hkdf_expand: explicitly initialize t t is never used uninitialized, since the first loop iteration reads 0 bytes of it and then writes hash_len bytes, and subsequent iterations read and write hash_len bytes. However this is somewhat fragile, and it would be legitimate for a static analyzer to be unsure. Initialize t explicitly, to make the code clearer and more robust, at negligible cost. Reported by Vasily Evseenko in https://github.com/ARMmbed/mbedtls/pull/2942 with a slightly different fix. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

commit: 3ab121a6034aa36a895e1bbb5daab7a27d8b14c3 [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Thu Apr 02 19:51:05 2020 +0200
committer: Gilles Peskine <Gilles.Peskine@arm.com> Thu Apr 02 19:54:51 2020 +0200
tree: 980551e11b573e39d1e0ecffa35e3842f59f1b47
parent: 60d6516c60edff75b0c60a177f70604167b6bc8b [diff] [blame]
diff --git a/library/hkdf.c b/library/hkdf.c
index 3b9942c..82df597 100644
--- a/library/hkdf.c
+++ b/library/hkdf.c

@@ -136,6 +136,8 @@
         goto exit;
     }
 
+    memset( t, 0, hash_len );
+
     /*
      * Compute T = T(1) | T(2) | T(3) | ... | T(N)
      * Where T(N) is defined in RFC 5869 Section 2.3
commit	3ab121a6034aa36a895e1bbb5daab7a27d8b14c3	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Thu Apr 02 19:51:05 2020 +0200
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Thu Apr 02 19:54:51 2020 +0200
tree	980551e11b573e39d1e0ecffa35e3842f59f1b47
parent	60d6516c60edff75b0c60a177f70604167b6bc8b [diff] [blame]