In s_client.c (function psk_client_db), the "-psk" value is converted from hexadecimal to binary by converting to a BN using BN_hex2bn() [line 285] and then from BN to binary using BN_bn2bin [line 301].
This means that it is not possible to input a key where the first byte is zero. e.g. If the user specifies "-psk 00010203". BN_hex2bin converted this to 0x10203. BN_bn2Bin converted this to { 0x01, 0x02, 0x03 } where on the specified { 0x00, 0x01, 0x02, 0x03 }. The same problem seems to exist in s_server.c. This has probably not be detected in testing as given the same "-psk" values s_server and s_client produce the same key. I found this in 1.1.0-pre5. It is at least as old as 1.0.1e, and seems to date from the addition of the PSK code. -- Ian Miller Senior Software Engineer ADDER Technology Saxon Way Bar Hill Cambridge CB23 8SL United Kingdom Europe Head Office Tel: +44 (0)1954 780044 Fax: +44 (0)1954 780081 Web: www.adder.com ----------------------------------------------------------------------------------------------------------------------------------------- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify your system manager. Any views expressed in this message are those of the individual sender and not necessarily those of Adder Technology Limited. Adder Technology Limited is a company registered in England and Wales with company number 1823478 and VAT number GB 388 8704 87 and registered office address 110 Regent Road, Leicester LE1 7LT, UK. Adder Corporation is a company registered in Delaware, United States of America with a trading address of 350R Merrimac Street, Newburyport, MA 01950. ----------------------------------------------------------------------------------------------------------------------------------------- This footnote confirms that this email message has been swept for the presence of computer viruses, however, you should make no reliance upon this when opening this message or any attachments. ----------------------------------------------------------------------------------------------------------------------------------------- -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4554 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev