Use LONG_MAX as the limit for ciphers with long based APIs.

These ciphers have long based APIs, while EVP has a size_t based API. The
intent of these loops is to handle sizes that are bigger than LONG_MAX.
Rather than using the rather crazy EVP_MAXCHUNK construct, use LONG_MAX
rounded down to a large block size, ensuring that it is a block size
multiple. Revert the recently added overflow checks now that this is
handled more appropriately.

ok tb@

Author: jsing

src/lib/libcrypto/evp/e_bf.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: e_bf.c,v 1.13 2022/09/10 17:39:47 jsing Exp $ */
+/* $OpenBSD: e_bf.c,v 1.14 2022/09/15 07:04:19 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -86,14 +86,13 @@ bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 static int
 bf_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
 {
-	if (inl > LONG_MAX)
-		return 0;
-
-	while (inl >= EVP_MAXCHUNK) {
-		BF_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &((EVP_BF_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt);
-		inl -= EVP_MAXCHUNK;
-		in += EVP_MAXCHUNK;
-		out += EVP_MAXCHUNK;
+	size_t chunk = LONG_MAX & ~0xff;
+
+	while (inl >= chunk) {
+		BF_cbc_encrypt(in, out, (long)chunk, &((EVP_BF_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt);
+		inl -= chunk;
+		in += chunk;
+		out += chunk;
 	}
 
 	if (inl)
@@ -105,10 +104,7 @@ bf_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in,
 static int
 bf_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
 {
-	size_t chunk = EVP_MAXCHUNK;
-
-	if (inl > LONG_MAX)
-		return 0;
+	size_t chunk = LONG_MAX & ~0xff;
 
 	if (inl < chunk)
 		chunk = inl;
@@ -130,9 +126,6 @@ bf_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in,
 {
 	size_t i, bl;
 
-	if (inl > LONG_MAX)
-		return 0;
-
 	bl = ctx->cipher->block_size;
 
 	if (inl < bl)
@@ -149,14 +142,13 @@ bf_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in,
 static int
 bf_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
 {
-	if (inl > LONG_MAX)
-		return 0;
-
-	while (inl >= EVP_MAXCHUNK) {
-		BF_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, &((EVP_BF_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num);
-		inl -= EVP_MAXCHUNK;
-		in += EVP_MAXCHUNK;
-		out += EVP_MAXCHUNK;
+	size_t chunk = LONG_MAX & ~0xff;
+
+	while (inl >= chunk) {
+		BF_ofb64_encrypt(in, out, (long)chunk, &((EVP_BF_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num);
+		inl -= chunk;
+		in += chunk;
+		out += chunk;
 	}
 
 	if (inl)

src/lib/libcrypto/evp/e_cast.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: e_cast.c,v 1.12 2022/09/10 17:39:47 jsing Exp $ */
+/* $OpenBSD: e_cast.c,v 1.13 2022/09/15 07:04:19 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -86,14 +86,13 @@ cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 static int
 cast5_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
 {
-	if (inl > LONG_MAX)
-		return 0;
-
-	while (inl >= EVP_MAXCHUNK) {
-		CAST_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &((EVP_CAST_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt);
-		inl -= EVP_MAXCHUNK;
-		in += EVP_MAXCHUNK;
-		out += EVP_MAXCHUNK;
+	size_t chunk = LONG_MAX & ~0xff;
+
+	while (inl >= chunk) {
+		CAST_cbc_encrypt(in, out, (long)chunk, &((EVP_CAST_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt);
+		inl -= chunk;
+		in += chunk;
+		out += chunk;
 	}
 
 	if (inl)
@@ -105,10 +104,7 @@ cast5_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *i
 static int
 cast5_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
 {
-	size_t chunk = EVP_MAXCHUNK;
-
-	if (inl > LONG_MAX)
-		return 0;
+	size_t chunk = LONG_MAX & ~0xff;
 
 	if (inl < chunk)
 		chunk = inl;
@@ -130,9 +126,6 @@ cast5_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *i
 {
 	size_t i, bl;
 
