From 3ab121a6034aa36a895e1bbb5daab7a27d8b14c3 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 2 Apr 2020 19:51:05 +0200
Subject: [PATCH] hkdf_expand: explicitly initialize t

t is never used uninitialized, since the first loop iteration reads 0
bytes of it and then writes hash_len bytes, and subsequent iterations
read and write hash_len bytes. However this is somewhat fragile, and
it would be legitimate for a static analyzer to be unsure.

Initialize t explicitly, to make the code clearer and more robust, at
negligible cost.

Reported by Vasily Evseenko in
https://github.com/ARMmbed/mbedtls/pull/2942
with a slightly different fix.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/hkdf.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/library/hkdf.c b/library/hkdf.c
index 3b9942c000..82df597a4c 100644
--- a/library/hkdf.c
+++ b/library/hkdf.c
@@ -136,6 +136,8 @@ int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk,
         goto exit;
     }
 
+    memset( t, 0, hash_len );
+
     /*
      * Compute T = T(1) | T(2) | T(3) | ... | T(N)
      * Where T(N) is defined in RFC 5869 Section 2.3