From: Jouni Malinen <j@w1.fi>
Date: Sun, 13 Nov 2011 20:59:33 +0000 (+0200)
Subject: Make fips186_2_prf() easier for static analyzers
X-Git-Tag: aosp-jb-start~339
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a9ea17491a2c9e95bf9ac98fd36e56fde3faf188;p=thirdparty%2Fhostap.git

Make fips186_2_prf() easier for static analyzers

Explicitly validate seed_len to skip memset call with zero length
of copied data at the end of the buffer. This is not really needed,
but it makes the code a bit easier for static analyzers.

Signed-hostap: Jouni Malinen <j@w1.fi>
---

diff --git a/src/crypto/fips_prf_internal.c b/src/crypto/fips_prf_internal.c
index a85cb14d7..1e0c453a1 100644
--- a/src/crypto/fips_prf_internal.c
+++ b/src/crypto/fips_prf_internal.c
@@ -28,13 +28,14 @@ int fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, size_t xlen)
 	u8 *xpos = x;
 	u32 carry;
 
-	if (seed_len > sizeof(xkey))
+	if (seed_len < sizeof(xkey))
+		os_memset(xkey + seed_len, 0, sizeof(xkey) - seed_len);
+	else
 		seed_len = sizeof(xkey);
 
 	/* FIPS 186-2 + change notice 1 */
 
 	os_memcpy(xkey, seed, seed_len);
-	os_memset(xkey + seed_len, 0, 64 - seed_len);
 	t[0] = 0x67452301;
 	t[1] = 0xEFCDAB89;
 	t[2] = 0x98BADCFE;