-	if (inl > LONG_MAX)
-		return 0;
-
 	bl = ctx->cipher->block_size;
 
 	if (inl < bl)
@@ -149,14 +142,13 @@ cast5_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *i
 static int
 cast5_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl)
 {
-	if (inl > LONG_MAX)
-		return 0;
-
-	while (inl >= EVP_MAXCHUNK) {
-		CAST_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, &((EVP_CAST_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num);
-		inl -= EVP_MAXCHUNK;
-		in += EVP_MAXCHUNK;
-		out += EVP_MAXCHUNK;
+	size_t chunk = LONG_MAX & ~0xff;
+
+	while (inl >= chunk) {
+		CAST_ofb64_encrypt(in, out, (long)chunk, &((EVP_CAST_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num);
+		inl -= chunk;
+		in += chunk;
+		out += chunk;
 	}
 
 	if (inl)

src/lib/libcrypto/evp/e_des.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: e_des.c,v 1.18 2022/09/04 15:45:25 jsing Exp $ */
+/* $OpenBSD: e_des.c,v 1.19 2022/09/15 07:04:19 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -99,9 +99,6 @@ des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 {
 	size_t i, bl;
 
-	if (inl > LONG_MAX)
-		return 0;
-
 	bl = ctx->cipher->block_size;
 
 	if (inl < bl)
@@ -120,15 +117,14 @@ static int
 des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     const unsigned char *in, size_t inl)
 {
-	if (inl > LONG_MAX)
-		return 0;
+	size_t chunk = LONG_MAX & ~0xff;
 
-	while (inl >= EVP_MAXCHUNK) {
-		DES_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data,
+	while (inl >= chunk) {
+		DES_ofb64_encrypt(in, out, (long)chunk, ctx->cipher_data,
 		    (DES_cblock *)ctx->iv, &ctx->num);
-		inl -= EVP_MAXCHUNK;
-		in += EVP_MAXCHUNK;
-		out += EVP_MAXCHUNK;
+		inl -= chunk;
+		in += chunk;
+		out += chunk;
 	}
 	if (inl)
 		DES_ofb64_encrypt(in, out, (long)inl, ctx->cipher_data,
@@ -140,15 +136,14 @@ static int
 des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     const unsigned char *in, size_t inl)
 {
-	if (inl > LONG_MAX)
-		return 0;
+	size_t chunk = LONG_MAX & ~0xff;
 
-	while (inl >= EVP_MAXCHUNK) {
-		DES_ncbc_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data,
+	while (inl >= chunk) {
+		DES_ncbc_encrypt(in, out, (long)chunk, ctx->cipher_data,
 		    (DES_cblock *)ctx->iv, ctx->encrypt);
-		inl -= EVP_MAXCHUNK;
-		in += EVP_MAXCHUNK;
-		out += EVP_MAXCHUNK;
+		inl -= chunk;
+		in += chunk;
+		out += chunk;
 	}
 	if (inl)
 		DES_ncbc_encrypt(in, out, (long)inl, ctx->cipher_data,
@@ -160,15 +155,14 @@ static int
 des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     const unsigned char *in, size_t inl)
 {
-	if (inl > LONG_MAX)
-		return 0;
+	size_t chunk = LONG_MAX & ~0xff;
 
-	while (inl >= EVP_MAXCHUNK) {
-		DES_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data,
+	while (inl >= chunk) {
+		DES_cfb64_encrypt(in, out, (long)chunk, ctx->cipher_data,
 		    (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
-		inl -= EVP_MAXCHUNK;
-		in += EVP_MAXCHUNK;
-		out += EVP_MAXCHUNK;
+		inl -= chunk;
+		in += chunk;
+		out += chunk;
 	}
 	if (inl)
 		DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data,
@@ -182,11 +176,9 @@ static int
 des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     const unsigned char *in, size_t inl)
 {
-	size_t n, chunk = EVP_MAXCHUNK/8;
 	unsigned char c[1], d[1];
-
-	if (inl > LONG_MAX)
-		return 0;
+	size_t chunk = LONG_MAX / 8;
+	size_t n;
 
 	if (inl < chunk)
 		chunk = inl;
@@ -214,15 +206,14 @@ static int
 des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     const unsigned char *in, size_t inl)
 {
-	if (inl > LONG_MAX)
-		return 0;
+	size_t chunk = LONG_MAX & ~0xff;
 
-	while (inl >= EVP_MAXCHUNK) {
-		DES_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK,
+	while (inl >= chunk) {
+		DES_cfb_encrypt(in, out, 8, (long)chunk,
 		    ctx->cipher_data, (DES_cblock *)ctx->iv, ctx->encrypt);
-		inl -= EVP_MAXCHUNK;
-		in += EVP_MAXCHUNK;
-		out += EVP_MAXCHUNK;
+		inl -= chunk;
+		in += chunk;
+		out += chunk;
 	}
 	if (inl)
 		DES_cfb_encrypt(in, out, 8, (long)inl, ctx->cipher_data,

src/lib/libcrypto/evp/e_des3.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: e_des3.c,v 1.24 2022/09/04 15:45:25 jsing Exp $ */
+/* $OpenBSD: e_des3.c,v 1.25 2022/09/15 07:04:19 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -130,9 +130,6 @@ des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 {
 	size_t i, bl;
 
-	if (inl > LONG_MAX)
-		return 0;
-
 	bl = ctx->cipher->block_size;
 
 	if (inl < bl)
@@ -141,25 +138,25 @@ des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	inl -= bl;
 
 	for (i = 0; i <= inl; i += bl)
-	DES_ecb3_encrypt((const_DES_cblock *)(in + i), (DES_cblock *)(out + i),
-	    &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, ctx->encrypt);
+		DES_ecb3_encrypt((const_DES_cblock *)(in + i), (DES_cblock *)(out + i),
+		    &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, ctx->encrypt);
+
 	return 1;
 }
 
 static int
 des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     const unsigned char *in, size_t inl)
 {
-	if (inl > LONG_MAX)
-		return 0;
+	size_t chunk = LONG_MAX & ~0xff;
 
-	while (inl >= EVP_MAXCHUNK) {
-		DES_ede3_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK,
+	while (inl >= chunk) {
+		DES_ede3_ofb64_encrypt(in, out, (long)chunk,
 		    &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
 		    (DES_cblock *)ctx->iv, &ctx->num);
-		inl -= EVP_MAXCHUNK;
-		in += EVP_MAXCHUNK;
-		out += EVP_MAXCHUNK;
+		inl -= chunk;
+		in += chunk;
+		out += chunk;
 	}
 	if (inl)
 		DES_ede3_ofb64_encrypt(in, out, (long)inl,
@@ -173,16 +170,15 @@ static int
 des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     const unsigned char *in, size_t inl)
 {
-	if (inl > LONG_MAX)
-		return 0;
+	size_t chunk = LONG_MAX & ~0xff;
 
-	while (inl >= EVP_MAXCHUNK) {
-		DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK,
+	while (inl >= chunk) {
+		DES_ede3_cbc_encrypt(in, out, (long)chunk,
 		    &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
 		    (DES_cblock *)ctx->iv, ctx->encrypt);
-		inl -= EVP_MAXCHUNK;
-		in += EVP_MAXCHUNK;
-		out += EVP_MAXCHUNK;
+		inl -= chunk;
+		in += chunk;
+		out += chunk;
 	}
 	if (inl)
 		DES_ede3_cbc_encrypt(in, out, (long)inl,
@@ -195,16 +191,15 @@ static int
 des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     const unsigned char *in, size_t inl)
 {
-	if (inl > LONG_MAX)
-		return 0;
+	size_t chunk = LONG_MAX & ~0xff;
 
-	while (inl >= EVP_MAXCHUNK) {
-		DES_ede3_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK,
+	while (inl >= chunk) {
+		DES_ede3_cfb64_encrypt(in, out, (long)chunk,
 		    &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
 		    (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
-		inl -= EVP_MAXCHUNK;
-		in += EVP_MAXCHUNK;
-		out += EVP_MAXCHUNK;
+		inl -= chunk;
+		in += chunk;
+		out += chunk;
 	}
 	if (inl)
 		DES_ede3_cfb64_encrypt(in, out, (long)inl,
@@ -219,11 +214,8 @@ static int
 des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     const unsigned char *in, size_t inl)
 {
-	size_t n;
 	unsigned char c[1], d[1];
-
-	if (inl > LONG_MAX)
-		return 0;
+	size_t n;
 
 	if (!(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS))
 		inl *= 8;
@@ -244,16 +236,15 @@ static int
 des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     const unsigned char *in, size_t inl)
 {
-	if (inl > LONG_MAX)
-		return 0;
+	size_t chunk = LONG_MAX & ~0xff;
 
-	while (inl >= EVP_MAXCHUNK) {
-		DES_ede3_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK,
+	while (inl >= chunk) {
+		DES_ede3_cfb_encrypt(in, out, 8, (long)chunk,
 		    &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
 		    (DES_cblock *)ctx->iv, ctx->encrypt);
-		inl -= EVP_MAXCHUNK;
-		in += EVP_MAXCHUNK;
-		out += EVP_MAXCHUNK;
+		inl -= chunk;
+		in += chunk;
+		out += chunk;
 	}
 	if (inl)
 		DES_ede3_cfb_encrypt(in, out, 8, (long)inl,