[PATCH] crypto: drbg: check blocklen is non zero

[PATCH] crypto: drbg: check blocklen is non zero

[trix]

From: Tom Rix <trix@redhat.com>

Clang static analysis reports this error

crypto/drbg.c:441:40: warning: Division by zero
        padlen = (inputlen + sizeof(L_N) + 1) % (drbg_blocklen(drbg));
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~

When drbg_bocklen fails it returns 0.

	if (drbg && drbg->core)
		return drbg->core->blocklen_bytes;
	return 0;

In many places in drbg_ctr_df drbg_bocklen is assumed to be non zero.
So turn the assumption into a check.

Fixes: 541af946fe13 ("crypto: drbg - SP800-90A Deterministic Random Bit Generator")

Signed-off-by: Tom Rix <trix@redhat.com>
---
 crypto/drbg.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/crypto/drbg.c b/crypto/drbg.c
index e99fe34cfa00..bd9a137e5473 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -420,6 +420,9 @@ static int drbg_ctr_df(struct drbg_state *drbg,
 	size_t inputlen = 0;
 	struct drbg_string *seed = NULL;
 
+	if (!drbg_blocklen(drbg))
+		return -EINVAL;
+
 	memset(pad, 0, drbg_blocklen(drbg));
 	memset(iv, 0, drbg_blocklen(drbg));
 
-- 
2.18.1

Re: [PATCH] crypto: drbg: check blocklen is non zero

[Stephan Mueller]

Am Sonntag, 2. August 2020, 19:12:47 CEST schrieb trix@redhat.com:

Hi Tom,

> From: Tom Rix <trix@redhat.com>
> 
> Clang static analysis reports this error
> 
> crypto/drbg.c:441:40: warning: Division by zero
>         padlen = (inputlen + sizeof(L_N) + 1) % (drbg_blocklen(drbg));
>                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~
> 
> When drbg_bocklen fails it returns 0.
> 
> 	if (drbg && drbg->core)
> 		return drbg->core->blocklen_bytes;
> 	return 0;
> 
> In many places in drbg_ctr_df drbg_bocklen is assumed to be non zero.
> So turn the assumption into a check.
> 
> Fixes: 541af946fe13 ("crypto: drbg - SP800-90A Deterministic Random Bit
> Generator")
> 
> Signed-off-by: Tom Rix <trix@redhat.com>

Thank you.

Reviewed-by: Stephan Mueller <smueller@chronox.de>

Ciao
Stephan

Re: [PATCH] crypto: drbg: check blocklen is non zero

[Herbert Xu]

On Sun, Aug 02, 2020 at 10:12:47AM -0700, trix@redhat.com wrote:
> From: Tom Rix <trix@redhat.com>
> 
> Clang static analysis reports this error
> 
> crypto/drbg.c:441:40: warning: Division by zero
>         padlen = (inputlen + sizeof(L_N) + 1) % (drbg_blocklen(drbg));
>                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~
> 
> When drbg_bocklen fails it returns 0.
> 
> 	if (drbg && drbg->core)
> 		return drbg->core->blocklen_bytes;
> 	return 0;

Yes but it can only fail if the drbg is not instantiated.  If
you're hitting the generate path with an uninstantiated drbg you've
got bigger problems than a divide by zero.

So how is this even possible?

Cheers,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCH] crypto: drbg: check blocklen is non zero

[Tom Rix]

There are many divide by 0 reports.  This one got attention because it is in crypto, where i believe problems, even false positives, should be fixed.

Tom

On 8/20/20 12:15 AM, Herbert Xu wrote:
> On Sun, Aug 02, 2020 at 10:12:47AM -0700, trix@redhat.com wrote:
>> From: Tom Rix <trix@redhat.com>
>>
>> Clang static analysis reports this error
>>
>> crypto/drbg.c:441:40: warning: Division by zero
>>         padlen = (inputlen + sizeof(L_N) + 1) % (drbg_blocklen(drbg));
>>                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~
>>
>> When drbg_bocklen fails it returns 0.
>>
>> 	if (drbg && drbg->core)
>> 		return drbg->core->blocklen_bytes;
>> 	return 0;
> Yes but it can only fail if the drbg is not instantiated.  If
> you're hitting the generate path with an uninstantiated drbg you've
> got bigger problems than a divide by zero.
>
> So how is this even possible?
>
> Cheers,

Re: [PATCH] crypto: drbg: check blocklen is non zero

[Herbert Xu]

On Thu, Aug 20, 2020 at 06:27:36AM -0700, Tom Rix wrote:
> There are many divide by 0 reports.  This one got attention because it is in crypto, where i believe problems, even false positives, should be fixed.

Please don't top post.

AS your bug report is a false positive I'm rejecting your patch.

Cheers,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt