| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20200802171247.16558-1-trix@redhat.com>
Date: Sun, 2 Aug 2020 10:12:47 -0700
From: trix@...hat.com
To: herbert@...dor.apana.org.au, davem@...emloft.net,
smueller@...onox.de
Cc: linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org,
Tom Rix <trix@...hat.com>
Subject: [PATCH] crypto: drbg: check blocklen is non zero
From: Tom Rix <trix@...hat.com>
Clang static analysis reports this error
crypto/drbg.c:441:40: warning: Division by zero
padlen = (inputlen + sizeof(L_N) + 1) % (drbg_blocklen(drbg));
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~
When drbg_bocklen fails it returns 0.
if (drbg && drbg->core)
return drbg->core->blocklen_bytes;
return 0;
In many places in drbg_ctr_df drbg_bocklen is assumed to be non zero.
So turn the assumption into a check.
Fixes: 541af946fe13 ("crypto: drbg - SP800-90A Deterministic Random Bit Generator")
Signed-off-by: Tom Rix <trix@...hat.com>
---
crypto/drbg.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/crypto/drbg.c b/crypto/drbg.c
index e99fe34cfa00..bd9a137e5473 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -420,6 +420,9 @@ static int drbg_ctr_df(struct drbg_state *drbg,
size_t inputlen = 0;
struct drbg_string *seed = NULL;
+ if (!drbg_blocklen(drbg))
+ return -EINVAL;
+
memset(pad, 0, drbg_blocklen(drbg));
memset(iv, 0, drbg_blocklen(drbg));
--
2.18.1
Powered by blists - more mailing lists