Merge pull request #585 from dongbeiouba/fix/h1

Add define guards to avoid multi-inclusion;Limit the size of various MAXCHUNK definitions
Tongsuo-Project · Mar 12, 2024 · 9280e61 · 9280e61
2 parents b833382 + 59640e0
commit 9280e61
Show file tree

Hide file tree

Showing 8 changed files with 238 additions and 199 deletions.
diff --git a/include/crypto/evp.h b/include/crypto/evp.h
@@ -365,7 +365,7 @@ static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const uns
         return 1;\
 }
 
-#define EVP_MAXCHUNK ((size_t)1<<(sizeof(long)*8-2))
+#define EVP_MAXCHUNK ((size_t)1 << 30)
 
 #define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \
     static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \

diff --git a/include/crypto/md32_common.h b/include/crypto/md32_common.h
@@ -63,63 +63,67 @@
  *      #define HASH_BLOCK_DATA_ORDER   md5_block_data_order
  */
 
-#include <openssl/crypto.h>
+#ifndef OSSL_CRYPTO_MD32_COMMON_H
+# define OSSL_CRYPTO_MD32_COMMON_H
+# pragma once
 
-#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
-# error "DATA_ORDER must be defined!"
-#endif
+# include <openssl/crypto.h>
 
-#ifndef HASH_CBLOCK
-# error "HASH_CBLOCK must be defined!"
-#endif
-#ifndef HASH_LONG
-# error "HASH_LONG must be defined!"
-#endif
-#ifndef HASH_CTX
-# error "HASH_CTX must be defined!"
-#endif
+# if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+#  error "DATA_ORDER must be defined!"
+# endif
 
-#ifndef HASH_UPDATE
-# error "HASH_UPDATE must be defined!"
-#endif
-#ifndef HASH_TRANSFORM
-# error "HASH_TRANSFORM must be defined!"
-#endif
-#ifndef HASH_FINAL
-# error "HASH_FINAL must be defined!"
-#endif
+# ifndef HASH_CBLOCK
+#  error "HASH_CBLOCK must be defined!"
+# endif
+# ifndef HASH_LONG
+#  error "HASH_LONG must be defined!"
+# endif
+# ifndef HASH_CTX
+#  error "HASH_CTX must be defined!"
+# endif
 
-#ifndef HASH_BLOCK_DATA_ORDER
-# error "HASH_BLOCK_DATA_ORDER must be defined!"
-#endif
+# ifndef HASH_UPDATE
+#  error "HASH_UPDATE must be defined!"
+# endif
+# ifndef HASH_TRANSFORM
+#  error "HASH_TRANSFORM must be defined!"
+# endif
+# ifndef HASH_FINAL
+#  error "HASH_FINAL must be defined!"
+# endif
+
+# ifndef HASH_BLOCK_DATA_ORDER
+#  error "HASH_BLOCK_DATA_ORDER must be defined!"
+# endif
 
-#define ROTATE(a,n)     (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
+# define ROTATE(a,n)     (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
 
-#if defined(DATA_ORDER_IS_BIG_ENDIAN)
+# if defined(DATA_ORDER_IS_BIG_ENDIAN)
 
-# define HOST_c2l(c,l)  (l =(((unsigned long)(*((c)++)))<<24),          \
+#  define HOST_c2l(c,l)  (l =(((unsigned long)(*((c)++)))<<24),          \
                          l|=(((unsigned long)(*((c)++)))<<16),          \
                          l|=(((unsigned long)(*((c)++)))<< 8),          \
                          l|=(((unsigned long)(*((c)++)))    )           )
-# define HOST_l2c(l,c)  (*((c)++)=(unsigned char)(((l)>>24)&0xff),      \
+#  define HOST_l2c(l,c)  (*((c)++)=(unsigned char)(((l)>>24)&0xff),      \
                          *((c)++)=(unsigned char)(((l)>>16)&0xff),      \
                          *((c)++)=(unsigned char)(((l)>> 8)&0xff),      \
                          *((c)++)=(unsigned char)(((l)    )&0xff),      \
                          l)
 
