From e6a80cbad28ee748830815634917efe96948f2f3 Mon Sep 17 00:00:00 2001 From: Bernd Edlinger Date: Tue, 2 Jun 2020 11:52:24 +0200 Subject: [PATCH] Fix a buffer overflow in drbg_ctr_generate This can happen if the 32-bit counter overflows and the last block is not a multiple of 16 bytes. Fixes #12012 [extended tests] Reviewed-by: Tomas Mraz Reviewed-by: Patrick Steuer Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/12016) (cherry picked from commit 42fa3e66697baa121220b4eacf03607280e4ff89) --- crypto/rand/drbg_ctr.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/crypto/rand/drbg_ctr.c b/crypto/rand/drbg_ctr.c index 89c9ccc876..a757d0a258 100644 --- a/crypto/rand/drbg_ctr.c +++ b/crypto/rand/drbg_ctr.c @@ -367,9 +367,11 @@ __owur static int drbg_ctr_generate(RAND_DRBG *drbg, ctr32 = GETU32(ctr->V + 12) + blocks; if (ctr32 < blocks) { /* 32-bit counter overflow into V. */ - blocks -= ctr32; - buflen = blocks * 16; - ctr32 = 0; + if (ctr32 != 0) { + blocks -= ctr32; + buflen = blocks * 16; + ctr32 = 0; + } ctr96_inc(ctr->V); } PUTU32(ctr->V + 12, ctr32); -- 2.25.1