From a0d1056e0f1160066b13fe0c9844377e214088ea Mon Sep 17 00:00:00 2001
From: Milan Broz <gmazyland@gmail.com>
Date: Mon, 17 Aug 2009 06:28:22 +0000
Subject: [PATCH] Fix PBKDF2 speed calculation for large passhrases.

- Do not reset key each iteration.
- Fix error path.



git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@84 36d66b0a-2a48-0410-832c-cd162a569da5
---
 ChangeLog    |  3 +++
 luks/pbkdf.c | 44 ++++++++++++++++++--------------------------
 2 files changed, 21 insertions(+), 26 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index c80b288..5799f5f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,6 @@
+2009-08-17  Milan Broz  <mbroz@redhat.com>
+	* Fix PBKDF2 speed calculation for large passhrases
+
 2009-07-30  Milan Broz  <mbroz@redhat.com>
 	* Fix errors when compiled with LUKS_DEBUG.
 	* Print error when getline fails.
diff --git a/luks/pbkdf.c b/luks/pbkdf.c
index 5633cd1..9581095 100644
--- a/luks/pbkdf.c
+++ b/luks/pbkdf.c
@@ -81,18 +81,17 @@ static int pkcs5_pbkdf2(const char *hash,
 			char *DK, int perfcheck)
 {
 	gcry_md_hd_t prf;
-	gcry_error_t err;
 	char U[MAX_PRF_BLOCK_LEN];
 	char T[MAX_PRF_BLOCK_LEN];
-	int PRF;
-	unsigned int u;
-	unsigned int hLen;
-	unsigned int l;
-	unsigned int r;
-	int rc;
+	int PRF, i, k, rc = -EINVAL;
+	unsigned int u, hLen, l, r;
 	unsigned char *p;
-	int i;
-	int k;
+	size_t tmplen = Slen + 4;
+	char *tmp;
+
+	tmp = alloca(tmplen);
+	if (tmp == NULL)
+		return -ENOMEM;
 
 	if (init_crypto())
 		return -ENOSYS;
@@ -181,28 +180,19 @@ static int pkcs5_pbkdf2(const char *hash,
 	 *
 	 */
 
-	err = gcry_md_open(&prf, PRF, GCRY_MD_FLAG_HMAC);
-	if (err)
+	if(gcry_md_open(&prf, PRF, GCRY_MD_FLAG_HMAC))
 		return -EINVAL;
 
+	if (gcry_md_setkey(prf, P, Plen))
+		goto out;
+
 	for (i = 1; (uint) i <= l; i++) {
 		memset(T, 0, hLen);
 
 		for (u = 1; u <= c ; u++) {
 			gcry_md_reset(prf);
 
-			rc = gcry_md_setkey(prf, P, Plen);
-			if (rc)
-				return -EINVAL;
-
 			if (u == 1) {
-				char *tmp;
-				size_t tmplen = Slen + 4;
-
-				tmp = alloca(tmplen);
-				if (tmp == NULL)
-					return -ENOMEM;
-
 				memcpy(tmp, S, Slen);
 				tmp[Slen + 0] = (i & 0xff000000) >> 24;
 				tmp[Slen + 1] = (i & 0x00ff0000) >> 16;
@@ -216,15 +206,17 @@ static int pkcs5_pbkdf2(const char *hash,
 
 			p = gcry_md_read(prf, PRF);
 			if (p == NULL)
-				return -EINVAL;
+				goto out;
 
 			memcpy(U, p, hLen);
 
 			for (k = 0; (uint) k < hLen; k++)
 				T[k] ^= U[k];
 
-			if (perfcheck && __PBKDF2_performance)
+			if (perfcheck && __PBKDF2_performance) {
+				rc = 0;
 				goto out;
+			}
 
 			if (perfcheck)
 				__PBKDF2_global_j--;
@@ -232,10 +224,10 @@ static int pkcs5_pbkdf2(const char *hash,
 
 		memcpy(DK + (i - 1) * hLen, T, (uint) i == l ? r : hLen);
 	}
+	rc = 0;
 out:
 	gcry_md_close(prf);
-
-	return 0;
+	return rc;
 }
 
 int PBKDF2_HMAC(const char *hash,
-- 
2.7.4