-#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+# elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
 
-# define HOST_c2l(c,l)  (l =(((unsigned long)(*((c)++)))    ),          \
+#  define HOST_c2l(c,l)  (l =(((unsigned long)(*((c)++)))    ),          \
                          l|=(((unsigned long)(*((c)++)))<< 8),          \
                          l|=(((unsigned long)(*((c)++)))<<16),          \
                          l|=(((unsigned long)(*((c)++)))<<24)           )
-# define HOST_l2c(l,c)  (*((c)++)=(unsigned char)(((l)    )&0xff),      \
+#  define HOST_l2c(l,c)  (*((c)++)=(unsigned char)(((l)    )&0xff),      \
                          *((c)++)=(unsigned char)(((l)>> 8)&0xff),      \
                          *((c)++)=(unsigned char)(((l)>>16)&0xff),      \
                          *((c)++)=(unsigned char)(((l)>>24)&0xff),      \
                          l)
 
-#endif
+# endif
 
 /*
  * Time for some action :-)
@@ -204,30 +208,30 @@ int HASH_FINAL(unsigned char *md, HASH_CTX *c)
     memset(p + n, 0, HASH_CBLOCK - 8 - n);
 
     p += HASH_CBLOCK - 8;
-#if   defined(DATA_ORDER_IS_BIG_ENDIAN)
+# if   defined(DATA_ORDER_IS_BIG_ENDIAN)
     (void)HOST_l2c(c->Nh, p);
     (void)HOST_l2c(c->Nl, p);
-#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+# elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
     (void)HOST_l2c(c->Nl, p);
     (void)HOST_l2c(c->Nh, p);
-#endif
+# endif
     p -= HASH_CBLOCK;
     HASH_BLOCK_DATA_ORDER(c, p, 1);
     c->num = 0;
     OPENSSL_cleanse(p, HASH_CBLOCK);
 
-#ifndef HASH_MAKE_STRING
-# error "HASH_MAKE_STRING must be defined!"
-#else
+# ifndef HASH_MAKE_STRING
+#  error "HASH_MAKE_STRING must be defined!"
+# else
     HASH_MAKE_STRING(c, md);
-#endif
+# endif
 
     return 1;
 }
 
-#ifndef MD32_REG_T
-# if defined(__alpha) || defined(__mips)
-#  define MD32_REG_T long
+# ifndef MD32_REG_T
+#  if defined(__alpha) || defined(__mips)
+#   define MD32_REG_T long
 /*
  * This comment was originally written for MD5, which is why it
  * discusses A-D. But it basically applies to all 32-bit digests,
@@ -244,13 +248,15 @@ int HASH_FINAL(unsigned char *md, HASH_CTX *c)
  * Well, to be honest it should say that this *prevents*
  * performance degradation.
  */
-# else
+#  else
 /*
  * Above is not absolute and there are LP64 compilers that
  * generate better code if MD32_REG_T is defined int. The above
  * pre-processor condition reflects the circumstances under which
  * the conclusion was made and is subject to further extension.
  */
-#  define MD32_REG_T int
+#   define MD32_REG_T int
+#  endif
 # endif
+
 #endif
diff --git a/include/internal/der.h b/include/internal/der.h
@@ -7,8 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <openssl/bn.h>
-#include "internal/packet.h"
+#ifndef OSSL_INTERNAL_DER_H
+# define OSSL_INTERNAL_DER_H
+# pragma once
+
+# include <openssl/bn.h>
+# include "internal/packet.h"
 
