[openssl-dev] [openssl.org #4525] [PATCH] SRP client key computation (PR #1017)
Léo Logeart via RT
rt at openssl.org
Mon May 2 12:33:23 UTC 2016
Hello openSSL devs,
I have found an issue in the computation of the SRP session key on the
client side.
When computing *K = (B − kg^x**)^(a+ux) mod N*, the computations in the
exponent should not be mod N. Meaning that *(a+ux)* should not go through *mod
N* . It rarely happens that *(a+ux) > N *but when it is, the key computed
on the client side is different from the server's one.
There is a pull request pending to delete the mod operation in the exponent
computation (PR #1017).
Best regards,
Leo Logeart
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4525
Please log in as guest with password guest if prompted
More information about the openssl-dev
mailing list