From 8ed61075d7eb9a2f056ea51f450cf14a63656bd4 Mon Sep 17 00:00:00 2001 From: Klas Lindfors Date: Thu, 25 Oct 2012 16:00:12 +0200 Subject: [PATCH] fix the pbkdf2 implementation so output matches rfc 6070 --- ykpbkdf2.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/ykpbkdf2.c b/ykpbkdf2.c index 10510e8..535b414 100644 --- a/ykpbkdf2.c +++ b/ykpbkdf2.c @@ -62,10 +62,13 @@ int yk_pbkdf2(const char *passphrase, unsigned int block_count; + memset(dk, 0, dklen); + for (block_count = 1; block_count <= l; block_count++) { unsigned char block[256]; /* A big chunk, that's 2048 bits */ size_t block_len; unsigned int iteration; + int i; memcpy(block, salt, salt_len); block[salt_len + 0] = (block_count & 0xff000000) >> 24; @@ -80,11 +83,13 @@ int yk_pbkdf2(const char *passphrase, block, sizeof(block))) return 0; block_len = prf_method->output_size; + for(i = 0; i < dklen; i++) { + dk[i] ^= block[i]; + } } if (block_len > dklen) block_len = dklen; /* This happens in the last block */ - memcpy(dk, block, block_len); dk += block_len; dklen -= block_len; } -- 2.39.5