In s_client.c (function psk_client_db), the "-psk" value is converted
from hexadecimal to binary by converting to a BN using BN_hex2bn() [line
285] and then from BN to binary using BN_bn2bin [line 301].
This means that it is not possible to input a key where the first byte
is zero.
e.g.
If the user specifies "-psk 00010203". BN_hex2bin converted this to
0x10203. BN_bn2Bin converted this to { 0x01, 0x02, 0x03 } where
on the specified { 0x00, 0x01, 0x02, 0x03 }.
The same problem seems to exist in s_server.c. This has probably not be
detected in testing as given the same "-psk" values s_server and
s_client produce the same key.
I found this in 1.1.0-pre5. It is at least as old as 1.0.1e, and seems
to date from the addition of the PSK code.
--
Ian Miller
Senior Software Engineer
ADDER Technology
Saxon Way
Bar Hill
Cambridge
CB23 8SL
United Kingdom
Europe Head Office
Tel: +44 (0)1954 780044
Fax: +44 (0)1954 780081
Web: www.adder.com
-----------------------------------------------------------------------------------------------------------------------------------------
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify your system
manager. Any views expressed in this message are those of
the individual sender and not necessarily those of Adder Technology Limited.
Adder Technology Limited is a company registered in England and Wales with
company number 1823478 and VAT number GB 388 8704 87 and
registered office address 110 Regent Road, Leicester LE1 7LT, UK. Adder
Corporation is a company registered in Delaware, United States of
America with a trading address of 350R Merrimac Street, Newburyport, MA 01950.
-----------------------------------------------------------------------------------------------------------------------------------------
This footnote confirms that this email message has been swept for the presence
of computer viruses, however, you should make no reliance
upon this when opening this message or any attachments.
-----------------------------------------------------------------------------------------------------------------------------------------
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4554
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
