1 files changed, 21 insertions, 2 deletions
diff --git a/src/util/crypto_hkdf.c b/src/util/crypto_hkdf.c
index 7270b87b6..4e4496819 100644
--- a/src/util/crypto_hkdf.c
+++ b/src/util/crypto_hkdf.c
@@ -103,11 +103,30 @@ getPRK (gcry_md_hd_t mac, const void *xts, size_t xts_len, const void *skm,
        size_t skm_len, void *prk)
 {
  const void *ret;
+  size_t dlen;
-  ret = doHMAC (mac, xts, xts_len, skm, skm_len);
+  dlen = gcry_md_get_algo_dlen (gcry_md_get_algo (mac));
+  /* sanity check to bound stack allocation */
+  GNUNET_assert (dlen <= 512);
+  /* From RFC 5869:
+   * salt - optional salt value (a non-secret random value);
+   * if not provided, it is set to a string of HashLen zeros. */
+  if (xts_len == 0)
+  {
+    char zero_salt[dlen];
+    memset (zero_salt, 0, dlen);
+    ret = doHMAC (mac, zero_salt, dlen, skm, skm_len);
+  }
+  else
+  {
+    ret = doHMAC (mac, xts, xts_len, skm, skm_len);
+  }
  if (ret == NULL)
    return GNUNET_SYSERR;
-  GNUNET_memcpy (prk, ret, gcry_md_get_algo_dlen (gcry_md_get_algo (mac)));
+  GNUNET_memcpy (prk, ret, dlen);
  return GNUNET_YES;
 }

diff --git a/src/util/crypto_hkdf.c b/src/util/crypto_hkdf.c index 7270b87b6..4e4496819 100644 --- a/src/util/crypto_hkdf.c +++ b/src/util/crypto_hkdf.c
@@ -103,11 +103,30 @@ getPRK (gcry_md_hd_t mac, const void xts, size_t xts_len, const void skm,
103	size_t skm_len, void *prk)	103	size_t skm_len, void *prk)
104	{	104	{
105	const void *ret;	105	const void *ret;
		106	size_t dlen;
106		107
107	ret = doHMAC (mac, xts, xts_len, skm, skm_len);	108	dlen = gcry_md_get_algo_dlen (gcry_md_get_algo (mac));
		109
		110	/* sanity check to bound stack allocation */
		111	GNUNET_assert (dlen <= 512);
		112
		113	/* From RFC 5869:
		114	* salt - optional salt value (a non-secret random value);
		115	* if not provided, it is set to a string of HashLen zeros. */
		116
		117	if (xts_len == 0)
		118	{
		119	char zero_salt[dlen];
		120	memset (zero_salt, 0, dlen);
		121	ret = doHMAC (mac, zero_salt, dlen, skm, skm_len);
		122	}
		123	else
		124	{
		125	ret = doHMAC (mac, xts, xts_len, skm, skm_len);
		126	}
108	if (ret == NULL)	127	if (ret == NULL)
109	return GNUNET_SYSERR;	128	return GNUNET_SYSERR;
110	GNUNET_memcpy (prk, ret, gcry_md_get_algo_dlen (gcry_md_get_algo (mac)));	129	GNUNET_memcpy (prk, ret, dlen);
111		130
112	return GNUNET_YES;	131	return GNUNET_YES;
113	}	132	}