- Fixed a potential loop bug

commit: 23fd5ea667fe75a09bc827a0a8a0278009a88e7b [log] [tgz]
author: Paul Bakker <p.j.bakker@polarssl.org> Tue Nov 29 15:56:12 2011 +0000
committer: Paul Bakker <p.j.bakker@polarssl.org> Tue Nov 29 15:56:12 2011 +0000
tree: f995d7e566e7ffcf8653fd7da9f996a3589c99d8
parent: 02faf45d8bbebcf38673826bae2eda66b58ca186 [diff]
diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c
index cc295c7..d607703 100644
--- a/library/ctr_drbg.c
+++ b/library/ctr_drbg.c

@@ -253,6 +253,7 @@
     unsigned char *p = output;
     unsigned char tmp[CTR_DRBG_BLOCKSIZE];
     int cb, i;
+    size_t use_len;
 
     if( output_len > CTR_DRBG_MAX_REQUEST )
         return( POLARSSL_ERR_CTR_DRBG_REQUEST_TOO_BIG );
@@ -293,12 +294,13 @@
          */
         aes_crypt_ecb( &ctx->aes_ctx, AES_ENCRYPT, ctx->counter, tmp );
 
+        use_len = (output_len > CTR_DRBG_BLOCKSIZE ) ? CTR_DRBG_BLOCKSIZE : output_len;
         /*
          * Copy random block to destination
          */
-        memcpy( p, tmp, (output_len > CTR_DRBG_BLOCKSIZE ) ? CTR_DRBG_BLOCKSIZE : output_len );
-        p += CTR_DRBG_BLOCKSIZE;
-        output_len -= CTR_DRBG_BLOCKSIZE;
+        memcpy( p, tmp, use_len );
+        p += use_len;
+        output_len -= use_len;
     }
 
     ctr_drbg_update( ctx, add_input );
commit	23fd5ea667fe75a09bc827a0a8a0278009a88e7b	[log] [tgz]
author	Paul Bakker <p.j.bakker@polarssl.org>	Tue Nov 29 15:56:12 2011 +0000
committer	Paul Bakker <p.j.bakker@polarssl.org>	Tue Nov 29 15:56:12 2011 +0000
tree	f995d7e566e7ffcf8653fd7da9f996a3589c99d8
parent	02faf45d8bbebcf38673826bae2eda66b58ca186 [diff]