Fix a buffer overflow in drbg_ctr_generate

This can happen if the 32-bit counter overflows and the last block is not a multiple of 16 bytes. Fixes #12012 [extended tests] Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/12016)
author: Bernd Edlinger <bernd.edlinger@hotmail.de> 2020-06-02 11:52:24 +0200
committer: Bernd Edlinger <bernd.edlinger@hotmail.de> 2020-06-03 13:15:36 +0200
commit: 42fa3e66697baa121220b4eacf03607280e4ff89 (patch)
tree: 8fc5f24210e5b79f79bfb25b708146cbf046b641
parent: 2b584ff372b2b25bb6801172bbeb90074b26f88c (diff)
1 files changed, 5 insertions, 3 deletions
diff --git a/crypto/rand/drbg_ctr.c b/crypto/rand/drbg_ctr.c
index 050ae49652..33e1b324c6 100644
--- a/crypto/rand/drbg_ctr.c
+++ b/crypto/rand/drbg_ctr.c
@@ -366,9 +366,11 @@ __owur static int drbg_ctr_generate(RAND_DRBG *drbg,
         ctr32 = GETU32(ctr->V + 12) + blocks;
         if (ctr32 < blocks) {
             /* 32-bit counter overflow into V. */
-            blocks -= ctr32;
-            buflen = blocks * 16;
-            ctr32 = 0;
+            if (ctr32 != 0) {
+                blocks -= ctr32;
+                buflen = blocks * 16;
+                ctr32 = 0;
+            }
             ctr96_inc(ctr->V);
         }
         PUTU32(ctr->V + 12, ctr32);
author	Bernd Edlinger <bernd.edlinger@hotmail.de>	2020-06-02 11:52:24 +0200
committer	Bernd Edlinger <bernd.edlinger@hotmail.de>	2020-06-03 13:15:36 +0200
commit	42fa3e66697baa121220b4eacf03607280e4ff89 (patch)
tree	8fc5f24210e5b79f79bfb25b708146cbf046b641
parent	2b584ff372b2b25bb6801172bbeb90074b26f88c (diff)