From: Martin Willi <martin@revosec.ch>
Date: Wed, 14 Dec 2011 16:34:57 +0000 (+0100)
Subject: Fixed IKEv1 prf+ keymat expansion beyond 320 bits
X-Git-Tag: 5.0.0~338^2~9^2~205
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7b1e15ac4e45ce4d6989f7be859f7337fa4a44ca;p=thirdparty%2Fstrongswan.git

Fixed IKEv1 prf+ keymat expansion beyond 320 bits
---

diff --git a/src/libstrongswan/crypto/prf_plus.c b/src/libstrongswan/crypto/prf_plus.c
index 29f61197de..0f06ede834 100644
--- a/src/libstrongswan/crypto/prf_plus.c
+++ b/src/libstrongswan/crypto/prf_plus.c
@@ -72,12 +72,12 @@ METHOD(prf_plus_t, get_bytes, void,
 				this->prf->get_bytes(this->prf, this->seed, NULL);
 				this->prf->get_bytes(this->prf, chunk_from_thing(this->counter),
 									 this->buffer.ptr);
+				this->counter++;
 			}
 			else
 			{
 				this->prf->get_bytes(this->prf, this->seed, this->buffer.ptr);
 			}
-			this->counter++;
 			this->used = 0;
 		}
 		round = min(length, this->buffer.len - this->used);