Round up the size of the secret parts after splitting it in two.

[tinc] / src / openssl / prf.c

diff --git a/src/openssl/prf.c b/src/openssl/prf.c
index 2830d60..df7f445 100644 (file)
--- a/src/openssl/prf.c
+++ b/src/openssl/prf.c
@@ -22,14 +22,14 @@
 #include "digest.h"
 #include "prf.h"
 
-/* Generate key material from a master secret and a seed, based on RFC 2246.
+/* Generate key material from a master secret and a seed, based on RFC 4346 section 5.
    We use SHA512 and Whirlpool instead of MD5 and SHA1.
  */
 
 static bool prf_xor(int nid, char *secret, size_t secretlen, char *seed, size_t seedlen, char *out, ssize_t outlen) {
        digest_t digest;
        
-       if(!digest_open_by_nid(&digest, nid, 0))
+       if(!digest_open_by_nid(&digest, nid, -1))
                return false;
 
        if(!digest_set_key(&digest, secret, secretlen))
@@ -71,6 +71,6 @@ bool prf(char *secret, size_t secretlen, char *seed, size_t seedlen, char *out,
 
        memset(out, 0, outlen);
 
-       return prf_xor(NID_sha512, secret, secretlen / 2, seed, seedlen, out, outlen)
-               && prf_xor(NID_whirlpool, secret, secretlen / 2, seed, seedlen, out, outlen);
+       return prf_xor(NID_sha512, secret, (secretlen + 1) / 2, seed, seedlen, out, outlen)
+               && prf_xor(NID_whirlpool, secret + secretlen / 2, (secretlen + 1) / 2, seed, seedlen, out, outlen);
 }