the openssl SRP implementation seems to handle salts with leading
zero-bytes incorrectly.
salts are internally passed around as BIGNUM, and converted back
to uchar* before using them. however, they are only ever needed
as uchar*: only used for SHA1-ing. so my guess is the conversion
to BIGNUM,
On Fri, May 02, 2014 at 11:41:46AM +0200, Mechiel Lukkien wrote:
thoughts? does conversion from uchar* to bignum, and back to uchar*
indeed strip leading zeroes?
i think the salt should always be passed around as just bytes. in SRP
it is never used for calculations with bignums.
after
