From fa590012edcba72d4393a768273b7d6de1543e6c Mon Sep 17 00:00:00 2001 From: jsing Date: Thu, 15 Sep 2022 07:04:19 +0000 Subject: [PATCH] Use LONG_MAX as the limit for ciphers with long based APIs. These ciphers have long based APIs, while EVP has a size_t based API. The intent of these loops is to handle sizes that are bigger than LONG_MAX. Rather than using the rather crazy EVP_MAXCHUNK construct, use LONG_MAX rounded down to a large block size, ensuring that it is a block size multiple. Revert the recently added overflow checks now that this is handled more appropriately. ok tb@ --- lib/libcrypto/evp/e_bf.c | 40 +++++++++-------------- lib/libcrypto/evp/e_cast.c | 40 +++++++++-------------- lib/libcrypto/evp/e_des.c | 63 +++++++++++++++-------------------- lib/libcrypto/evp/e_des3.c | 67 +++++++++++++++++--------------------- lib/libcrypto/evp/e_idea.c | 43 ++++++++++-------------- lib/libcrypto/evp/e_rc2.c | 36 ++++++++------------ 6 files changed, 120 insertions(+), 169 deletions(-) diff --git a/lib/libcrypto/evp/e_bf.c b/lib/libcrypto/evp/e_bf.c index f97f9ed1e42..4632b523e2e 100644 --- a/lib/libcrypto/evp/e_bf.c +++ b/lib/libcrypto/evp/e_bf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_bf.c,v 1.13 2022/09/10 17:39:47 jsing Exp $ */ +/* $OpenBSD: e_bf.c,v 1.14 2022/09/15 07:04:19 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -86,14 +86,13 @@ bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, static int bf_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { - if (inl > LONG_MAX) - return 0; - - while (inl >= EVP_MAXCHUNK) { - BF_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &((EVP_BF_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; + size_t chunk = LONG_MAX & ~0xff; + + while (inl >= chunk) { + BF_cbc_encrypt(in, out, (long)chunk, &((EVP_BF_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt); + inl -= chunk; + in += chunk; + out += chunk; } if (inl) @@ -105,10 +104,7 @@ bf_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, static int bf_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { - size_t chunk = EVP_MAXCHUNK; - - if (inl > LONG_MAX) - return 0; + size_t chunk = LONG_MAX & ~0xff; if (inl < chunk) chunk = inl; @@ -130,9 +126,6 @@ bf_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, { size_t i, bl; - if (inl > LONG_MAX) - return 0; - bl = ctx->cipher->block_size; if (inl < bl) @@ -149,14 +142,13 @@ bf_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, static int bf_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { - if (inl > LONG_MAX) - return 0; - - while (inl >= EVP_MAXCHUNK) { - BF_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, &((EVP_BF_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; + size_t chunk = LONG_MAX & ~0xff; + + while (inl >= chunk) { + BF_ofb64_encrypt(in, out, (long)chunk, &((EVP_BF_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num); + inl -= chunk; + in += chunk; + out += chunk; } if (inl) diff --git a/lib/libcrypto/evp/e_cast.c b/lib/libcrypto/evp/e_cast.c index f5654d9f3e1..702c26e0c30 100644 --- a/lib/libcrypto/evp/e_cast.c +++ b/lib/libcrypto/evp/e_cast.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_cast.c,v 1.12 2022/09/10 17:39:47 jsing Exp $ */ +/* $OpenBSD: e_cast.c,v 1.13 2022/09/15 07:04:19 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -86,14 +86,13 @@ cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, static int cast5_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { - if (inl > LONG_MAX) - return 0; - - while (inl >= EVP_MAXCHUNK) { - CAST_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &((EVP_CAST_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; + size_t chunk = LONG_MAX & ~0xff; + + while (inl >= chunk) { + CAST_cbc_encrypt(in, out, (long)chunk, &((EVP_CAST_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt); + inl -= chunk; + in += chunk; + out += chunk; } if (inl) @@ -105,10 +104,7 @@ cast5_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *i static int cast5_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { - size_t chunk = EVP_MAXCHUNK; - - if (inl > LONG_MAX) - return 0; + size_t chunk = LONG_MAX & ~0xff; if (inl < chunk) chunk = inl; @@ -130,9 +126,6 @@ cast5_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *i { size_t i, bl; - if (inl > LONG_MAX) - return 0; - bl = ctx->cipher->block_size; if (inl < bl) @@ -149,14 +142,13 @@ cast5_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *i static int cast5_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { - if (inl > LONG_MAX) - return 0; - - while (inl >= EVP_MAXCHUNK) { - CAST_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, &((EVP_CAST_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; + size_t chunk = LONG_MAX & ~0xff; + + while (inl >= chunk) { + CAST_ofb64_encrypt(in, out, (long)chunk, &((EVP_CAST_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num); + inl -= chunk; + in += chunk; + out += chunk; } if (inl) diff --git a/lib/libcrypto/evp/e_des.c b/lib/libcrypto/evp/e_des.c index 9205128cf40..8fcab72e6b1 100644 --- a/lib/libcrypto/evp/e_des.c +++ b/lib/libcrypto/evp/e_des.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_des.c,v 1.18 2022/09/04 15:45:25 jsing Exp $ */ +/* $OpenBSD: e_des.c,v 1.19 2022/09/15 07:04:19 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -99,9 +99,6 @@ des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, { size_t i, bl; - if (inl > LONG_MAX) - return 0; - bl = ctx->cipher->block_size; if (inl < bl) @@ -120,15 +117,14 @@ static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { - if (inl > LONG_MAX) - return 0; + size_t chunk = LONG_MAX & ~0xff; - while (inl >= EVP_MAXCHUNK) { - DES_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data, + while (inl >= chunk) { + DES_ofb64_encrypt(in, out, (long)chunk, ctx->cipher_data, (DES_cblock *)ctx->iv, &ctx->num); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; + inl -= chunk; + in += chunk; + out += chunk; } if (inl) DES_ofb64_encrypt(in, out, (long)inl, ctx->cipher_data, @@ -140,15 +136,14 @@ static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { - if (inl > LONG_MAX) - return 0; + size_t chunk = LONG_MAX & ~0xff; - while (inl >= EVP_MAXCHUNK) { - DES_ncbc_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data, + while (inl >= chunk) { + DES_ncbc_encrypt(in, out, (long)chunk, ctx->cipher_data, (DES_cblock *)ctx->iv, ctx->encrypt); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; + inl -= chunk; + in += chunk; + out += chunk; } if (inl) DES_ncbc_encrypt(in, out, (long)inl, ctx->cipher_data, @@ -160,15 +155,14 @@ static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { - if (inl > LONG_MAX) - return 0; + size_t chunk = LONG_MAX & ~0xff; - while (inl >= EVP_MAXCHUNK) { - DES_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data, + while (inl >= chunk) { + DES_cfb64_encrypt(in, out, (long)chunk, ctx->cipher_data, (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; + inl -= chunk; + in += chunk; + out += chunk; } if (inl) DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data, @@ -182,11 +176,9 @@ static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { - size_t n, chunk = EVP_MAXCHUNK/8; unsigned char c[1], d[1]; - - if (inl > LONG_MAX) - return 0; + size_t chunk = LONG_MAX / 8; + size_t n; if (inl < chunk) chunk = inl; @@ -214,15 +206,14 @@ static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { - if (inl > LONG_MAX) - return 0; + size_t chunk = LONG_MAX & ~0xff; - while (inl >= EVP_MAXCHUNK) { - DES_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK, + while (inl >= chunk) { + DES_cfb_encrypt(in, out, 8, (long)chunk, ctx->cipher_data, (DES_cblock *)ctx->iv, ctx->encrypt); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; + inl -= chunk; + in += chunk; + out += chunk; } if (inl) DES_cfb_encrypt(in, out, 8, (long)inl, ctx->cipher_data, diff --git a/lib/libcrypto/evp/e_des3.c b/lib/libcrypto/evp/e_des3.c index 1171a53b743..6a5d03fe992 100644 --- a/lib/libcrypto/evp/e_des3.c +++ b/lib/libcrypto/evp/e_des3.