From a90c7d91a0e57f3a6d93549dab9f7f86a7349051 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Mon, 5 Jan 2015 17:27:08 +0200
Subject: [PATCH] OpenSSL: Fix pbkdf2_sha1() wrapper

This was supposed to use the iterations parameter from the caller
instead of the hardcoded 4096. In practice, this did not have problems
for normal uses since that 4096 value was used in all cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
---
 src/crypto/crypto_openssl.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
index b4c59d180..69fcf9bed 100644
--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
@@ -693,11 +693,11 @@ int pbkdf2_sha1(const char *passphrase, const u8 *ssid, size_t ssid_len,
 #if OPENSSL_VERSION_NUMBER < 0x00908000
 	if (PKCS5_PBKDF2_HMAC_SHA1(passphrase, os_strlen(passphrase),
 				   (unsigned char *) ssid,
-				   ssid_len, 4096, buflen, buf) != 1)
+				   ssid_len, iterations, buflen, buf) != 1)
 		return -1;
 #else /* openssl < 0.9.8 */
 	if (PKCS5_PBKDF2_HMAC_SHA1(passphrase, os_strlen(passphrase), ssid,
-				   ssid_len, 4096, buflen, buf) != 1)
+				   ssid_len, iterations, buflen, buf) != 1)
 		return -1;
 #endif /* openssl < 0.9.8 */
 	return 0;