From: Klas Lindfors Date: Thu, 25 Oct 2012 14:00:12 +0000 (+0200) Subject: fix the pbkdf2 implementation so output matches rfc 6070 X-Git-Tag: v1.9.0~10 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8ed61075d7eb9a2f056ea51f450cf14a63656bd4;p=yubikey-personalization fix the pbkdf2 implementation so output matches rfc 6070 --- diff --git a/ykpbkdf2.c b/ykpbkdf2.c index 10510e8..535b414 100644 --- a/ykpbkdf2.c +++ b/ykpbkdf2.c @@ -62,10 +62,13 @@ int yk_pbkdf2(const char *passphrase, unsigned int block_count; + memset(dk, 0, dklen); + for (block_count = 1; block_count <= l; block_count++) { unsigned char block[256]; /* A big chunk, that's 2048 bits */ size_t block_len; unsigned int iteration; + int i; memcpy(block, salt, salt_len); block[salt_len + 0] = (block_count & 0xff000000) >> 24; @@ -80,11 +83,13 @@ int yk_pbkdf2(const char *passphrase, block, sizeof(block))) return 0; block_len = prf_method->output_size; + for(i = 0; i < dklen; i++) { + dk[i] ^= block[i]; + } } if (block_len > dklen) block_len = dklen; /* This happens in the last block */ - memcpy(dk, block, block_len); dk += block_len; dklen -= block_len; }