Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing error check of function entropy_get_entropy() #29869

Closed
Hxinrong opened this issue Nov 8, 2020 · 2 comments · Fixed by #29955
Closed

Missing error check of function entropy_get_entropy() #29869

Hxinrong opened this issue Nov 8, 2020 · 2 comments · Fixed by #29955
Assignees
@ceolin
Labels
bug The issue is a bug, or the PR is fixing a bug priority: low Low impact/importance bug

Comments

@Hxinrong
Copy link
Contributor

Hxinrong commented Nov 8, 2020

Hi,
As described in the project API documentation, function entropy_get_entropy() fills a buffer with entropy, returns 0 on success, and returns -ERRNO on error. However, as shown in the following code, a missing error check take places.

zephyr/subsys/random/rand32_ctr_drbg.c

Lines 133 to 135 in 577d588

entropy_get_entropy(entropy_driver,
(void *)&entropy, sizeof(entropy));

Furthermore, the return values of function entropy_get_entropy() from other call sites are all checked. See the following code which is from the same file, for example.

zephyr/subsys/random/rand32_ctr_drbg.c

Lines 85 to 90 in 577d588

ret = entropy_get_entropy(entropy_driver, (void *)&entropy,
sizeof(entropy));
if (ret != 0) {
return -EIO;
}

@Hxinrong Hxinrong added the bug The issue is a bug, or the PR is fixing a bug label Nov 8, 2020
@carlescufi
Copy link
Member

@Hxinrong would you mind sending a pull request for this?

@nashif nashif added the priority: low Low impact/importance bug label Nov 10, 2020
ceolin pushed a commit to ceolin/zephyr that referenced this issue Nov 11, 2020
random: ctr_drbg: Check entropy_get_entropy return
7412675 
entropy_get_entropy return is not being checked what may result in a
vulnerability because tc_ctr_prng_reseed will not get proper entropy
data.

Fixes zephyrproject-rtos#29869

Signed-off-by: Flavio Ceolin <[email protected]>
@ceolin ceolin linked a pull request Nov 11, 2020 that will close this issue
Fix rand32_ctr_drbg error handling #29955
Merged
@ceolin ceolin added the has-pr label Nov 11, 2020
@Hxinrong
Copy link
Contributor Author

Hxinrong commented Nov 12, 2020
edited
Loading

OK, thank you for your reply. Also, in the same file, seeing the following code, the return value of function tc_ctr_prng_reseed() is not checked before it is assigned by another function.

zephyr/subsys/random/rand32_ctr_drbg.c

Lines 136 to 148 in 577d588

ret = tc_ctr_prng_reseed(&ctr_ctx,
entropy,
sizeof(entropy),
drbg_seed,
sizeof(drbg_seed));
ret = tc_ctr_prng_generate(&ctr_ctx, 0, 0,
(uint8_t *)dst, outlen);
ret = (ret == TC_CRYPTO_SUCCESS) ? 0 : -EIO;
} else {
ret = -EIO;
}

MaureenHelm pushed a commit that referenced this issue Dec 1, 2020
@MaureenHelm
random: ctr_drbg: Check entropy_get_entropy return
6ac3d0b 
entropy_get_entropy return is not being checked what may result in a
vulnerability because tc_ctr_prng_reseed will not get proper entropy
data.

Fixes #29869

Signed-off-by: Flavio Ceolin <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ceolin ceolin

Labels
bug The issue is a bug, or the PR is fixing a bug priority: low Low impact/importance bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix rand32_ctr_drbg error handling ceolin/zephyr
4 participants
@nashif @ceolin @carlescufi @Hxinrong