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_des3.c,v 1.24 2022/09/04 15:45:25 jsing Exp $ */ +/* $OpenBSD: e_des3.c,v 1.25 2022/09/15 07:04:19 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -130,9 +130,6 @@ des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, { size_t i, bl; - if (inl > LONG_MAX) - return 0; - bl = ctx->cipher->block_size; if (inl < bl) @@ -141,8 +138,9 @@ des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, inl -= bl; for (i = 0; i <= inl; i += bl) - DES_ecb3_encrypt((const_DES_cblock *)(in + i), (DES_cblock *)(out + i), - &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, ctx->encrypt); + DES_ecb3_encrypt((const_DES_cblock *)(in + i), (DES_cblock *)(out + i), + &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, ctx->encrypt); + return 1; } @@ -150,16 +148,15 @@ static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { - if (inl > LONG_MAX) - return 0; + size_t chunk = LONG_MAX & ~0xff; - while (inl >= EVP_MAXCHUNK) { - DES_ede3_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, + while (inl >= chunk) { + DES_ede3_ofb64_encrypt(in, out, (long)chunk, &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, (DES_cblock *)ctx->iv, &ctx->num); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; + inl -= chunk; + in += chunk; + out += chunk; } if (inl) DES_ede3_ofb64_encrypt(in, out, (long)inl, @@ -173,16 +170,15 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { - if (inl > LONG_MAX) - return 0; + size_t chunk = LONG_MAX & ~0xff; - while (inl >= EVP_MAXCHUNK) { - DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, + while (inl >= chunk) { + DES_ede3_cbc_encrypt(in, out, (long)chunk, &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, (DES_cblock *)ctx->iv, ctx->encrypt); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; + inl -= chunk; + in += chunk; + out += chunk; } if (inl) DES_ede3_cbc_encrypt(in, out, (long)inl, @@ -195,16 +191,15 @@ static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { - if (inl > LONG_MAX) - return 0; + size_t chunk = LONG_MAX & ~0xff; - while (inl >= EVP_MAXCHUNK) { - DES_ede3_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, + while (inl >= chunk) { + DES_ede3_cfb64_encrypt(in, out, (long)chunk, &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; + inl -= chunk; + in += chunk; + out += chunk; } if (inl) DES_ede3_cfb64_encrypt(in, out, (long)inl, @@ -219,11 +214,8 @@ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { - size_t n; unsigned char c[1], d[1]; - - if (inl > LONG_MAX) - return 0; + size_t n; if (!(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS)) inl *= 8; @@ -244,16 +236,15 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { - if (inl > LONG_MAX) - return 0; + size_t chunk = LONG_MAX & ~0xff; - while (inl >= EVP_MAXCHUNK) { - DES_ede3_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK, + while (inl >= chunk) { + DES_ede3_cfb_encrypt(in, out, 8, (long)chunk, &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, (DES_cblock *)ctx->iv, ctx->encrypt); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; + inl -= chunk; + in += chunk; + out += chunk; } if (inl) DES_ede3_cfb_encrypt(in, out, 8, (long)inl, diff --git a/lib/libcrypto/evp/e_idea.c b/lib/libcrypto/evp/e_idea.c index 8696fb24507..b45ffd5696d 100644 --- a/lib/libcrypto/evp/e_idea.c +++ b/lib/libcrypto/evp/e_idea.