diff options
author | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2020-06-02 11:52:24 +0200 |
---|---|---|
committer | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2020-06-03 13:15:36 +0200 |
commit | 42fa3e66697baa121220b4eacf03607280e4ff89 (patch) | |
tree | 8fc5f24210e5b79f79bfb25b708146cbf046b641 | |
parent | 2b584ff372b2b25bb6801172bbeb90074b26f88c (diff) |
Fix a buffer overflow in drbg_ctr_generate
This can happen if the 32-bit counter overflows
and the last block is not a multiple of 16 bytes.
Fixes #12012
[extended tests]
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/12016)
-rw-r--r-- | crypto/rand/drbg_ctr.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/crypto/rand/drbg_ctr.c b/crypto/rand/drbg_ctr.c index 050ae49652..33e1b324c6 100644 --- a/crypto/rand/drbg_ctr.c +++ b/crypto/rand/drbg_ctr.c @@ -366,9 +366,11 @@ __owur static int drbg_ctr_generate(RAND_DRBG *drbg, ctr32 = GETU32(ctr->V + 12) + blocks; if (ctr32 < blocks) { /* 32-bit counter overflow into V. */ - blocks -= ctr32; - buflen = blocks * 16; - ctr32 = 0; + if (ctr32 != 0) { + blocks -= ctr32; + buflen = blocks * 16; + ctr32 = 0; + } ctr96_inc(ctr->V); } PUTU32(ctr->V + 12, ctr32); |