X-Git-Url: https://www.tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fopenssl%2Fprf.c;h=df7f445c4940adda32449a944009cb8febda2a85;hb=b99656d84a88dad7935d5981fcdb43a5b2bfa417;hp=2830d609a0c5cb2bba35ef3d5405f314a79a3efd;hpb=feb3f22fffa2620b9b11a509ce51ff9fa3be9418;p=tinc

diff --git a/src/openssl/prf.c b/src/openssl/prf.c
index 2830d609..df7f445c 100644
--- a/src/openssl/prf.c
+++ b/src/openssl/prf.c
@@ -22,14 +22,14 @@
 #include "digest.h"
 #include "prf.h"
 
-/* Generate key material from a master secret and a seed, based on RFC 2246.
+/* Generate key material from a master secret and a seed, based on RFC 4346 section 5.
    We use SHA512 and Whirlpool instead of MD5 and SHA1.
  */
 
 static bool prf_xor(int nid, char *secret, size_t secretlen, char *seed, size_t seedlen, char *out, ssize_t outlen) {
 	digest_t digest;
 	
-	if(!digest_open_by_nid(&digest, nid, 0))
+	if(!digest_open_by_nid(&digest, nid, -1))
 		return false;
 
 	if(!digest_set_key(&digest, secret, secretlen))
@@ -71,6 +71,6 @@ bool prf(char *secret, size_t secretlen, char *seed, size_t seedlen, char *out,
 
 	memset(out, 0, outlen);
 
-	return prf_xor(NID_sha512, secret, secretlen / 2, seed, seedlen, out, outlen)
-		&& prf_xor(NID_whirlpool, secret, secretlen / 2, seed, seedlen, out, outlen);
+	return prf_xor(NID_sha512, secret, (secretlen + 1) / 2, seed, seedlen, out, outlen)
+		&& prf_xor(NID_whirlpool, secret + secretlen / 2, (secretlen + 1) / 2, seed, seedlen, out, outlen);
 }