 /*
  * NOTE: X.690 numbers the identifier octet bits 1 to 8.
@@ -22,42 +26,42 @@
  * These are only valid for the UNIVERSAL class.  With the other classes,
  * these bits have a different meaning.
  */
-#define DER_P_EOC                       0 /* BER End Of Contents tag */
-#define DER_P_BOOLEAN                   1
-#define DER_P_INTEGER                   2
-#define DER_P_BIT_STRING                3
-#define DER_P_OCTET_STRING              4
-#define DER_P_NULL                      5
-#define DER_P_OBJECT                    6
-#define DER_P_OBJECT_DESCRIPTOR         7
-#define DER_P_EXTERNAL                  8
-#define DER_P_REAL                      9
-#define DER_P_ENUMERATED               10
-#define DER_P_UTF8STRING               12
-#define DER_P_SEQUENCE                 16
-#define DER_P_SET                      17
-#define DER_P_NUMERICSTRING            18
-#define DER_P_PRINTABLESTRING          19
-#define DER_P_T61STRING                20
-#define DER_P_VIDEOTEXSTRING           21
-#define DER_P_IA5STRING                22
-#define DER_P_UTCTIME                  23
-#define DER_P_GENERALIZEDTIME          24
-#define DER_P_GRAPHICSTRING            25
-#define DER_P_ISO64STRING              26
-#define DER_P_GENERALSTRING            27
-#define DER_P_UNIVERSALSTRING          28
-#define DER_P_BMPSTRING                30
+# define DER_P_EOC                       0 /* BER End Of Contents tag */
+# define DER_P_BOOLEAN                   1
+# define DER_P_INTEGER                   2
+# define DER_P_BIT_STRING                3
+# define DER_P_OCTET_STRING              4
+# define DER_P_NULL                      5
+# define DER_P_OBJECT                    6
+# define DER_P_OBJECT_DESCRIPTOR         7
+# define DER_P_EXTERNAL                  8
+# define DER_P_REAL                      9
+# define DER_P_ENUMERATED               10
+# define DER_P_UTF8STRING               12
+# define DER_P_SEQUENCE                 16
+# define DER_P_SET                      17
+# define DER_P_NUMERICSTRING            18
+# define DER_P_PRINTABLESTRING          19
+# define DER_P_T61STRING                20
+# define DER_P_VIDEOTEXSTRING           21
+# define DER_P_IA5STRING                22
+# define DER_P_UTCTIME                  23
+# define DER_P_GENERALIZEDTIME          24
+# define DER_P_GRAPHICSTRING            25
+# define DER_P_ISO64STRING              26
+# define DER_P_GENERALSTRING            27
+# define DER_P_UNIVERSALSTRING          28
+# define DER_P_BMPSTRING                30
 
 /* DER Flags, occupying bit 6 in the DER identifier byte */
-#define DER_F_PRIMITIVE              0x00
-#define DER_F_CONSTRUCTED            0x20
+# define DER_F_PRIMITIVE              0x00
+# define DER_F_CONSTRUCTED            0x20
 
 /* DER classes tags, occupying bits 7-8 in the DER identifier byte */
-#define DER_C_UNIVERSAL              0x00
-#define DER_C_APPLICATION            0x40
-#define DER_C_CONTEXT                0x80
-#define DER_C_PRIVATE                0xC0
+# define DER_C_UNIVERSAL              0x00
+# define DER_C_APPLICATION            0x40
+# define DER_C_CONTEXT                0x80
+# define DER_C_PRIVATE                0xC0
 
 /*
  * Run-time constructors.
@@ -67,7 +71,7 @@
  */
 
 /* This can be used for all items that don't have a context */
-#define DER_NO_CONTEXT  -1
+# define DER_NO_CONTEXT  -1
 
 int ossl_DER_w_precompiled(WPACKET *pkt, int tag,
                            const unsigned char *precompiled,
@@ -86,3 +90,5 @@ int ossl_DER_w_octet_string_uint32(WPACKET *pkt, int tag, uint32_t value);
  */
 int ossl_DER_w_begin_sequence(WPACKET *pkt, int tag);
 int ossl_DER_w_end_sequence(WPACKET *pkt, int tag);
+
+#endif