]> git.ipfire.org Git - thirdparty/hostap.git/commitdiff
projects / thirdparty / hostap.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7adc3c1)
Make fips186_2_prf() easier for static analyzers
authorJouni Malinen <j@w1.fi>
Sun, 13 Nov 2011 20:59:33 +0000 (22:59 +0200)
committerJouni Malinen <j@w1.fi>
Sun, 13 Nov 2011 20:59:33 +0000 (22:59 +0200)
Explicitly validate seed_len to skip memset call with zero length
of copied data at the end of the buffer. This is not really needed,
but it makes the code a bit easier for static analyzers.

Signed-hostap: Jouni Malinen <j@w1.fi>

src/crypto/fips_prf_internal.c patch | blob | blame | history

diff --git a/src/crypto/fips_prf_internal.c b/src/crypto/fips_prf_internal.c
index a85cb14d7424ac60a0ee122d86ec32bc36734280..1e0c453a1b0e15168f7764687e6196a4c4ee245e 100644 (file)
--- a/src/crypto/fips_prf_internal.c
+++ b/src/crypto/fips_prf_internal.c
@@ -28,13 +28,14 @@ int fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, size_t xlen)
        u8 *xpos = x;
        u32 carry;
 
-       if (seed_len > sizeof(xkey))
+       if (seed_len < sizeof(xkey))
+               os_memset(xkey + seed_len, 0, sizeof(xkey) - seed_len);
+       else
                seed_len = sizeof(xkey);
 
        /* FIPS 186-2 + change notice 1 */
 
        os_memcpy(xkey, seed, seed_len);
-       os_memset(xkey + seed_len, 0, 64 - seed_len);
        t[0] = 0x67452301;
        t[1] = 0xEFCDAB89;
        t[2] = 0x98BADCFE;
Unnamed repository; edit this file 'description' to name the repository.