Commit 6c02774fd3 for openssl.org
commit 6c02774fd33d3a65dfcfabfc01778afb48070461
Author: Eugene Syromiatnikov <esyr@openssl.org>
Date: Thu Aug 28 16:43:13 2025 +0200
Explicitly limit the OPENSSL_aligned_alloc()'s alignment to 65536
There is little need to support alignments larger than a page size,
and the open-coded OPENSSL_aligned_alloc() implementation implements
that support in quite wasteful manner, so it is better just to limit
the maximum supported alignment explicitly. The value of 65536
has been chosen so it is architecture-agnostic and is no less than page sizes
used in commonly occurring architectures (and also it is a pretty number).
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Saša NedvÄ›dický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28295)
diff --git a/crypto/aligned_alloc.c b/crypto/aligned_alloc.c
index dcc2b406a2..f2eed13c6c 100644
--- a/crypto/aligned_alloc.c
+++ b/crypto/aligned_alloc.c
@@ -21,8 +21,9 @@ void *ossl_malloc_align(size_t num, size_t alignment, void **freeptr,
*freeptr = NULL;
- /* Ensure that alignment is a power of two */
- if (alignment == 0 || (alignment & (alignment - 1)) != 0) {
+ /* Ensure that alignment is a power of two no larger than 65536 */
+ if (alignment == 0 || (alignment & (alignment - 1)) != 0
+ || alignment > 65536) {
ossl_report_alloc_err_inv(file, line);
return NULL;
}
diff --git a/crypto/mem.c b/crypto/mem.c
index 681cecfadf..f772e6c461 100644
--- a/crypto/mem.c
+++ b/crypto/mem.c
@@ -233,8 +233,9 @@ void *CRYPTO_aligned_alloc(size_t num, size_t alignment, void **freeptr,
{
*freeptr = NULL;
- /* Ensure that alignment is a power of two */
- if (alignment == 0 || (alignment & (alignment - 1)) != 0) {
+ /* Ensure that alignment is a power of two no larger than 65536 */
+ if (alignment == 0 || (alignment & (alignment - 1)) != 0
+ || alignment > 65536) {
ossl_report_alloc_err_inv(file, line);
return NULL;
}
diff --git a/doc/man3/OPENSSL_malloc.pod b/doc/man3/OPENSSL_malloc.pod
index 63b7cfd29c..5ddc6e4a6c 100644
--- a/doc/man3/OPENSSL_malloc.pod
+++ b/doc/man3/OPENSSL_malloc.pod
@@ -125,7 +125,7 @@ OPENSSL_zalloc() calls memset() to zero the memory before returning.
OPENSSL_aligned_alloc() operates just as OPENSSL_malloc() does, but it
allows for the caller to specify an alignment value, for instances in
which the default alignment of malloc is insufficient for the caller's
-needs. Note, the alignment value must be a power of 2.
+needs. Note, the alignment value must be a power of 2 no larger than 65536.
NOTE: the call to OPENSSL_aligned_alloc() accepts a 3rd argument, I<freeptr>
which must point to a void pointer. On some platforms, there is no available
library call to obtain memory allocations with alignment greater than what
@@ -311,6 +311,9 @@ was built with C<OPENSSL_SMALL_FOOTPRINT> macro defined. Consequently,
the caller may need to fall back to a non-aligned memory allocation
(and open-code the alignment routine if the alignment is a requirement).
+Before OpenSSL 4.0, the call to OPENSSL_aligned_alloc() did not have
+an explicit upper limit on the value of I<alignment>.
+
=head1 COPYRIGHT
Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/test/mem_alloc_test.c b/test/mem_alloc_test.c
index 30c479cd80..98283121a6 100644
--- a/test/mem_alloc_test.c
+++ b/test/mem_alloc_test.c
@@ -173,6 +173,8 @@ static const struct array_aligned_alloc_vector {
{ 8, 8, 63, EXP_INVAL, EXP_INVAL },
{ 8, 8, 64, EXP_NONNULL, EXP_NONNULL },
+ { 3, 4, 65536, EXP_NONNULL, EXP_NONNULL },
+ { 8, 8, 131072, EXP_INVAL, EXP_INVAL },
{ SIZE_MAX / 8 + 9, 8, 64, EXP_NONNULL, EXP_INT_OF },
/*