Re: [PATCH] crypto: drbg: check blocklen is non zero
On Thu, Aug 20, 2020 at 06:27:36AM -0700, Tom Rix wrote: > There are many divide by 0 reports. This one got attention because it is in > crypto, where i believe problems, even false positives, should be fixed. Please don't top post. AS your bug report is a false positive I'm rejecting your patch. Cheers, -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Re: [PATCH] crypto: drbg: check blocklen is non zero
There are many divide by 0 reports. This one got attention because it is in crypto, where i believe problems, even false positives, should be fixed. Tom On 8/20/20 12:15 AM, Herbert Xu wrote: > On Sun, Aug 02, 2020 at 10:12:47AM -0700, t...@redhat.com wrote: >> From: Tom Rix >> >> Clang static analysis reports this error >> >> crypto/drbg.c:441:40: warning: Division by zero >> padlen = (inputlen + sizeof(L_N) + 1) % (drbg_blocklen(drbg)); >> ~^~~ >> >> When drbg_bocklen fails it returns 0. >> >> if (drbg && drbg->core) >> return drbg->core->blocklen_bytes; >> return 0; > Yes but it can only fail if the drbg is not instantiated. If > you're hitting the generate path with an uninstantiated drbg you've > got bigger problems than a divide by zero. > > So how is this even possible? > > Cheers,
Re: [PATCH] crypto: drbg: check blocklen is non zero
On Sun, Aug 02, 2020 at 10:12:47AM -0700, t...@redhat.com wrote: > From: Tom Rix > > Clang static analysis reports this error > > crypto/drbg.c:441:40: warning: Division by zero > padlen = (inputlen + sizeof(L_N) + 1) % (drbg_blocklen(drbg)); > ~^~~ > > When drbg_bocklen fails it returns 0. > > if (drbg && drbg->core) > return drbg->core->blocklen_bytes; > return 0; Yes but it can only fail if the drbg is not instantiated. If you're hitting the generate path with an uninstantiated drbg you've got bigger problems than a divide by zero. So how is this even possible? Cheers, -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Re: [PATCH] crypto: drbg: check blocklen is non zero
Am Sonntag, 2. August 2020, 19:12:47 CEST schrieb t...@redhat.com:
Hi Tom,
> From: Tom Rix
>
> Clang static analysis reports this error
>
> crypto/drbg.c:441:40: warning: Division by zero
> padlen = (inputlen + sizeof(L_N) + 1) % (drbg_blocklen(drbg));
> ~^~~
>
> When drbg_bocklen fails it returns 0.
>
> if (drbg && drbg->core)
> return drbg->core->blocklen_bytes;
> return 0;
>
> In many places in drbg_ctr_df drbg_bocklen is assumed to be non zero.
> So turn the assumption into a check.
>
> Fixes: 541af946fe13 ("crypto: drbg - SP800-90A Deterministic Random Bit
> Generator")
>
> Signed-off-by: Tom Rix
Thank you.
Reviewed-by: Stephan Mueller
Ciao
Stephan
[PATCH] crypto: drbg: check blocklen is non zero
From: Tom Rix
Clang static analysis reports this error
crypto/drbg.c:441:40: warning: Division by zero
padlen = (inputlen + sizeof(L_N) + 1) % (drbg_blocklen(drbg));
~^~~
When drbg_bocklen fails it returns 0.
if (drbg && drbg->core)
return drbg->core->blocklen_bytes;
return 0;
In many places in drbg_ctr_df drbg_bocklen is assumed to be non zero.
So turn the assumption into a check.
Fixes: 541af946fe13 ("crypto: drbg - SP800-90A Deterministic Random Bit
Generator")
Signed-off-by: Tom Rix
---
crypto/drbg.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/crypto/drbg.c b/crypto/drbg.c
index e99fe34cfa00..bd9a137e5473 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -420,6 +420,9 @@ static int drbg_ctr_df(struct drbg_state *drbg,
size_t inputlen = 0;
struct drbg_string *seed = NULL;
+ if (!drbg_blocklen(drbg))
+ return -EINVAL;
+
memset(pad, 0, drbg_blocklen(drbg));
memset(iv, 0, drbg_blocklen(drbg));
--
2.18.1
