fips-prf: Add explicit bound check to avoid GCC 12 compile warning

GCC assumes this->b is zero (or may be zero) and spits out the following
warning (or error with -Werror):

src/libstrongswan/plugins/fips_prf/fips_prf.c:124:12: error: array subscript 18446744073709551615 is above array bounds of ‘uint8_t[<U8090>]’ {aka ‘unsigned char[<U8090>]’} [-Werror=array-bounds]
  124 |         one[this->b - 1] = 0x01;
      |         ~~~^~~~~~~~~~~~~

diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf.c b/src/libstrongswan/plugins/fips_prf/fips_prf.c
index a51cfe105ffaffe24e396632bbfcb189f55953f4..3acec596e2cb278ac827126f7be296887c1e355e 100644 (file)
--- a/src/libstrongswan/plugins/fips_prf/fips_prf.c
+++ b/src/libstrongswan/plugins/fips_prf/fips_prf.c
@@ -114,9 +114,9 @@ METHOD(prf_t, get_bytes, bool,
        uint8_t *xkey = this->key;
        uint8_t one[this->b];
 
-       if (!w)
+       if (!w || !this->b)
        {
-               /* append mode is not supported */
+               /* append mode is not supported, the other check is to make GCC happy */
                return FALSE;
        }