b = ctx->cipher->block_size;

    if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
-        cmpl = (cmpl + 7) / 8;
+        cmpl = safe_div_round_up_int(cmpl, 8, NULL);

    if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
        if (b == 1 && ossl_is_partially_overlapping(out, in, cmpl)) {