[openssl] master update

Dr. Paul Dale pauli at openssl.org
Fri Feb 11 02:42:47 UTC 2022


The branch master has been updated
       via  378c50f63dceb3a85bb4937a3499283b10d295b6 (commit)
      from  649999dc57419ddd9329f7062b048dee5ecd9306 (commit)


- Log -----------------------------------------------------------------
commit 378c50f63dceb3a85bb4937a3499283b10d295b6
Author: Kevin K Biju <kevinkbiju at gmail.com>
Date:   Sat Feb 5 18:09:45 2022 +0530

    Added checking for buflen overflow due to MAX_MISALIGNMENT.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/17646)

-----------------------------------------------------------------------

Summary of changes:
 apps/speed.c                  | 8 ++++++--
 doc/man1/openssl-speed.pod.in | 2 ++
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/apps/speed.c b/apps/speed.c
index a790f280db..2201489fb4 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -456,7 +456,7 @@ static const OPT_PAIR sm2_choices[SM2_NUM] = {
 static double sm2_results[SM2_NUM][2];    /* 2 ops: sign then verify */
 #endif /* OPENSSL_NO_SM2 */
 
-#define COND(unused_cond) (run && count < 0x7fffffff)
+#define COND(unused_cond) (run && count < INT_MAX)
 #define COUNT(d) (count)
 
 typedef struct loopargs_st {
@@ -1779,6 +1779,10 @@ int speed_main(int argc, char **argv)
         buflen = lengths[size_num - 1];
         if (buflen < 36)    /* size of random vector in RSA benchmark */
             buflen = 36;
+        if (INT_MAX - (MAX_MISALIGNMENT + 1) < buflen) {
+            BIO_printf(bio_err, "Error: buffer size too large\n");
+            goto end;
+        }
         buflen += MAX_MISALIGNMENT + 1;
         loopargs[i].buf_malloc = app_malloc(buflen, "input buffer");
         loopargs[i].buf2_malloc = app_malloc(buflen, "input buffer");
@@ -3613,7 +3617,7 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
     for (j = 0; j < num; j++) {
         print_message(alg_name, 0, mblengths[j], seconds->sym);
         Time_F(START);
-        for (count = 0; run && count < 0x7fffffff; count++) {
+        for (count = 0; run && count < INT_MAX; count++) {
             unsigned char aad[EVP_AEAD_TLS1_AAD_LEN];
             EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;
             size_t len = mblengths[j];
diff --git a/doc/man1/openssl-speed.pod.in b/doc/man1/openssl-speed.pod.in
index bfe992797a..98e3bac037 100644
--- a/doc/man1/openssl-speed.pod.in
+++ b/doc/man1/openssl-speed.pod.in
@@ -101,6 +101,8 @@ Run benchmarks for I<num> seconds.
 =item B<-bytes> I<num>
 
 Run benchmarks on I<num>-byte buffers. Affects ciphers, digests and the CSPRNG.
+The limit on the size of the buffer is INT_MAX - 64 bytes, which for a 32-bit
+int would be 2147483583 bytes.
 
 =item B<-mr>
 


More information about the openssl-commits mailing list