Commit ad10153 crypto: Make one condition more defensive in NSS version of sss_hmac_sha1()

1 file Authored by jhrozek 4 days ago , Committed by fidencio 4 days ago ,
crypto: Make one condition more defensive in NSS version of sss_hmac_sha1()

This makes the code more robust in case the if-block is moved to some
other place without the 'if (key_len > HMAC_SHA1_BLOCKSIZE)' check
before.

Reviewed-by: Sumit Bose <sbose@redhat.com>

    
1 @@ -63,7 +63,7 @@
2       } else {
3           /* keys shorter than blocksize are zero-padded */
4           memcpy(ikey, key, key_len);
5 -         if (key_len != HMAC_SHA1_BLOCKSIZE) {
6 +         if (key_len < HMAC_SHA1_BLOCKSIZE) {
7               memset(ikey + key_len, 0, HMAC_SHA1_BLOCKSIZE - key_len);
8           }
9       }