[29728] in CVS-changelog-for-Kerberos-V5

home help back first fref pref prev next nref lref last post

krb5 commit: Improve builtin PBKDF2 code hygiene

daemon@ATHENA.MIT.EDU (Greg Hudson)
Thu Oct 6 11:04:42 2016

Date: Thu, 6 Oct 2016 11:04:38 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201610061504.u96F4cUh024070@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu

https://github.com/krb5/krb5/commit/66ae03f07dfe2ea876965ece14558c8fb253cb45
commit 66ae03f07dfe2ea876965ece14558c8fb253cb45
Author: Greg Hudson <ghudson@mit.edu>
Date:   Tue Oct 4 11:35:29 2016 -0400

    Improve builtin PBKDF2 code hygiene
    
    In F() in the builtin implementation of PBKDF2, use make_data() to
    fully initialize sdata and out; otherwise we (harmlessly) copy an
    uninitialized magic field in hmac().  Also simplify out the local
    variable tlen.

 src/lib/crypto/builtin/pbkdf2.c |   13 ++++---------
 1 files changed, 4 insertions(+), 9 deletions(-)

diff --git a/src/lib/crypto/builtin/pbkdf2.c b/src/lib/crypto/builtin/pbkdf2.c
index 6a97270..d36b32e 100644
--- a/src/lib/crypto/builtin/pbkdf2.c
+++ b/src/lib/crypto/builtin/pbkdf2.c
@@ -97,7 +97,6 @@ F(char *output, char *u_tmp1, char *u_tmp2,
   const krb5_data *salt, unsigned long count, int i)
 {
     unsigned char ibytes[4];
-    size_t tlen;
     unsigned int j, k;
     krb5_data sdata;
     krb5_data out;
@@ -111,19 +110,15 @@ F(char *output, char *u_tmp1, char *u_tmp2,
     /* Compute U_1.  */
     store_32_be(i, ibytes);
 
-    tlen = salt->length;
-    memcpy(u_tmp2, salt->data, tlen);
-    memcpy(u_tmp2 + tlen, ibytes, 4);
-    tlen += 4;
-    sdata.data = u_tmp2;
-    sdata.length = tlen;
+    memcpy(u_tmp2, salt->data, salt->length);
+    memcpy(u_tmp2 + salt->length, ibytes, 4);
+    sdata = make_data(u_tmp2, salt->length + 4);
 
 #if 0
     printd("initial salt", &sdata);
 #endif
 
-    out.data = u_tmp1;
-    out.length = hlen;
+    out = make_data(u_tmp1, hlen);
 
 #if 0
     printf("F: computing hmac #1 (U_1) with %s\n", pdata.contents);
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
home help back first fref pref prev next nref lref last post