[openssl] openssl-3.0 update

Dr. Paul Dale pauli at openssl.org
Fri Feb 11 02:43:24 UTC 2022 

The branch openssl-3.0 has been updated
       via  b32b2167155cafc4ac133f49d9cd04a249e443c8 (commit)
      from  09ade84a4a9e082c785cb51a9db2e85a45097cbd (commit)


- Log -----------------------------------------------------------------
commit b32b2167155cafc4ac133f49d9cd04a249e443c8
Author: Kevin K Biju <kevinkbiju at gmail.com>
Date:   Sat Feb 5 18:09:45 2022 +0530

    Added checking for buflen overflow due to MAX_MISALIGNMENT.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/17646)
    
    (cherry picked from commit 4b3777c9ad4a2058a9b87afb26289039ebf4a6c1)

-----------------------------------------------------------------------

Summary of changes:
 apps/speed.c                  | 8 ++++++--
 doc/man1/openssl-speed.pod.in | 2 ++
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/apps/speed.c b/apps/speed.c
index 9be01bb4b2..b730a5c2b5 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -452,7 +452,7 @@ static const OPT_PAIR sm2_choices[SM2_NUM] = {
 static double sm2_results[SM2_NUM][2];    /* 2 ops: sign then verify */
 #endif /* OPENSSL_NO_SM2 */
 
-#define COND(unused_cond) (run && count < 0x7fffffff)
+#define COND(unused_cond) (run && count < INT_MAX)
 #define COUNT(d) (count)
 
 typedef struct loopargs_st {
@@ -1775,6 +1775,10 @@ int speed_main(int argc, char **argv)
         buflen = lengths[size_num - 1];
         if (buflen < 36)    /* size of random vector in RSA benchmark */
             buflen = 36;
+        if (INT_MAX - (MAX_MISALIGNMENT + 1) < buflen) {
+            BIO_printf(bio_err, "Error: buffer size too large\n");
+            goto end;
+        }
         buflen += MAX_MISALIGNMENT + 1;
         loopargs[i].buf_malloc = app_malloc(buflen, "input buffer");
         loopargs[i].buf2_malloc = app_malloc(buflen, "input buffer");
@@ -3618,7 +3622,7 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
     for (j = 0; j < num; j++) {
         print_message(alg_name, 0, mblengths[j], seconds->sym);
         Time_F(START);
-        for (count = 0; run && count < 0x7fffffff; count++) {
+        for (count = 0; run && count < INT_MAX; count++) {
             unsigned char aad[EVP_AEAD_TLS1_AAD_LEN];
             EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;
             size_t len = mblengths[j];
diff --git a/doc/man1/openssl-speed.pod.in b/doc/man1/openssl-speed.pod.in
index bfe992797a..29181ea970 100644
--- a/doc/man1/openssl-speed.pod.in
+++ b/doc/man1/openssl-speed.pod.in
@@ -101,6 +101,8 @@ Run benchmarks for I<num> seconds.
 =item B<-bytes> I<num>
 
 Run benchmarks on I<num>-byte buffers. Affects ciphers, digests and the CSPRNG.
+The limit on the size of the buffer is INT_MAX - 64 bytes, which for a 32-bit 
+int would be 2147483583 bytes.
 
 =item B<-mr>

More information about the openssl-commits mailing list