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_idea.c,v 1.16 2022/09/10 17:39:47 jsing Exp $ */ +/* $OpenBSD: e_idea.c,v 1.17 2022/09/15 07:04:19 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -103,9 +103,6 @@ idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, { size_t i, bl; - if (inl > LONG_MAX) - return 0; - bl = ctx->cipher->block_size; if (inl < bl) @@ -114,7 +111,8 @@ idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, inl -= bl; for (i = 0; i <= inl; i += bl) - idea_ecb_encrypt(in + i, out + i, ctx->cipher_data); + idea_ecb_encrypt(in + i, out + i, ctx->cipher_data); + return 1; } @@ -125,14 +123,13 @@ typedef struct { static int idea_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { - if (inl > LONG_MAX) - return 0; - - while (inl >= EVP_MAXCHUNK) { - idea_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &((EVP_IDEA_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; + size_t chunk = LONG_MAX & ~0xff; + + while (inl >= chunk) { + idea_cbc_encrypt(in, out, (long)chunk, &((EVP_IDEA_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt); + inl -= chunk; + in += chunk; + out += chunk; } if (inl) @@ -144,14 +141,13 @@ idea_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in static int idea_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { - if (inl > LONG_MAX) - return 0; - - while (inl >= EVP_MAXCHUNK) { - idea_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, &((EVP_IDEA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; + size_t chunk = LONG_MAX & ~0xff; + + while (inl >= chunk) { + idea_ofb64_encrypt(in, out, (long)chunk, &((EVP_IDEA_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num); + inl -= chunk; + in += chunk; + out += chunk; } if (inl) @@ -163,10 +159,7 @@ idea_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in static int idea_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { - size_t chunk = EVP_MAXCHUNK; - - if (inl > LONG_MAX) - return 0; + size_t chunk = LONG_MAX & ~0xff; if (inl < chunk) chunk = inl; diff --git a/lib/libcrypto/evp/e_rc2.c b/lib/libcrypto/evp/e_rc2.c index 4f92365e7e7..1af17a7c412 100644 --- a/lib/libcrypto/evp/e_rc2.c +++ b/lib/libcrypto/evp/e_rc2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_rc2.c,v 1.18 2022/09/10 17:39:47 jsing Exp $ */ +/* $OpenBSD: e_rc2.c,v 1.19 2022/09/15 07:04:19 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -88,14 +88,13 @@ typedef struct { static int rc2_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { - if (inl > LONG_MAX) - return 0; + size_t chunk = LONG_MAX & ~0xff; - while (inl >= EVP_MAXCHUNK) { - RC2_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &((EVP_RC2_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; + while (inl >= chunk) { + RC2_cbc_encrypt(in, out, (long)chunk, &((EVP_RC2_KEY *)ctx->cipher_data)->ks, ctx->iv, ctx->encrypt); + inl -= chunk; + in += chunk; + out += chunk; } if (inl) @@ -107,10 +106,7 @@ rc2_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, static int rc2_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { - size_t chunk = EVP_MAXCHUNK; - - if (inl > LONG_MAX) - return 0; + size_t chunk = LONG_MAX & ~0xff; if (inl < chunk) chunk = inl; @@ -132,9 +128,6 @@ rc2_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, { size_t i, bl; - if (inl > LONG_MAX) - return 0; - bl = ctx->cipher->block_size; if (inl < bl) @@ -151,14 +144,13 @@ rc2_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, static int rc2_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { - if (inl > LONG_MAX) - return 0; + size_t chunk = LONG_MAX & ~0xff; - while (inl >= EVP_MAXCHUNK) { - RC2_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, &((EVP_RC2_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; + while (inl >= chunk) { + RC2_ofb64_encrypt(in, out, (long)chunk, &((EVP_RC2_KEY *)ctx->cipher_data)->ks, ctx->iv, &ctx->num); + inl -= chunk; + in += chunk; + out += chunk; } if (inl) -- 2.20.1