diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2016-06-08 19:01:42 +0100 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2016-06-12 19:44:17 +0100 |
| commit | 6ec6d5207187dbc1dbd971bd50ea17c9a94906d0 (patch) | |
| tree | 95696a2598fcfb82109787255720623b9cdd44ce /apps/s_server.c | |
| parent | a3ef2c16792ccbf65ef9861e0df6e7c277bcf770 (diff) | |
| download | openssl-6ec6d5207187dbc1dbd971bd50ea17c9a94906d0.zip openssl-6ec6d5207187dbc1dbd971bd50ea17c9a94906d0.tar.gz openssl-6ec6d5207187dbc1dbd971bd50ea17c9a94906d0.tar.bz2 | |
Don't skip leading zeroes in PSK keys.
Don't use BN_hex2bn() for PSK key conversion as the conversion to
BN and back removes leading zeroes, use OPENSSL_hexstr2buf() instead.
RT#4554
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'apps/s_server.c')
| -rw-r--r-- | apps/s_server.c | 32 |
1 files changed, 13 insertions, 19 deletions
diff --git a/apps/s_server.c b/apps/s_server.c index dce02f0..9188ecf 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -166,9 +166,8 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity, unsigned char *psk, unsigned int max_psk_len) { - unsigned int psk_len = 0; - int ret; - BIGNUM *bn = NULL; + long key_len = 0; + unsigned char *key; if (s_debug) BIO_printf(bio_s_out, "psk_server_cb\n"); @@ -190,31 +189,26 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity, BIO_printf(bio_s_out, "PSK client identity found\n"); /* convert the PSK key to binary */ - ret = BN_hex2bn(&bn, psk_key); - if (!ret) { - BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n", + key = OPENSSL_hexstr2buf(psk_key, &key_len); + if (key == NULL) { + BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n", psk_key); - BN_free(bn); return 0; } - if (BN_num_bytes(bn) > (int)max_psk_len) { + if (key_len > (int)max_psk_len) { BIO_printf(bio_err, - "psk buffer of callback is too small (%d) for key (%d)\n", - max_psk_len, BN_num_bytes(bn)); - BN_free(bn); + "psk buffer of callback is too small (%d) for key (%ld)\n", + max_psk_len, key_len); + OPENSSL_free(key); return 0; } - ret = BN_bn2bin(bn, psk); - BN_free(bn); - - if (ret < 0) - goto out_err; - psk_len = (unsigned int)ret; + memcpy(psk, key, key_len); + OPENSSL_free(key); if (s_debug) - BIO_printf(bio_s_out, "fetched PSK len=%d\n", psk_len); - return psk_len; + BIO_printf(bio_s_out, "fetched PSK len=%ld\n", key_len); + return key_len; out_err: if (s_debug) BIO_printf(bio_err, "Error in PSK server callback\n"); |