The branch master has been updated via 378c50f63dceb3a85bb4937a3499283b10d295b6 (commit) from 649999dc57419ddd9329f7062b048dee5ecd9306 (commit)
- Log ----------------------------------------------------------------- commit 378c50f63dceb3a85bb4937a3499283b10d295b6 Author: Kevin K Biju <kevinkb...@gmail.com> Date: Sat Feb 5 18:09:45 2022 +0530 Added checking for buflen overflow due to MAX_MISALIGNMENT. Reviewed-by: Tomas Mraz <to...@openssl.org> Reviewed-by: Paul Dale <pa...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17646) ----------------------------------------------------------------------- Summary of changes: apps/speed.c | 8 ++++++-- doc/man1/openssl-speed.pod.in | 2 ++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/apps/speed.c b/apps/speed.c index a790f280db..2201489fb4 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -456,7 +456,7 @@ static const OPT_PAIR sm2_choices[SM2_NUM] = { static double sm2_results[SM2_NUM][2]; /* 2 ops: sign then verify */ #endif /* OPENSSL_NO_SM2 */ -#define COND(unused_cond) (run && count < 0x7fffffff) +#define COND(unused_cond) (run && count < INT_MAX) #define COUNT(d) (count) typedef struct loopargs_st { @@ -1779,6 +1779,10 @@ int speed_main(int argc, char **argv) buflen = lengths[size_num - 1]; if (buflen < 36) /* size of random vector in RSA benchmark */ buflen = 36; + if (INT_MAX - (MAX_MISALIGNMENT + 1) < buflen) { + BIO_printf(bio_err, "Error: buffer size too large\n"); + goto end; + } buflen += MAX_MISALIGNMENT + 1; loopargs[i].buf_malloc = app_malloc(buflen, "input buffer"); loopargs[i].buf2_malloc = app_malloc(buflen, "input buffer"); @@ -3613,7 +3617,7 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single, for (j = 0; j < num; j++) { print_message(alg_name, 0, mblengths[j], seconds->sym); Time_F(START); - for (count = 0; run && count < 0x7fffffff; count++) { + for (count = 0; run && count < INT_MAX; count++) { unsigned char aad[EVP_AEAD_TLS1_AAD_LEN]; EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param; size_t len = mblengths[j]; diff --git a/doc/man1/openssl-speed.pod.in b/doc/man1/openssl-speed.pod.in index bfe992797a..98e3bac037 100644 --- a/doc/man1/openssl-speed.pod.in +++ b/doc/man1/openssl-speed.pod.in @@ -101,6 +101,8 @@ Run benchmarks for I<num> seconds. =item B<-bytes> I<num> Run benchmarks on I<num>-byte buffers. Affects ciphers, digests and the CSPRNG. +The limit on the size of the buffer is INT_MAX - 64 bytes, which for a 32-bit +int would be 2147483583 bytes. =item B<-mr>