VirtualBox

source: vbox/trunk/src/libs/openssl-3.4.1/doc/designs/handling-some-max-defines.md

Last change on this file was 109052, checked in by vboxsync, 3 weeks ago

openssl-3.4.1: Applied our changes, regenerated files, added missing files and functions. This time with a three way merge. ​bugref:10890
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 4.6 KB
Line 
1Handling Some MAX Defines in Future
2===================================
3
4Problem Definition
5------------------
6
7The public headers contain multiple `#define` macros that limit sizes or
8numbers of various kinds. In some cases they are uncontroversial so they
9do not require any changes or workarounds for these limits. Such values
10are not discussed further in this document. This document discusses only
11some particularly problematic values and proposes some ways how to
12change or overcome these particular limits.
13
14Individual Values
15-----------------
16
17### HMAC_MAX_MD_CBLOCK
18
19**Current value:** 200
20
21This is a deprecated define which is useless. It is not used anywhere.
22
23#### Proposed solution:
24
25It should be just removed with 4.0.
26
27### EVP_MAX_MD_SIZE
28
29**Current value:** 64
30
31It is unlikely we will see longer than 512 bit hashes any time soon.
32XOF functions do not count and the XOF output length is not and should
33not be limited by this value.
34
35It is widely used throughout the codebase and by 3rd party applications.
36
37#### API calls depending on this:
38
39HMAC() - no way to specify the length of the output buffer
40
41X509_pubkey_digest() - no way to specify the length of the output buffer
42
43EVP_Q_digest() - no way to specify the length of the output buffer
44
45EVP_Digest() - no way to specify the length of the output buffer
46
47EVP_DigestFinal_ex() - this is actually documented to allow larger output
48if set explicitly by some application call that sets the output size
49
50#### Proposed solution:
51
52Keep the value as is, do not deprecate. Review the codebase if it isn't
53used in places where XOF might be used with arbitrary output length.
54
55Perhaps introduce API calls replacing the calls above that would have
56an input parameter indicating the size of the output buffer.
57
58### EVP_MAX_KEY_LENGTH
59
60**Current value:** 64
61
62This is used throughout the code and depended on in a subtle way. It can
63be assumed that 3rd party applications use this value to allocate fixed
64buffers for keys. It is unlikely that symmetric ciphers with keys longer
65than 512 bits will be used any time soon.
66
67#### API calls depending on this:
68
69EVP_KDF_CTX_get_kdf_size() returns EVP_MAX_KEY_LENGTH for KRB5KDF until
70the cipher is set.
71
72EVP_CIPHER_CTX_rand_key() - no way to specify the length of the output
73buffer.
74
75#### Proposed solution:
76
77Keep the value as is, do not deprecate. Possibly review the codebase
78to not depend on this value but there are many such cases. Avoid adding
79further APIs depending on this value.
80
81### EVP_MAX_IV_LENGTH
82
83**Current value:** 16
84
85This value is the most problematic one as in case there are ciphers with
86longer block size than 128 bits it could be potentially useful to have
87longer IVs than just 16 bytes. There are many cases throughout the code
88where fixed size arrays of EVP_MAX_IV_LENGTH are used.
89
90#### API calls depending on this:
91
92SSL_CTX_set_tlsext_ticket_key_evp_cb() explicitly uses EVP_MAX_IV_LENGTH
93in the callback function signature.
94
95SSL_CTX_set_tlsext_ticket_key_cb() is a deprecated version of the same
96and has the same problem.
97
98#### Proposed solution:
99
100Deprecate the above API call and add a replacement which explicitly
101passes the length of the _iv_ parameter.
102
103Review and modify the codebase to not depend on and use EVP_MAX_IV_LENGTH.
104
105Deprecate the EVP_MAX_IV_LENGTH macro. Avoid adding further APIs depending
106on this value.
107
108### EVP_MAX_BLOCK_LENGTH
109
110**Current value:** 32
111
112This is used in a few places in the code. It is possible that this is
113used by 3rd party applications to allocate some fixed buffers for single
114or multiple blocks. It is unlikely that symmetric ciphers with block sizes
115 longer than 256 bits will be used any time soon.
116
117#### API calls depending on this:
118
119None
120
121#### Proposed solution:
122
123Keep the value as is, do not deprecate. Possibly review the codebase
124to not depend on this value but there are many such cases. Avoid adding
125APIs depending on this value.
126
127### EVP_MAX_AEAD_TAG_LENGTH
128
129**Current value:** 16
130
131This macro is used in a single place in hpke to allocate a fixed buffer.
132The EVP_EncryptInit(3) manual page mentions the tag size being at most
13316 bytes for EVP_CIPHER_CTX_ctrl(EVP_CTRL_AEAD_SET_TAG). The value is
134problematic as for HMAC/KMAC based AEAD ciphers the tag length can be
135larger than block size. Even in case we would have block ciphers with
136256 block size the maximum tag length value of 16 is limiting.
137
138#### API calls depending on this:
139
140None (except the documentation in
141EVP_CIPHER_CTX_ctrl(EVP_CTRL_AEAD_SET/GET_TAG))
142
143#### Proposed solution:
144
145Review and modify the codebase to not depend on and use
146EVP_MAX_AEAD_TAG_LENGTH.
147
148Deprecate the EVP_MAX_AEAD_TAG_LENGTH macro. Avoid adding APIs depending
149on this value.
Note: See TracBrowser for help on using the repository browser.

© 2025 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette