make sure kdf labels are always used

1 files changed, 7 insertions, 2 deletions

diff --git a/src/lib/kdf/prf_x942/prf_x942.cpp b/src/lib/kdf/prf_x942/prf_x942.cpp
index 3830c5775..206cf6ce6 100644
--- a/src/lib/kdf/prf_x942/prf_x942.cpp
+++ b/src/lib/kdf/prf_x942/prf_x942.cpp
@@ -31,15 +31,20 @@ std::vector<byte> encode_x942_int(u32bit n)
 size_t X942_PRF::kdf(byte key[], size_t key_len,
                      const byte secret[], size_t secret_len,
                      const byte salt[], size_t salt_len,
-                     const byte[], size_t) const
+                     const byte label[], size_t label_len) const
    {
    std::unique_ptr<HashFunction> hash(HashFunction::create("SHA-160"));
    const OID kek_algo(m_key_wrap_oid);
 
    secure_vector<byte> h;
+   secure_vector<byte> in;
    size_t offset = 0;
    u32bit counter = 1;
 
+   in.reserve(salt_len + label_len);
+   in += std::make_pair(label,label_len);
+   in += std::make_pair(salt,salt_len);
+
    while(offset != key_len && counter)
       {
       hash->update(secret, secret_len);
@@ -55,7 +60,7 @@ size_t X942_PRF::kdf(byte key[], size_t key_len,
             .encode_if(salt_len != 0,
                DER_Encoder()
                   .start_explicit(0)
-                     .encode(salt, salt_len, OCTET_STRING)
+                     .encode(in, OCTET_STRING)
                   .end_explicit()
                )