From: Eugene Syromiatnikov Date: Thu, 28 Aug 2025 14:43:13 +0000 (+0200) Subject: Explicitly limit the OPENSSL_aligned_alloc()'s alignment to 65536 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6c02774fd33d3a65dfcfabfc01778afb48070461;p=thirdparty%2Fopenssl.git Explicitly limit the OPENSSL_aligned_alloc()'s alignment to 65536 There is little need to support alignments larger than a page size, and the open-coded OPENSSL_aligned_alloc() implementation implements that support in quite wasteful manner, so it is better just to limit the maximum supported alignment explicitly. The value of 65536 has been chosen so it is architecture-agnostic and is no less than page sizes used in commonly occurring architectures (and also it is a pretty number). Signed-off-by: Eugene Syromiatnikov Reviewed-by: Neil Horman Reviewed-by: Saša Nedvědický (Merged from https://github.com/openssl/openssl/pull/28295) --- diff --git a/crypto/aligned_alloc.c b/crypto/aligned_alloc.c index dcc2b406a20..f2eed13c6c8 100644 --- a/crypto/aligned_alloc.c +++ b/crypto/aligned_alloc.c @@ -21,8 +21,9 @@ void *ossl_malloc_align(size_t num, size_t alignment, void **freeptr, *freeptr = NULL; - /* Ensure that alignment is a power of two */ - if (alignment == 0 || (alignment & (alignment - 1)) != 0) { + /* Ensure that alignment is a power of two no larger than 65536 */ + if (alignment == 0 || (alignment & (alignment - 1)) != 0 + || alignment > 65536) { ossl_report_alloc_err_inv(file, line); return NULL; } diff --git a/crypto/mem.c b/crypto/mem.c index 681cecfadfd..f772e6c4616 100644 --- a/crypto/mem.c +++ b/crypto/mem.c @@ -233,8 +233,9 @@ void *CRYPTO_aligned_alloc(size_t num, size_t alignment, void **freeptr, { *freeptr = NULL; - /* Ensure that alignment is a power of two */ - if (alignment == 0 || (alignment & (alignment - 1)) != 0) { + /* Ensure that alignment is a power of two no larger than 65536 */ + if (alignment == 0 || (alignment & (alignment - 1)) != 0 + || alignment > 65536) { ossl_report_alloc_err_inv(file, line); return NULL; } diff --git a/doc/man3/OPENSSL_malloc.pod b/doc/man3/OPENSSL_malloc.pod index 63b7cfd29c8..5ddc6e4a6c0 100644 --- a/doc/man3/OPENSSL_malloc.pod +++ b/doc/man3/OPENSSL_malloc.pod @@ -125,7 +125,7 @@ OPENSSL_zalloc() calls memset() to zero the memory before returning. OPENSSL_aligned_alloc() operates just as OPENSSL_malloc() does, but it allows for the caller to specify an alignment value, for instances in which the default alignment of malloc is insufficient for the caller's -needs. Note, the alignment value must be a power of 2. +needs. Note, the alignment value must be a power of 2 no larger than 65536. NOTE: the call to OPENSSL_aligned_alloc() accepts a 3rd argument, I which must point to a void pointer. On some platforms, there is no available library call to obtain memory allocations with alignment greater than what @@ -311,6 +311,9 @@ was built with C macro defined. Consequently, the caller may need to fall back to a non-aligned memory allocation (and open-code the alignment routine if the alignment is a requirement). +Before OpenSSL 4.0, the call to OPENSSL_aligned_alloc() did not have +an explicit upper limit on the value of I. + =head1 COPYRIGHT Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. diff --git a/test/mem_alloc_test.c b/test/mem_alloc_test.c index 30c479cd80a..98283121a64 100644 --- a/test/mem_alloc_test.c +++ b/test/mem_alloc_test.c @@ -173,6 +173,8 @@ static const struct array_aligned_alloc_vector { { 8, 8, 63, EXP_INVAL, EXP_INVAL }, { 8, 8, 64, EXP_NONNULL, EXP_NONNULL }, + { 3, 4, 65536, EXP_NONNULL, EXP_NONNULL }, + { 8, 8, 131072, EXP_INVAL, EXP_INVAL }, { SIZE_MAX / 8 + 9, 8, 64, EXP_NONNULL, EXP_INT_OF }, /*