aboutsummaryrefslogtreecommitdiffstats
path: root/lib/crypto/c_src/crypto.c
diff options
context:
space:
mode:
authorPaul Guyot <pguyot@kallisys.net>2014-05-15 16:29:34 +0200
committerPaul Guyot <pguyot@kallisys.net>2014-05-15 16:38:12 +0200
commiteee8d83ad1766b038b16102eb2006eaa7c21b4e5 (patch)
treec8f7734ed17a3f1dab16be45c8b2215be60e897a /lib/crypto/c_src/crypto.c
parent5ade234d37600ea80dbb309f431c615937ea253d (diff)
downloadotp-eee8d83ad1766b038b16102eb2006eaa7c21b4e5.tar.gz
otp-eee8d83ad1766b038b16102eb2006eaa7c21b4e5.tar.bz2
otp-eee8d83ad1766b038b16102eb2006eaa7c21b4e5.zip
Fix bug in SRP implementation
SRP didn't work with smaller primes as user secret was improperly computed. Formula is: (B - (k * g^x)) ^ (a + (u * x)) % N Previously, the code computed a + (u * x) % N instead of a + (u * x). a typically is a 256 bits random number (RFC 5054 says it should be at least 256 bits), u and x are SHA1 signatures (160 bits). So a + (u * x) can differ from a + (u * x) % N for N primes smaller than 320 bits.
Diffstat (limited to 'lib/crypto/c_src/crypto.c')
-rw-r--r--lib/crypto/c_src/crypto.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c
index 3020cadc56..a2868850d7 100644
--- a/lib/crypto/c_src/crypto.c
+++ b/lib/crypto/c_src/crypto.c
@@ -2892,8 +2892,8 @@ static ERL_NIF_TERM srp_user_secret_nif(ErlNifEnv* env, int argc, const ERL_NIF_
/* a + (u * x) */
bn_exp2 = BN_new();
- BN_mod_mul(bn_result, bn_u, bn_exponent, bn_prime, bn_ctx);
- BN_mod_add(bn_exp2, bn_a, bn_result, bn_prime, bn_ctx);
+ BN_mul(bn_result, bn_u, bn_exponent, bn_ctx);
+ BN_add(bn_exp2, bn_a, bn_result);
/* (B - (k * g^x)) ^ (a + (u * x)) % N */
BN_mod_exp(bn_result, bn_base, bn_exp2, bn_prime, bn_ctx);