From: Pauli <pauli@openssl.org>
Date: Tue, 15 Mar 2022 03:28:07 +0000 (+1100)
Subject: Use safe math to computer sizes.
X-Git-Tag: openssl-3.2.0-alpha1~2807
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=330ff7e67d2ecc1c298fe7c4347c2109b4a979de;p=thirdparty%2Fopenssl.git

Use safe math to computer sizes.

The sizes are rounded via the expression: (cmpl + 7) / 8 which overflows if
cmpl is near to the type's maximum.  Instead we use the safe_math function to
computer this without any possibility of error.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17884)
---

diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index d0a62a6d468..d6b921ce81f 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -24,9 +24,12 @@
 #include "internal/cryptlib.h"
 #include "internal/provider.h"
 #include "internal/core.h"
+#include "internal/safe_math.h"
 #include "crypto/evp.h"
 #include "evp_local.h"
 
+OSSL_SAFE_MATH_SIGNED(int, int)
+
 int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx)
 {
     if (ctx == NULL)
@@ -517,7 +520,7 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx,
     int i, j, bl, cmpl = inl;
 
     if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
-        cmpl = (cmpl + 7) / 8;
+        cmpl = safe_div_round_up_int(cmpl, 8, NULL);
 
     bl = ctx->cipher->block_size;
 
@@ -803,7 +806,7 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
     b = ctx->cipher->block_size;
 
     if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
-        cmpl = (cmpl + 7) / 8;
+        cmpl = safe_div_round_up_int(cmpl, 8, NULL);
 
     if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
         if (b == 1 && ossl_is_partially_overlapping(out, in, cmpl)) {