[gnutls-dev] Small bug in SRP

Casey Marshall rsdio@metastatic.org
Tue Sep 30 13:51:01 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi.

I think, from what I know of SRP, that the function _gnutls_calc_srp_u
should return an MPI of the hash result, which is in the variable `hd',
not `holder'. Patch is:
 
////
Index: libextra/gnutls_srp.c
===================================================================
RCS file: /cvs/gnutls/gnutls/libextra/gnutls_srp.c,v
retrieving revision 1.31
diff -u -r1.31 gnutls_srp.c
- --- libextra/gnutls_srp.c	8 May 2003 20:03:33 -0000	1.31
+++ libextra/gnutls_srp.c	21 Sep 2003 18:02:15 -0000
@@ -137,7 +137,7 @@
 {
 	size_t b_size, a_size;
 	opaque *holder, hd[MAX_HASH_SIZE];
- -	size_t holder_size;
+	size_t holder_size, hash_size;
 	GNUTLS_HASH_HANDLE td;
 	int ret;
 	GNUTLS_MPI res;
@@ -159,12 +159,13 @@
 		gnutls_assert();
 		return NULL;
 	}
+	hash_size = _gnutls_hash_get_algo_len(td->algorithm);
 	_gnutls_hash(td, holder, holder_size);
 	_gnutls_hash_deinit(td, hd);
 	
 	/* convert the first 4 bytes of hd to uint32
 	 */
- -	ret = _gnutls_mpi_scan( &res, holder, &holder_size);
+	ret = _gnutls_mpi_scan( &res, hd, &hash_size);
 	gnutls_afree(holder);
 
 	if (ret < 0) {
////

With this patch my own in-progress Java implementation of TLS can
negotiate an SRP secret properly with a GnuTLS client. So maybe,
perhaps, possibly, this is the right way to do it (the Internet Draft
being light on details).

(Incidentally, the example SRP parameter files do not seem to contain a
prime modulus, which the implementation of SRP I am using rejects.)

Cheers,

- -- 
Casey Marshall || rsdio@metastatic.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE/bepygAuWMgRGsWsRAnRsAJ93xXaUvYPSXcu7t9ovAoftJQhPwgCfeUT9
xXF0JEE6wiE1a/NWdfeiNYs=
=9bpC
-----END PGP SIGNATURE-----