X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fgcrypt%2Fprf.c;h=d11ef777ed585eec5c57394e6f389f2a052fc06c;hb=a0fbaf0889fda3788943baec80671ecc870a2925;hp=1e5bb9f9f5d223f242bc8e80aa1612c56da4aff7;hpb=d93d4f9dbd09bc5e53a9b5eeb1cc94939fee32bc;p=tinc

diff --git a/src/gcrypt/prf.c b/src/gcrypt/prf.c
index 1e5bb9f9..d11ef777 100644
--- a/src/gcrypt/prf.c
+++ b/src/gcrypt/prf.c
@@ -32,7 +32,9 @@ static const size_t mdlen = 64;
 static const size_t blklen = 128;
 
 static bool hmac_sha512(const uint8_t *key, size_t keylen, const uint8_t *msg, size_t msglen, uint8_t *out) {
-	uint8_t tmp[blklen + mdlen];
+	const size_t tmplen = blklen + mdlen;
+	uint8_t *tmp = alloca(tmplen);
+
 	sha512_context md;
 
 	if(keylen <= blklen) {
@@ -69,7 +71,7 @@ static bool hmac_sha512(const uint8_t *key, size_t keylen, const uint8_t *msg, s
 	// opad
 	memxor(tmp, 0x36 ^ 0x5c, blklen);
 
-	if(sha512(tmp, sizeof(tmp), out) != 0) {
+	if(sha512(tmp, tmplen, out) != 0) {
 		return false;
 	}
 
@@ -86,28 +88,30 @@ bool prf(const uint8_t *secret, size_t secretlen, uint8_t *seed, size_t seedlen,
 	   It consists of the previous HMAC result plus the seed.
 	 */
 
-	uint8_t data[mdlen + seedlen];
+	const size_t datalen = mdlen + seedlen;
+	uint8_t *data = alloca(datalen);
+
 	memset(data, 0, mdlen);
 	memcpy(data + mdlen, seed, seedlen);
 
-	uint8_t hash[mdlen];
+	uint8_t *hash = alloca(mdlen);
 
 	while(outlen > 0) {
 		/* Inner HMAC */
-		if(!hmac_sha512(secret, secretlen, data, sizeof(data), data)) {
+		if(!hmac_sha512(secret, secretlen, data, datalen, data)) {
 			return false;
 		}
 
 		/* Outer HMAC */
 		if(outlen >= mdlen) {
-			if(!hmac_sha512(secret, secretlen, data, sizeof(data), out)) {
+			if(!hmac_sha512(secret, secretlen, data, datalen, out)) {
 				return false;
 			}
 
 			out += mdlen;
 			outlen -= mdlen;
 		} else {
-			if(!hmac_sha512(secret, secretlen, data, sizeof(data), hash)) {
+			if(!hmac_sha512(secret, secretlen, data, datalen, hash)) {
 				return false;
 			}