core: Fix array overrunning during FIPS keys generation

p is 20 and r is 1 in the last iteration of fips_expand_key_bits,
which means that buf[21] is read (of BYTE buf[21];). However,
the value is not needed, because it is consequently discarded by
"c & 0xfe" statement. Let's do not read buf[p + 1] when r is 1
to avoid this.
This commit is contained in:
Ondrej Holy 2017-12-19 10:21:03 +01:00
parent 2b320ea0fc
commit 0389cb129e

View File

@ -524,9 +524,9 @@ static void fips_expand_key_bits(BYTE* in, BYTE* out)
p = b / 8;
r = b % 8;
if (r == 0)
if (r <= 1)
{
out[i] = buf[p] & 0xfe;
out[i] = (buf[p] << r) & 0xfe;
}
else
{