OpenSSL: Fix pbkdf2_sha1() wrapper

This was supposed to use the iterations parameter from the caller
instead of the hardcoded 4096. In practice, this did not have problems
for normal uses since that 4096 value was used in all cases.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
index b4c59d18053ea188d77d8e84784051abfbc0f300..69fcf9bed463a0148d8503c6473905b9d8c8a758 100644 (file)
--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
@@ -693,11 +693,11 @@ int pbkdf2_sha1(const char *passphrase, const u8 *ssid, size_t ssid_len,
 #if OPENSSL_VERSION_NUMBER < 0x00908000
        if (PKCS5_PBKDF2_HMAC_SHA1(passphrase, os_strlen(passphrase),
                                   (unsigned char *) ssid,
-                                  ssid_len, 4096, buflen, buf) != 1)
+                                  ssid_len, iterations, buflen, buf) != 1)
                return -1;
 #else /* openssl < 0.9.8 */
        if (PKCS5_PBKDF2_HMAC_SHA1(passphrase, os_strlen(passphrase), ssid,
-                                  ssid_len, 4096, buflen, buf) != 1)
+                                  ssid_len, iterations, buflen, buf) != 1)
                return -1;
 #endif /* openssl < 0.9.8 */
        return 0;