Make fips186_2_prf() easier for static analyzers

Explicitly validate seed_len to skip memset call with zero length of copied data at the end of the buffer. This is not really needed, but it makes the code a bit easier for static analyzers. Signed-hostap: Jouni Malinen <j@w1.fi>
author: Jouni Malinen <j@w1.fi> 2011-11-13 22:59:33 +0200
committer: Jouni Malinen <j@w1.fi> 2011-11-13 22:59:33 +0200
commit: a9ea17491a2c9e95bf9ac98fd36e56fde3faf188 (patch)
tree: 0530709b62815fbaf3df84f5cc665dec43f210a1 /src/crypto
parent: 7adc3c129657edb36134ae321b5f45ddb2cd9cdb (diff)
download: external_wpa_supplicant_8_ti-a9ea17491a2c9e95bf9ac98fd36e56fde3faf188.zip
external_wpa_supplicant_8_ti-a9ea17491a2c9e95bf9ac98fd36e56fde3faf188.tar.gz
external_wpa_supplicant_8_ti-a9ea17491a2c9e95bf9ac98fd36e56fde3faf188.tar.bz2
1 files changed, 3 insertions, 2 deletions
diff --git a/src/crypto/fips_prf_internal.c b/src/crypto/fips_prf_internal.c
index a85cb14..1e0c453 100644
--- a/src/crypto/fips_prf_internal.c
+++ b/src/crypto/fips_prf_internal.c
@@ -28,13 +28,14 @@ int fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, size_t xlen)
 	u8 *xpos = x;
 	u32 carry;
 
-	if (seed_len > sizeof(xkey))
+	if (seed_len < sizeof(xkey))
+		os_memset(xkey + seed_len, 0, sizeof(xkey) - seed_len);
+	else
 		seed_len = sizeof(xkey);
 
 	/* FIPS 186-2 + change notice 1 */
 
 	os_memcpy(xkey, seed, seed_len);
-	os_memset(xkey + seed_len, 0, 64 - seed_len);
 	t[0] = 0x67452301;
 	t[1] = 0xEFCDAB89;
 	t[2] = 0x98BADCFE;
author	Jouni Malinen <j@w1.fi>	2011-11-13 22:59:33 +0200
committer	Jouni Malinen <j@w1.fi>	2011-11-13 22:59:33 +0200
commit	a9ea17491a2c9e95bf9ac98fd36e56fde3faf188 (patch)
tree	0530709b62815fbaf3df84f5cc665dec43f210a1 /src/crypto
parent	7adc3c129657edb36134ae321b5f45ddb2cd9cdb (diff)
download	external_wpa_supplicant_8_ti-a9ea17491a2c9e95bf9ac98fd36e56fde3faf188.zip external_wpa_supplicant_8_ti-a9ea17491a2c9e95bf9ac98fd36e56fde3faf188.tar.gz external_wpa_supplicant_8_ti-a9ea17491a2c9e95bf9ac98fd36e56fde3faf188.tar.bz2