krb5 commit: Improve builtin PBKDF2 code hygiene

Greg Hudson ghudson at mit.edu
Thu Oct 6 11:04:38 EDT 2016


https://github.com/krb5/krb5/commit/66ae03f07dfe2ea876965ece14558c8fb253cb45
commit 66ae03f07dfe2ea876965ece14558c8fb253cb45
Author: Greg Hudson <ghudson at mit.edu>
Date:   Tue Oct 4 11:35:29 2016 -0400

    Improve builtin PBKDF2 code hygiene
    
    In F() in the builtin implementation of PBKDF2, use make_data() to
    fully initialize sdata and out; otherwise we (harmlessly) copy an
    uninitialized magic field in hmac().  Also simplify out the local
    variable tlen.

 src/lib/crypto/builtin/pbkdf2.c |   13 ++++---------
 1 files changed, 4 insertions(+), 9 deletions(-)

diff --git a/src/lib/crypto/builtin/pbkdf2.c b/src/lib/crypto/builtin/pbkdf2.c
index 6a97270..d36b32e 100644
--- a/src/lib/crypto/builtin/pbkdf2.c
+++ b/src/lib/crypto/builtin/pbkdf2.c
@@ -97,7 +97,6 @@ F(char *output, char *u_tmp1, char *u_tmp2,
   const krb5_data *salt, unsigned long count, int i)
 {
     unsigned char ibytes[4];
-    size_t tlen;
     unsigned int j, k;
     krb5_data sdata;
     krb5_data out;
@@ -111,19 +110,15 @@ F(char *output, char *u_tmp1, char *u_tmp2,
     /* Compute U_1.  */
     store_32_be(i, ibytes);
 
-    tlen = salt->length;
-    memcpy(u_tmp2, salt->data, tlen);
-    memcpy(u_tmp2 + tlen, ibytes, 4);
-    tlen += 4;
-    sdata.data = u_tmp2;
-    sdata.length = tlen;
+    memcpy(u_tmp2, salt->data, salt->length);
+    memcpy(u_tmp2 + salt->length, ibytes, 4);
+    sdata = make_data(u_tmp2, salt->length + 4);
 
 #if 0
     printd("initial salt", &sdata);
 #endif
 
-    out.data = u_tmp1;
-    out.length = hlen;
+    out = make_data(u_tmp1, hlen);
 
 #if 0
     printf("F: computing hmac #1 (U_1) with %s\n", pdata.contents);


More information about the cvs-krb5 mailing list