1 files changed, 39 insertions, 0 deletions

diff --git a/libextra/auth_srp.c b/libextra/auth_srp.c
index d0e55d668a..52e554836f 100644
--- a/libextra/auth_srp.c
+++ b/libextra/auth_srp.c
@@ -67,6 +67,9 @@ const MOD_AUTH_STRUCT srp_auth_struct = {
 #define V session->key->x
 #define S session->key->KEY
 
+inline
+static int check_a_mod_n( GNUTLS_MPI a, GNUTLS_MPI n);
+
 /* Send the first key exchange message ( g, n, s) and append the verifier algorithm number 
  * Data is allocated by the caller, and should have data_size size.
  */
@@ -294,6 +297,14 @@ int _gnutls_proc_srp_client_kx(gnutls_session session, opaque * data, size_t _da
 		gnutls_assert();
 		return GNUTLS_E_MPI_SCAN_FAILED;
 	}
+	
+	/* Checks if A % n == 0 or
+	 * A % n == +-1.
+	 */
+	if ( (ret = check_a_mod_n( A, N)) < 0) {
+		gnutls_assert();
+		return ret;
+	}
 
 	_gnutls_dump_mpi( "SRP A: ", A);
 	_gnutls_dump_mpi( "SRP B: ", B);
@@ -359,6 +370,34 @@ GNUTLS_MPI r = _gnutls_mpi_alloc_like(b);
 	return 0;
 }
 
+/* Checks if a%n==0,+1,-1%n which is a fatal srp error.
+ * Returns a proper error code in that case, and 0 when
+ * all are ok.
+ */
+inline
+static int check_a_mod_n( GNUTLS_MPI a, GNUTLS_MPI n)
+{
+int ret;
+GNUTLS_MPI r = _gnutls_mpi_alloc_like(a);
+
+	_gnutls_mpi_mod( r, a, n);
+	ret = _gnutls_mpi_cmp_ui(r, 0);
+	if (ret != 0) ret = _gnutls_mpi_cmp_ui(r, 1);
+	if (ret != 0) {
+		_gnutls_mpi_sub_ui( r, n, 1);
+		ret = _gnutls_mpi_cmp(a, r);
+	}
+	
+	_gnutls_mpi_release( &r);
+
+	if (ret == 0) {
+		gnutls_assert();
+		return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+	}
+	
+	return 0;
+}
+
 /* Static parameters according to draft-ietf-tls-srp-05
  */
 static const unsigned char srp_params_1024[] = {