OpenSSL: Make fips186_2_prf() easier for static analyzers
Explicitly validate seed_len to skip memset call with zero length of
copied data at the end of the buffer. This is not really needed, but it
makes the code a bit easier for static analyzers. This is identical to
the commit a9ea17491a but for the OpenSSL
version of the function.
Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
6e4598755b
commit
c7f1791970
1 changed files with 3 additions and 2 deletions
|
|
@ -31,13 +31,14 @@ int fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, size_t xlen)
|
|||
u8 *xpos = x;
|
||||
u32 carry;
|
||||
|
||||
if (seed_len > sizeof(xkey))
|
||||
if (seed_len < sizeof(xkey))
|
||||
os_memset(xkey + seed_len, 0, sizeof(xkey) - seed_len);
|
||||
else
|
||||
seed_len = sizeof(xkey);
|
||||
|
||||
/* FIPS 186-2 + change notice 1 */
|
||||
|
||||
os_memcpy(xkey, seed, seed_len);
|
||||
os_memset(xkey + seed_len, 0, 64 - seed_len);
|
||||
t[0] = 0x67452301;
|
||||
t[1] = 0xEFCDAB89;
|
||||
t[2] = 0x98BADCFE;
|
||||
|
|
|
|||
Loading…
Reference in a new issue