On 18.09.2019 21:02, Kamil Rytarowski wrote:
> On 02.09.2019 22:09, Taylor R Campbell wrote:
>> Module Name: src
>> Committed By: riastradh
>> Date: Mon Sep 2 20:09:30 UTC 2019
>>
>> Modified Files:
>> src/sys/conf: files
>> src/sys/dev: rndpseudo.c
>> src/sys/kern: subr_cprng.c
>> src/sys/rump/kern/lib/libcrypto: Makefile
>> src/sys/rump/librump/rumpkern: Makefile.rumpkern
>> src/sys/sys: cprng.h
>> Added Files:
>> src/sys/crypto/nist_hash_drbg: files.nist_hash_drbg nist_hash_drbg.c
>> nist_hash_drbg.h
>> Removed Files:
>> src/sys/crypto/nist_ctr_drbg: files.nist_ctr_drbg
>> nist_ctr_aes_rijndael.h nist_ctr_drbg.c nist_ctr_drbg.h
>> nist_ctr_drbg_aes128.h nist_ctr_drbg_aes256.h
>> nist_ctr_drbg_config.h
>>
>> Log Message:
>> Switch from NIST CTR_DRBG with AES to NIST Hash_DRBG with SHA-256.
>>
>
> This breaks kUBSan:
>
> Undefined Behavior in
> /syzkaller/managers/netbsd-kubsan/kernel/sys/crypto/nist_hash_drbg/nist_hash_drbg.c:1090:4,
> variable length array bound value -1 <= 0
>
> It breaks in this line:
>
> CHECK(i, "rnd_val[0]", rnd_val, kat[i].rnd_val[0],
> sizeof(kat[i].rnd_val[0]) - trunc);
>
> https://github.com/NetBSD/src/blob/trunk/sys/crypto/nist_hash_drbg/nist_hash_drbg.c#L1090
>
> Can you have a look?
>
(gdb) p trunc
$1 = 1
(gdb) p sizeof(kat[i].rnd_val[0])
- trunc
$2 = 63
(gdb) p sizeof(rnd_val)
$3 = 64
$2 != $3 and the assert is fired.
Attachment:
signature.asc
Description: OpenPGP digital signature