fix the pbkdf2 implementation so output matches rfc 6070

author Klas Lindfors <klas@yubico.com>

Thu, 25 Oct 2012 14:00:12 +0000 (16:00 +0200)

committer Klas Lindfors <klas@yubico.com>

Thu, 25 Oct 2012 14:00:12 +0000 (16:00 +0200)
author Klas Lindfors <klas@yubico.com>
Thu, 25 Oct 2012 14:00:12 +0000 (16:00 +0200)
committer Klas Lindfors <klas@yubico.com>
Thu, 25 Oct 2012 14:00:12 +0000 (16:00 +0200)
diff --git a/ykpbkdf2.c b/ykpbkdf2.c

index 10510e8fe337fbd9c64531d96d8dd0a7a0dbbcf1..535b4147b484b26851822196fadabe3f53264dc6 100644 (file)
--- a/ykpbkdf2.c
+++ b/ykpbkdf2.c
@@ -62,10 +62,13 @@ int yk_pbkdf2(const char *passphrase,
  
         unsigned int block_count;
  
+       memset(dk, 0, dklen);
+
         for (block_count = 1; block_count <= l; block_count++) {
                 unsigned char block[256]; /* A big chunk, that's 2048 bits */
                 size_t block_len;
                 unsigned int iteration;
+               int i;
  
                 memcpy(block, salt, salt_len);
                 block[salt_len + 0] = (block_count & 0xff000000) >> 24;
@@ -80,11 +83,13 @@ int yk_pbkdf2(const char *passphrase,
                                                 block, sizeof(block)))
                                 return 0;
                         block_len = prf_method->output_size;
+                       for(i = 0; i < dklen; i++) {
+                               dk[i] ^= block[i];
+                       }
                 }
  
                 if (block_len > dklen)
                         block_len = dklen; /* This happens in the last block */
-               memcpy(dk, block, block_len);
                 dk += block_len;
                 dklen -= block_len;
         }
author	Klas Lindfors <klas@yubico.com>
	Thu, 25 Oct 2012 14:00:12 +0000 (16:00 +0200)
committer	Klas Lindfors <klas@yubico.com>
	Thu, 25 Oct 2012 14:00:12 +0000 (16:00 +0200)