LKML Archive on
 help / color / Atom feed
	Tom Rix <>
Subject: [PATCH] crypto: drbg: check blocklen is non zero
Date: Sun,  2 Aug 2020 10:12:47 -0700
Message-ID: <> (raw)

From: Tom Rix <>

Clang static analysis reports this error

crypto/drbg.c:441:40: warning: Division by zero
        padlen = (inputlen + sizeof(L_N) + 1) % (drbg_blocklen(drbg));

When drbg_bocklen fails it returns 0.

	if (drbg && drbg->core)
		return drbg->core->blocklen_bytes;
	return 0;

In many places in drbg_ctr_df drbg_bocklen is assumed to be non zero.
So turn the assumption into a check.

Fixes: 541af946fe13 ("crypto: drbg - SP800-90A Deterministic Random Bit Generator")

Signed-off-by: Tom Rix <>
 crypto/drbg.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/crypto/drbg.c b/crypto/drbg.c
index e99fe34cfa00..bd9a137e5473 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -420,6 +420,9 @@ static int drbg_ctr_df(struct drbg_state *drbg,
 	size_t inputlen = 0;
 	struct drbg_string *seed = NULL;
+	if (!drbg_blocklen(drbg))
+		return -EINVAL;
 	memset(pad, 0, drbg_blocklen(drbg));
 	memset(iv, 0, drbg_blocklen(drbg));

             reply index

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-08-02 17:12 trix [this message]
2020-08-02 18:29 ` Stephan Mueller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

LKML Archive on

Archives are clonable:
	git clone --mirror lkml/git/0.git
	git clone --mirror lkml/git/1.git
	git clone --mirror lkml/git/2.git
	git clone --mirror lkml/git/3.git
	git clone --mirror lkml/git/4.git
	git clone --mirror lkml/git/5.git
	git clone --mirror lkml/git/6.git
	git clone --mirror lkml/git/7.git
	git clone --mirror lkml/git/8.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 lkml lkml/ \
	public-inbox-index lkml

Example config snippet for mirrors

Newsgroup available over NNTP:

AGPL code for this site: git clone